ALT Linux repositórios
Group :: Segurança/Rede
RPM: snort
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
#!/bin/sh
#
# /etc/init.d/rc.d/snortd
#
# chkconfig: - 90 10
# description: snort is a lightweight network intrusion detection tool that
# currently detects more than 1100 host and network
# vulnerabilities, portscans, backdoors, and more.
# processname: snort
# config: /etc/snort/snort.conf
# pidfile: /var/run/snort.pid
# Do not load RH compatibility interface.
WITHOUT_RC_COMPAT=1
# Source function library.
. /etc/init.d/functions
# Testing tricks.
if [ "$1" = "--trace-script" ]; then
shift
echo Enable script tracing...
set -x
fi
# Get config.
CONFIG=/etc/sysconfig/snort
SourceIfNotEmpty "$CONFIG" || exit 0
COMMON_LOCKFILE="/var/lock/subsys/snortd"
COMMON_OPTIONS=
DEFAULT_PARAMS="-t /var/log/snort -d -c /etc/snort/snort.conf"
RETVAL=0
[ -n "$INTERFACES" ] || exit 0
function print_all_ifaces() {
local linenum=0
netstat -i | egrep -v '^lo' | while read first_word unused_tail; do
case $[++linenum] in
1 | 2 ) ;;
* ) echo $first_word ;;
esac
done
}
is_active_iface()
{
local iface="$1";shift
netstat --interfaces="$iface" | grep -qs "^$iface" 2>/dev/null
}
IFN=`echo $INTERFACES | sed -e 's/, */ /g'`
case "$IFN" in
"" | any | all | Any | All | ANY | ALL ) IFN=`print_all_ifaces` ;;
esac
foreach_iface() {
local func="$1"
shift
for i in $IFN; do
PIDFILE="/var/run/snort_$i.pid"
LOCKFILE="/var/lock/subsys/snort_$i"
COMMON_OPTIONS="--name snort --pidfile $PIDFILE --lockfile $LOCKFILE --expect-user snort --displayname snort($i)"
"$func" "$i" "$@" || return 1
done
return $RETVAL
}
status0() {
status $COMMON_OPTIONS snort 2>&1 >/dev/null
local retval=$?
[ $retval -eq 0 ] && RETVAL=$retval # at least one instance is loaded
return 0
}
is_loaded() {
RETVAL=1 # assume not loaded
foreach_iface status0
return $RETVAL
}
start1() {
local add_params
is_active_iface "$1" || return 0
for suffix in "`echo "$1" | tr : _`" any all Any All ANY ALL; do
eval add_params="\$ADDPARAMS_$suffix"
test -n "$add_params" && break
done
[ -z "$add_params" ] && add_params="$DEFAULT_PARAMS"
start_daemon $COMMON_OPTIONS -- snort -u snort -g snort \
-D \
-i "$1" \
"$add_params"
local retval=$?
[ $RETVAL -eq 0 ] && RETVAL=$retval
return $retval
}
start() {
foreach_iface start1
[ $RETVAL = 0 ] && /bin/touch -f "$COMMON_LOCKFILE"
}
stop1() {
stop_daemon $COMMON_OPTIONS snort
local retval=$?
[ $RETVAL -eq 0 ] && RETVAL=$retval
return $retval
}
stop() {
foreach_iface stop1
[ $RETVAL = 0 ] && /bin/rm -f "$COMMON_LOCKFILE"
}
restart() {
stop
start
}
reload1() {
stop_daemon $COMMON_OPTIONS -HUP snort
local retval=$?
[ $RETVAL -eq 0 ] && RETVAL=$retval
return $retval
}
reload() {
restart
return
# Following code works only when snort daemon is running
# under root privileges and without chrooting!
msg_reloading snort
foreach_iface reload1
}
status1() {
status $COMMON_OPTIONS snort
local retval=$?
[ $RETVAL -eq 0 ] && RETVAL=$retval
}
checkstatus() {
foreach_iface status1
}
# See how we were called.
case "$1" in
start) start ;;
stop) stop ;;
status) checkstatus ;;
restart) restart ;;
reload) reload ;;
condstop) is_loaded && stop ;;
condrestart) is_loaded && restart ;;
condreload) is_loaded && reload ;;
*)
msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
RETVAL=1
esac
exit $RETVAL