# At boot, rc script runs, but service immediately exits



## mrab54 (Feb 7, 2012)

I have the following script in /etc/rc.d/sshguard :


```
#!/bin/sh

# PROVIDE: sshguard
# KEYWORD: nojail shutdown

. /etc/rc.subr

name="sshguard"
rcvar=sshguard_enable

sig_reload="USR1"

load_rc_config $name

: ${sshguard_enable:="NO"}

command="/usr/local/sbin/${name}"
pidfile="/var/run/${name}.pid"
command_args="-i /var/run/sshguard.pid -p 7200 -l /var/log/auth.log -l /usr/jails/jail_foobar/var/log/auth.log &"

run_rc_command "$1"
```

Output from /var/log/messages


```
...
Feb  7 17:00:06 ip-10-212-131-54 kernel: start_init: trying /sbin/init
Feb  7 17:00:06 ip-10-212-131-54 kernel: pflog0: bpf attached
Feb  7 17:00:11 ip-10-212-131-54 sshguard[1611]: Started successfully [(a,p,s)=(40, 7200, 1200)], now ready to scan.
Feb  7 17:00:12 ip-10-212-131-54 sshguard[1611]: Got exit signal, flushing blocked addresses and exiting...
```

However, I can start sshguard manually by running:
`# /etc/rc.d/sshguard start`

Any idea why sshguard exits immediately at boot?


----------



## SirDice (Feb 8, 2012)

That's not how you're supposed to run sshguard. Read the message that gets printed when you installed sshguard:

```
Your /etc/syslog.conf has been added a line for sshguard; uncomment it
  and use "/etc/rc.d/syslogd reload" for activating it.
```

So, edit your /etc/syslog.conf, look for this line:

```
auth.info;authpriv.info     |exec /usr/local/sbin/sshguard -s 2400
```
Remove the # mark, save and restart syslogd.


----------



## mrab54 (Feb 8, 2012)

SirDice said:
			
		

> That's not how you're supposed to run sshguard. Read the message that gets printed when you installed sshguard:



With sshguard version 1.5, you can start sshguard with the -l flag.

Notes from their site:


> Since version 1.5 sshguard comes with the Log Sucker. The Log Sucker makes sshguard continually monitor a bunch of log sources (files, FIFOs or pipes) and read in log lines as soon as they appear. The Log Sucker senses when any file has been rotated, without needing notifications from the outside.




At any rate, I added a [cmd=]sleep 60[/cmd] to the rc script and it starts up during boot without a problem.  I still wish I understood the problem better.


```
#!/bin/sh

# PROVIDE: sshguard
# KEYWORD: nojail shutdown

. /etc/rc.subr

name="sshguard"
rcvar=sshguard_enable

sig_reload="USR1"

start_cmd="${name}_start"

load_rc_config $name

: ${sshguard_enable:="NO"}

command="/usr/local/sbin/${name}"
pidfile="/var/run/${name}.pid"
command_args="-i /var/run/sshguard.pid -p 7200 -l /var/log/auth.log -l /usr/jails/jail_foobar/var/log/auth.log &"

sshguard_start()
{
    # add a sleep as a workaround for the service exiting immediately after starting during boot
    sleep 60
    ${command} ${command_args}
}

run_rc_command "$1"
```


----------



## phoenix (Feb 8, 2012)

sshguard reads log files.  syslogd writes log files.  You have to start sshguard after syslogd.  So add the following line after the *PROVIDE* line:

```
REQUIRE: syslogd
```

Check the order that things run via:
`$ rcorder /etc/rc.d/* /usr/local/etc/rc.d/*` before and after making the change.


----------



## mrab54 (Feb 8, 2012)

Now I'm very confused.

I removed the `sleep 60` and it still loads sshguard during boot - while the original script failed.


```
#!/bin/sh

# PROVIDE: sshguard
# REQUIRE: syslogd
# KEYWORD: nojail shutdown

. /etc/rc.subr

name="sshguard"
rcvar=sshguard_enable

sig_reload="USR1"

start_cmd="${name}_start"

load_rc_config $name

: ${sshguard_enable:="NO"}

command="/usr/local/sbin/${name}"
pidfile="/var/run/${name}.pid"
command_args="-i /var/run/sshguard.pid -p 7200 -l /var/log/auth.log -l /usr/jails/jail_foobar/var/log/auth.log &"

sshguard_start()
{
    ${command} ${command_args}
}

run_rc_command "$1"
```

But, when I run a ps, I get two hanging processes.


```
21 xc0  Is+    0:00.06 sh /etc/rc autoboot
 1613 xc0  I+     0:00.00 sh /etc/rc autoboot
```

I have tried the following REQUIRE statement with the same results:

```
# REQUIRE: LOGIN
```


----------



## sergeig (Mar 23, 2014)

/usr/local/etc/rc.d/sshguard is configured to start through /usr/sbin/daemon with -f option which makes error messages from sshguard disappear. Look for -cf in


```
command_args="-cf ${actual_command}
```

Try changing it to:


```
command_args="-c ${actual_command}
```

Then run `service sshguard start`

This may help to troubleshoot the issue you have.


----------

