Hi Peter,
thanks for your detailed report. It's really appreciated from the
maintainer point of view.
UNIX socket
===========
Regarding the UNIX socket path, I would like to note that the default
in debian is (should be):
* /var/run/suricata-command.socket
Therefore, your issues with suricata looking for
/var/run/suricata/suricata-command.socket are perhaps
related to a previous version of suricata?
I just tested with suricata 3.1.2-2~bpo8+1 in a jessie system and with
3.1.2-2 in a sid system
and suricatasc works out of the box.
Are you sure the reason of your failures are the wrong socket path?
I don't know why your suricata looks for the socket in another place.
oinkmaster
==========
Yes, the updater script looks for the socket in the default path, which is:
* /var/run/suricata-command.socket
I've not tested to run suricata with a different user apart of the
default, which is root.
ExecReload suricatasc
=====================
Again, it seems is the same issue with the socket path.
/etc/default/suricata
=====================
The /etc/default/suricata file is for running suricata with sysvinit.
If you use systemd then this file is ignored with the debian default
configuration for suricata.
$PID instead of $MAINPID
========================
I just tested this here and I see no issues. The systemd.service(5)
manpage refers to $MAINPID
Could you please give more info?
Here is an example of my debian jessie system:
$ sudo systemctl reload suricata
$ sudo systemctl status suricata
* suricata.service - Suricata IDS/IDP daemon
Loaded: loaded (/lib/systemd/system/suricata.service; disabled)
Active: active (running) since Thu 2016-09-29 16:06:05 CEST; 12min ago
Docs: man:suricata(8)
man:suricatasc(8)
https://redmine.openinfosecfoundation.org/projects/suricata/wiki
Process: 26052 ExecReload=/bin/kill -HUP $MAINPID (code=exited,
status=0/SUCCESS)
Process: 26050 ExecReload=/usr/bin/suricatasc -c reload-rules
(code=exited, status=0/SUCCESS)
Main PID: 25443 (Suricata-Main)
CGroup: /system.slice/suricata.service
`-25443 /usr/bin/suricata -D --af-packet -c
/etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid
Sep 29 16:06:05 debsolid suricata[25442]: 29/9/2016 -- 16:06:05 -
<Notice> - This is Suricata version 3.1.2 RELEASE
Sep 29 16:18:39 debsolid systemd[1]: Reloading Suricata IDS/IDP daemon.
Sep 29 16:18:39 debsolid suricatasc[25946]: {"message": "done", "return": "OK"}
Sep 29 16:18:39 debsolid systemd[1]: Reloaded Suricata IDS/IDP daemon.
[...]
As you can see, both kill and suricatasc works. This is a debian
jessie box with the suricata from backports fresh-installed.
--
Arturo Borrero González
