diff mbox series

[09/20] suricata: Start the new watcher in the background

Message ID	20240910143748.3469271-10-michael.tremer@ipfire.org
State	New
Headers	From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH 09/20] suricata: Start the new watcher in the background Date: Tue, 10 Sep 2024 14:37:22 +0000 Message-Id: <20240910143748.3469271-10-michael.tremer@ipfire.org> In-Reply-To: <20240910143748.3469271-1-michael.tremer@ipfire.org> References: <20240910143748.3469271-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: QTU3MK6ELZFHDB662AZWNBALUNBWNNM5 CC: Michael Tremer <michael.tremer@ipfire.org> Precedence: list Archived-At: <https://lists.ipfire.org/hyperkitty/list/development@lists.ipfire.org/message/QTU3MK6ELZFHDB662AZWNBALUNBWNNM5/>
Series	[01/20] suricata: Move the IPS into the mangle table \| [01/20] suricata: Move the IPS into the mangle table [02/20] initscripts: Fix bash function definitions in suricata [03/20] suricata: Use getconf to determine the number of processors [04/20] suricata: Remove some unused constants [05/20] suricata: Add whitelist to iptables [06/20] suricata: Replace removed CPU count function [07/20] suricata: Be more efficient with marks [08/20] suricata: Add a watcher to restart on unexpected termination [09/20] suricata: Start the new watcher in the background [10/20] suricata: Restore the interface selection [11/20] suricata: Remove superfluous bits from the initscript [12/20] suricata: Don't load /var/ipfire/ethernet/settings [13/20] suricata: Add option to scan WireGuard [14/20] suricata: Fix broken spacing in the settings section [15/20] ids.cgi: Use new style tables for rulesets [16/20] ids.cgi: Use new-style table for whitelist entries [17/20] ids.cgi: Sort whitelist entries [18/20] ids.cgi: Remove box from the top section [19/20] ids.cgi: Fix detection for the Suricata process [20/20] firewall: Move the IPS after the NAT marking

Commit Message

Michael Tremer Sept. 10, 2024, 2:37 p.m. UTC

  Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/initscripts/system/suricata | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff mbox series

Patch

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
index 40bd69c87..455715d1b 100644
--- a/src/initscripts/system/suricata
+++ b/src/initscripts/system/suricata
@@ -43,9 +43,6 @@  NFQ_OPTS=(
 	"--queue-bypass"
 )
 
-# PID file of suricata.
-PID_FILE="/var/run/suricata.pid"
-
 # Function to flush the firewall chains.
 flush_fw_chain() {
 	iptables -w -t mangle -F IPS
@@ -123,8 +120,7 @@  case "$1" in
 		if [ "$ENABLE_IDS" == "on" ]; then
 			# Start the IDS.
 			boot_mesg "Starting Intrusion Detection System..."
-			/usr/bin/suricata-watcher -c /etc/suricata/suricata.yaml $NFQUEUES
-			evaluate_retval
+			loadproc -b /usr/bin/suricata-watcher -c /etc/suricata/suricata.yaml $NFQUEUES
 
 			# Flush the firewall chain
 			flush_fw_chain