[Oisf-users] SIGHUP handler?

Victor Julien lists at inliniac.net
Sun Jul 28 19:13:11 UTC 2013 

On 07/22/2013 10:24 AM, Victor Julien wrote:
> (Keeping this on the list.)
> 
> On 07/20/2013 10:49 AM, Darren Spruell wrote:
>> On Fri, Jul 19, 2013 at 3:26 AM, Victor Julien <lists at inliniac.net
>> <mailto:lists at inliniac.net>> wrote:
>>
>>     On 07/19/2013 08:33 AM, Darren Spruell wrote:
>>     > Hi,
>>     >
>>     > Suricata 1.4.1 RELEASE
>>     > OpenBSD 5.3 i386
>>     >
>>     > Picked up on live rule reloads with USR2 signal. Wondered if Suricata
>>     > currently supports any kind of restart/reload behavior with HUP?
>>     If I'm
>>     > not mistaken, sending SIGHUP on my system causes daemon to exit
>>     silently
>>     > (no output to logs, process goes away).
>>     >
>>     > I'm chewing on handling of reload action in OpenBSD's rc.d(8) daemon
>>     > control scripts. The system assumes that daemons either handle a
>>     reload
>>     > action when they receive a SIGHUP (i.e. reload config) or have the
>>     > reload action disabled if SIGHUP is not used for reload (i.e.
>>     > daemon_reload=NO). Would handling HUP to reload config and ruleset be
>>     > sensible in Suricata as with some other programs?
>>
>>     Sounds like you're hitting a bug. Can you upgrade to 1.4.4 and check if
>>     it still happens there?
>>
>>
>> Upgraded to 1.4.4 release and appears to be same behavior.
>>
>> OpenBSD 5.3 i386
>> Suricata 1.4.4 RELEASE
>>  ./configure --sysconfdir=/etc --localstatedir=/var --enable-gccprotect
>> make
>> make install
>> make install-full
>>
>> $ ps auxwww |grep suri
>> root     31100  6.0  3.5 53960 27592 ??  Rs     1:33AM    0:17.76
>> /usr/local/bin/suricata -c /etc/suricata/suricata.yaml -i trunk0 -D
>> dspruell 17659  0.0  0.1   268   764 p1  S+     1:37AM    0:00.01 grep suri
>> root     10310  0.0  0.3  1080  2236 p7  T      1:14AM    0:01.09 vi
>> /etc/suricata/suricata.yaml
>> dspruell 10532  0.0  0.1   320   772 p7  I+     1:35AM    0:00.01 grep
>> suricata
>> $ sudo kill -HUP 31100
>> $ ps auxwww |grep suri
>> root     10310  0.0  0.3  1080  2236 p7  T      1:14AM    0:01.09 vi
>> /etc/suricata/suricata.yaml
>> dspruell 10532  0.0  0.1   320   772 p7  I+     1:35AM    0:00.01 grep
>> suricata
>>
>> No output to log (syslog) observed when this occurs. However the console
>> output shows a 'Hangup' and the program exits with status code 129.
>>
>> # When SIGUSR2 sent:
>> 20/7/2013 -- 01:43:40 - <Info> - Live rule reload not enabled in config.
>> # When SIGHUP sent:
>> Hangup
>>
>> $ echo $?
>> 129
>>
> 
> It actually looks like we don't handle HUP at all. The HUP signal
> handler code is commented out.
> 

Opened https://redmine.openinfosecfoundation.org/issues/911

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list