Post describes how to create init script for urlsnarf and start it as a daemon on Fedora Linux. Process is simple, install dsniff package and create init script inside /etc/init.d/ directory. After activation with chkconfig, urlsnarf will start up on Linux boot.
First you have to install dsniff package. It is a collection of tools (including urlsnarf) for network auditing and penetration testing.
yum install dsniff
Next step is to create init script. Here is bash code for /etc/init.d/urlsnarf init script:
#!/bin/bash
#
# urlsnarf sniff HTTP requests in Common Log Format
#
# chkconfig: 2345 79 19
# description: urlsnarf outputs all requested URLs sniffed from HTTP traffic in CLF \
# Common Log Format, used by almost all web servers), suitable for \
# offline post-processing with your favorite web log analysis tool
# processname: urlsnarf
# pidfile: /var/run/urlsnarf.pid
### BEGIN INIT INFO
# Provides: urlsnarf
# Required-Start: $syslog $local_fs
# Required-Stop: $syslog $local_fs
# Default-Start: 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Outputs requested URLs from HTTP traffic to the log file
# Description: urlsnarf outputs all requested URLs sniffed from HTTP
# traffic in CLF Common Log Format
### END INIT INFO
# Program name
prog="urlsnarf"
# Source function library.
. /etc/rc.d/init.d/functions
# Define constants
URLSNARF_BIN="/usr/sbin/$prog"
URLSNARF_LOG="/var/log/$prog.log"
LOCK="/var/lock/subsys/$prog"
PIDFILE="/var/run/$prog.pid"
start() {
# Check if it is already running
if [ ! -f $LOCK ]; then
echo -n $"Starting $prog: "
daemon --pidfile="${PIDFILE}" "$URLSNARF_BIN >> $URLSNARF_LOG 2>&1 &"
pidof $prog > $PIDFILE
RETVAL=$?
[ $RETVAL -eq 0 ] && touch $LOCK
echo
fi
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $URLSNARF_BIN
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LOCK
return $retval
}
restart() {
stop
start
}
reload() {
restart
}
force_reload() {
restart
}
rh_status() {
# run checks to determine if the service is running or use generic status
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
# See how we were called.
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
status)
rh_status
;;
*)
echo $"Usage: $prog {start|stop|restart|status}"
exit 1
esac
After script is saved, it should be listed in Services menu:
System -> Administration -> Services
Start and enable urlsnarf service, or you can enable it with chkconfig urlsnarf on command in terminal. Output from urlsnarf is redirected to the /var/log/urlsnarf.log file. If you want to activate logrotate, then create /etc/logrotate.d/urlsnarf file and add the following lines:
/var/log/urlsnarf.log {
rotate 5
weekly
postrotate
/sbin/service urlsnarf restart > /dev/null 2>/dev/null || true
endscript
}
Now urlsnarf will be started on every boot and log files will be rotated weekly. Actually, logrotate has many options like: rotate on daily or monthly basis, rotate log files if bigger then defined size, compress old logs, email logs and so on.
This scenario with adding service can be applied generally. Find utility, create System V init script and activate service. Could not be easier. ;)