Very often we have processes in Linux that we want to always run in the background at startup. These would be processes that we need to start at bootup and always be available to us.
If we are running a Linux distribution with a GUI (graphical user interface) like Kali or Ubuntu, we need the X11 process to be always running. If we are using Linux as a web server, we probably always want Apache and maybe MySQL to start up at bootup and always be running.
In this tutorial, we will examine how Linux starts processes at bootup and configure Snort, the world's most widely used IDS (intrusion detection system), to start automatically when booting up so that it is available to protect our network without any user interaction.
The Linux Boot-Up Process
To start, we need to examine the Linux boot-up process. In Linux, the boot-up process begins with the BIOS (basic input/output system), then the MBR (master boot record) executes GRUB (GRand Unified Bootloader), then the kernel executes the init (initialization, or first process), and then, finally, the runlevel program is executed from /etc/rc.d.
As you probably already know, Linux can be started in multiple runlevels, which are:
- 0 - halt the system
- 1 - single user mode (minimal services)
- 2 - multi-user modes
- 3 - multi-user mode
- 4 - multi-user mode
- 5 - multi-user mode
- 6 - reboot the system
Our Kali, being a Debian-based Linux distribution, usually boots into runlevel 2.
The Init.d Process
Init is the very first process. It is the ancestor of all Linux processes and always has the process ID of 1. As you can see in the screenshot below, init has the PID of 1.
kali > ps aux | grep init
This init process then hands over the boot-up processes to rc.d daemon.
It's important to note here that different Linux distributions handle the daemon start-up process slightly differently. In general, they all use the init process as the first process, but how they hand off to the start-up scripts differs slightly. In this case, we will be looking specifically at our Kali Linux which uses the same procedure as other Debian-based Linux systems.
Step 1: List the init.d Directory
Now that we have a basic understanding of the boot-up process in Linux, let's see if we can add Snort to the boot-up process in our Kali.
First, let's go to the directory /etc/init.d, the init process daemon directory (not to be confused with inetd). In this directory are all the scripts to start various processes at bootup.
kali > cd /etc/init.d
kali > ls -l
As you can see, these are files that can be executed by init upon bootup. Note, for example, apache2. If we go a bit further down the page, we should find rc.local.
Step 2: Open rc.local with a Text Editor
Now let's open rc.local in any text editor, which contains a script to start necessary processes in the background when the system boots up. I will be using Leafpad here.
kali > leafpad /etc/init.d/rc.local
Step 3: Install Snort
Now we will see if we can use what we learned to get the Snort IDS to always start at bootup. If don't already have Snort installed, do so now. To do so, you can type:
kali > apt-get install snort
The Snort package will downlaod and install. As part of the install, Snort will place a start-up script in the /etc/init.d directory. Let's look there and confirm.
kali > ls -l
As you can see, Snort has placed a start-up script in the /etc/init.d directory. Now all we need to do is to execute that script each time the system starts.
If you compiled Snort from source code, you may not have this script. In that case, simply create a file named "snort" and save it to the /etc/init.d directory. In that file, place a command to start Snort such as:
/usr/sbin/snort -D -c /etc/snort/snort.conf -l /var/log/snort
Make certain that this script has execute privileges (755).
Step 4: Strat Snort from rc.local
There are many ways to get a script to run at start up, but probably the simplest is to use the rc.local file. As we saw above, the rc.local file contains a script to start various services upon boot. Now all we need to do is append that file with commands to start Snort.
Let's open that file with Leafpad and add two lines at the end of the file to [1] make certain that the proper interface is up and in promiscuous mode (ifconfig eth0 up -arp) and [2] execute the script that the Snort package placed in the init.d directory (/etc/init.d/snort start).
Now whenever your system starts, Snort will always start in the background. Let's test it. Reboot your Kali system and let's see whether Snort starts automatically.
Now that our system has rebooted, let's check to see if Snort is running by typing:
kali > ps aux | grep snort
Success! Now our network is always protected by Snort whenever we start our system!
Keep coming back, my neophyte hackers, as we continue to explore the inner workings of Linux to give you the skills to become a professional hacker!
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
9 Comments
Great tut. Now, also systemd has been introduced as a replacement to initd, though -- in some systems, at least, like Ubuntu.
So with this method, I can put Apache, MySQL to start-up with the system, in the background ?
Can you use it for any script ? for example I have a script to generate a random integer and store it into a file on my root directory.. Can I make it start-up with the system ?
Yes, you can start any script with this method.
Wow I've really been looking for a way to make a start-up script because of my wpasupplicant, thanks Master OTW.
hi I've been following your Linux basics for aspiring hackers. now my question is where do I move to next to be well equipped on becoming a full time hacker or a Computer forensic analyst.
when will ur next article (PART 30 ) comes??
hi guys and MR.OTW i am new and would like to know whats next in this series
Nothing is planned just yet for the next part in this series, but we'll hopefully have someone continuing it in the near future, so stay tuned.
OTW I followed the tutorial but snort is not starting on reboot as it should be I'm on Kali 2.0 and would appreciate any help you could offer. I double checked rc.local to confirm the edits were saved. I am using the Snort script that came with my snort install so perhaps that's the cause of the issue and I should simply replace the text in that file with the text you provided for those who compiled Snort themselves.
Thanks in advance
Share Your Thoughts