In the latest Bro port for 2.4.1, a basic RC script is missing to allow for users to startup bro with the init system on system boot. I have a script I have used for a while now, it utilizes the new features in Bro (such as broctl deploy) to handle starting up and shutdown. Status is tricky, as you use broctl for status. #!/bin/sh # # PROVIDE: bro # REQUIRE: NETWORKING # REQUIRE: LOGIN # KEYWORD: shutdown # . /etc/rc.subr name="bro" rcvar=`set_rcvar` load_rc_config $name start_cmd="bro_start" stop_cmd="bro_stop" restart_cmd="bro_restart" : ${broctl_program:=/usr/local/bin/broctl} bro_enable=${bro_enable-"NO"} bro_start() { $broctl_program deploy } bro_stop() { $broctl_program stop } bro_restart() { bro_stop bro_start } run_rc_command "$1"
I'm working on security/bro to 2.5; is your rc.d still a reasonable starting point?
I added the "bro_program" variable for "service bro status" which seems to work with 2.5 on FreeBSD 11/12 So as a starting point, this gives a start, stop and status command via the new features in Bro. #!/bin/sh # # PROVIDE: bro # REQUIRE: NETWORKING # REQUIRE: LOGIN # KEYWORD: shutdown # PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin: . /etc/rc.subr name="bro" rcvar=`set_rcvar` load_rc_config $name start_cmd="bro_start" stop_cmd="bro_stop" restart_cmd="bro_restart" : ${broctl_program:=/usr/local/bin/broctl} : ${bro_program:=/usr/local/bin/bro} bro_enable=${bro_enable-"NO"} bro_start() { $broctl_program deploy } bro_stop() { $broctl_program stop } bro_restart() { bro_stop bro_start } run_rc_command "$1"
Actually, this is a better starting point. I was having some issues with broctl deploy on my slower systems, so this works correctly with broctl This rc script implements cleanup, install and status that works with broctl. #!/bin/sh # # $FreeBSD$ # # PROVIDE: bro # REQUIRE: NETWORKING # REQUIRE: LOGIN FILESYSTEMS # KEYWORD: shutdown . /etc/rc.subr name="bro" rcvar=`set_rcvar` start_cmd="bro_start" stop_cmd="bro_stop" restart_cmd="bro_restart" deploy_cmd="bro_deploy" install_cmd="bro_install" cleanup_cmd="bro_cleanup" restart_cmd="bro_restart" status_cmd="bro_status" extra_commands="deploy install cleanup status restart" : ${broctl_program:=/usr/local/bin/broctl} bro_enable=${bro_enable-"NO"} bro_start() { $broctl_program start } bro_stop() { $broctl_program stop } bro_restart() { local node = $1 if [ "$node" ]; then $broctl_program restart ${node} else $broctl_program restart fi } bro_deploy() { $broctl_program deploy } bro_install() { $broctl_program install } bro_cleanup() { local node = $1 if [ "$node" ]; then $broctl_program cleanup ${node} else $broctl_program cleanup fi } bro_status() { $broctl_program status } load_rc_config $name run_rc_command "$1"
Created attachment 179460 [details] bro rc
Attached a better update, this will work pretty good with the basic functions of broctl, and I know there is a better way to handle input from the cli for specific nodes.
Note that this PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=217656 [PATCH] security/bro: Update to 2.5, unbreak build with BROKER, add rc.d script resolves this one. (Thanks for the script!)
I believe this is fixed now. Closing, please reopen if not.