systemctl使用

要把启动snort放到开机启动项,则可以使用systemctl
参考:
https://linux.cn/article-5926-1.html

# 先编辑具体service的内容
sudo vi /lib/systemd/system/snort.service

其中得有一行用来指定具体的行为。

[Service]
Type=simple
ExecStart=/usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0

然后

sudo systemctl enable snort
sudo systemctl start snort

同样的barnyard2的开机启动项也是一样。

# 先编辑具体service的内容
sudo vi /lib/systemd/system/barnyard2.service
[Service]
Type=simple
ExecStart=/usr/local/bin/barnyard2 -c /etc/snort/barnyard2.conf -d /var/log/snort -f snort.u2 -q -w /var/log/snort/barnyard2.waldo -g snort -u snort -D -a /var/log/snort/archived_logs

然后

# 系统启动时自动禁止服务
sudo systemctl disable barnyard2
# 系统启动时自动启动服务
sudo systemctl enable barnyard2
sudo systemctl start barnyard2

分析启动时各个进程花费的时间

cqq@snort-ids  ~  systemd-analyze blame
         10.069s networking.service
          4.491s mysql.service
          2.751s [email protected]
          1.871s dev-mmcblk0p2.device
          1.331s ModemManager.service
          ...
            42ms usr-local.mount
             8ms snorby_worker.service

检查某个单元(如 cron.service)是否启用

 ✘ cqq@snort-ids  ~  systemctl is-enabled mysql.service                                                                         [16:51:50]
mysql.service is not a native service, redirecting to systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install is-enabled mysql
disabled
 ✘ cqq@snort-ids  ~  systemctl is-enabled snorby_worker.service                                                                 [16:52:09]
enabled

检查某个单元或服务是否运行

 cqq@snort-ids  ~  systemctl status snort                                                                                       [16:43:49]
● snort.service - Snort NIDS Daemon
   Loaded: loaded (/lib/systemd/system/snort.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-04-21 18:55:57 CST; 1 day 21h ago
 Main PID: 417 (snort)
   CGroup: /system.slice/snort.service
           └─417 /usr/local/bin/snort -q -u snort -g snort -c /etc/snort/snort.conf -i eth0

你可能感兴趣的:(安全)