2

So I am trying to start a service on systemd enabled system. Name of service is ossec-hids-authd which is the authentication engine(agents) in ossec(Intrusion Detection Software). When I go and start the init script then systemctl times out and on getting the status I am seeing this error.

/etc/init.d/ossec-hids-authd status
● ossec-hids-authd.service - LSB: Authentication Daemon for OSSEC-HIDS.
   Loaded: loaded (/etc/rc.d/init.d/ossec-hids-authd; bad; vendor preset: disabled)
   Active: failed (Result: timeout) since Thu 2018-02-22 07:34:28 UTC; 11min ago
     Docs: man:systemd-sysv-generator(8)

Feb 22 07:24:11 ip-10-0-197-117.ec2.internal systemd[1]: Starting LSB: Authentication Daemon for OSSEC-HIDS....
Feb 22 07:24:11 ip-10-0-197-117.ec2.internal ossec-hids-authd[21142]: [39B blob data]
Feb 22 07:24:11 ip-10-0-197-117.ec2.internal systemd[1]: PID file /var/run/ossec-authd.pid not readable (yet?) after start.
Feb 22 07:24:11 ip-10-0-197-117.ec2.internal ossec-hids-authd[21142]: 2018/02/22 07:24:11 ossec-authd: INFO: Started (pid: 21148).
Feb 22 07:34:28 ip-10-0-197-117.ec2.internal systemd[1]: ossec-hids-authd.service start operation timed out. Terminating.
Feb 22 07:34:28 ip-10-0-197-117.ec2.internal systemd[1]: Failed to start LSB: Authentication Daemon for OSSEC-HIDS..
Feb 22 07:34:28 ip-10-0-197-117.ec2.internal systemd[1]: Unit ossec-hids-authd.service entered failed state.
Feb 22 07:34:28 ip-10-0-197-117.ec2.internal systemd[1]: ossec-hids-authd.service failed.
Feb 22 07:40:20 ip-10-0-197-117.ec2.internal ossec-hids-authd[21142]: 2018/02/22 07:40:20 ossec-authd(1225): INFO: SIGNAL [(15)-(Terminated)] Received. Exit Cleaning...

Now in the init script this process is actually making pid file in /var/ossec/var/run instead of /var/run and I checked pid file is actually created there. But somehow systemctl is failing to recognize it.

Is it possible that systemd does not recognize pid files created outside of /var/run and if such is the case how to do that?

Below is the init script 

#!/bin/sh
#
# ossec-authd  Start the OSSEC-HIDS Authentication Daemon
#
# chkconfig: 2345 99 01
# description: Provides key signing for OSSEC Clients
# processname: ossec-authd
# config: /var/ossec/etc/ossec.conf
# pidfile: /var/run/ossec-authd.pid
### BEGIN INIT INFO
# Provides:          ossec-authd
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Authentication Daemon for OSSEC-HIDS.
# Description:       Provides key signing for OSSEC Clients
### END INIT INFO

# Author: Brad Lhotsky <[email protected]>
NAME=ossec-authd
DAEMON=/var/ossec/bin/ossec-authd
DAEMON_ARGS="-p 1515 2>&1 >> /var/ossec/logs/ossec-authd.log &"
PIDDIR=/var/ossec/var/run
SCRIPTNAME=/etc/init.d/ossec-authd

. /etc/rc.d/init.d/functions

getpid() {
    for filename in $PIDDIR/${NAME}*.pid; do
        pidfile=$(basename $filename)
        pid=$(echo $pidfile |cut -d\- -f 3 |cut -d\. -f 1)
        kill -0 $pid &> /dev/null
        RETVAL=$?
        if [ $RETVAL -eq 0 ]; then
            PIDFILE=$filename
            PID=$pid
        else
            rm -f $filename
        fi;
    done;
}

start() {
  echo -n $"Starting $NAME: "
  daemon $DAEMON $DAEMON_ARGS
  retval=$?
  if [ $retval -eq 0 ]; then
    echo_success
    echo
  else
    echo_failure
    echo
  fi
  return $retval
}

stop() {
  echo -n $"Stopping $NAME: "
  getpid
  killproc -p $PIDFILE $NAME
  retval=$?
  echo
  return $retval
}

restart() {
  stop
  start
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  status)
    getpid
    if [ -z $PIDFILE ]; then
        status $NAME
    else
        status -p $PIDFILE $NAME
    fi;
    ;;
  restart)
    restart
    ;;
  *)
    echo "Usage: $0 {start|stop|status}"
    exit 2
    ;;
esac

exit $?
Improve this question

2 Answers 2

Reset to default
6

systemd parses an init script's comments to generate temporary .service file at boot or upon daemon-reload command. Change the line

# pidfile: /var/run/ossec-authd.pid

to

# pidfile: /var/ossec/var/run/ossec-authd.pid

and run systemctl daemon-reload

UPD: now I see that pid file name is generated by authd at runtime and init script has to search for $PIDDIR/${NAME}*.pid.

Systemd can not search for pidfile, but can work without it. Sou you may try to remove # pidfile: line completely, or write your own .service file

Improve this answer
0
2

All of that is totally unnecessary.

The behaviour of systemd-sysv-generator with a van Smoorenburg rc script that has both the old RedHat comment headers and the LSB headers is interesting, but pointless to spend your time on.

Don't waste your time fixing your van Smoorenburg rc script and trying to get the PID files to work. You do not actually need the rickety and dangerous PID file mechanism in the first place with proper service management. Nor do you need wrappers like ossec-control. Forget about all that and make yourself a systemd service unit.

Two simple template service units for two different categories of OSSEC services, according to whether an -f option is necessary, are in the answers listed as further reading here. Adapt one or both of them.

Further reading

Improve this answer
1
  • Thanks man, I am planning to move to systemd unit. Will have to learn that though.
    – shivams
    Commented Feb 23, 2018 at 1:46

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .