current/SOURCES/snort.init

#!/bin/sh
#
# snort         Start/Stop the snort IDS daemon.
#
# chkconfig: 2345 40 60
# description:  snort is a lightweight network intrusion detection tool that \
#               currently detects more than 1100 host and network \
#               vulnerabilities, portscans, backdoors, and more.
#
# Comments to support LSB init script conventions
### BEGIN INIT INFO
# Provides: snort
# Required-Start: $network
# Required-Stop: $network
# Should-Start: mysqld postgresql
# Should-Stop: mysqld postgresql
# Default-Start:  3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/Stop the snort IDS daemon.
# Description:  snort is a lightweight network intrusion detection tool that \
#               currently detects more than 1100 host and network \
#               vulnerabilities, portscans, backdoors, and more.
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

# Source the local configuration file
. /etc/sysconfig/snort

# Convert the /etc/sysconfig/snort settings to something snort can
# use on the startup line.
if [ "$ALERTMODE"X = "X" ]; then
   ALERTMODE=""
else
   ALERTMODE="-A $ALERTMODE"
fi

if [ "$USER"X = "X" ]; then
   USER="snort"
fi

if [ "$GROUP"X = "X" ]; then
   GROUP="snort"
fi

if [ "$BINARY_LOG"X = "1X" ]; then
   BINARY_LOG="-b"
else
   BINARY_LOG=""
fi

if [ "$CONF"X = "X" ]; then
   CONF="-c /etc/snort/snort.conf"
else
   CONF="-c $CONF"
fi

if [ "$INTERFACE"X = "X" ]; then
   INTERFACE="-i eth0"
else 
   INTERFACE="-i $INTERFACE"
fi

if [ "$DUMP_APP"X = "1X" ]; then
   DUMP_APP="-d"
else
   DUMP_APP=""
fi 

if [ "$NO_PACKET_LOG"X = "1X" ]; then
   NO_PACKET_LOG="-N"
else
   NO_PACKET_LOG=""
fi      

if [ "$PRINT_INTERFACE"X = "1X" ]; then
   PRINT_INTERFACE="-I"
else
   PRINT_INTERFACE=""
fi

if [ "$PASS_FIRST"X = "1X" ]; then
   PASS_FIRST="-o"
else
   PASS_FIRST=""
fi

if [ "$LOGDIR"X = "X" ]; then
   LOGDIR=/var/log/snort
fi

RETVAL=0

######################################
# Now to the real heart of the matter:

# See how we were called.
case "$1" in
  start)
        echo -n "Starting snort: "
        chown -R snort:snort $LOGDIR
        /usr/sbin/snort -c /etc/snort/snort.conf -T > /dev/null 2>&1
        RETVAL=$?
        if [ "$RETVAL" != "0" ]; then
                failure
                echo
                exit $RETVAL
        fi
        cd $LOGDIR
        if [ "$INTERFACE" = "-i ALL" ]; then
           for i in `cd /proc/sys/net/ipv4/conf; ls -d eth* |sed s/"\/"//g`
           do
                mkdir -p "$LOGDIR/$i"
                chown -R snort:snort $LOGDIR
                daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i $PASS_FIRST
           done
        else
           daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR $PASS_FIRST
        fi
        touch /var/lock/subsys/snort
        echo
        ;;
  stop)
        echo -n "Stopping snort: "
        killproc snort
        RETVAL=$?
        if [ "$RETVAL" = "0" ]; then
                rm -f /var/lock/subsys/snort
        fi
        echo 
        ;;
  reload)
        echo -n "Testing configuration"
        /usr/sbin/snort -c snort.conf -T
        TESTVAL=$?
        if [ "$TESTVAL" = "0" ]; then
                echo  -n ",  reloading: "
                SNORTPID=`/bin/pidof snort`
                kill -SIGHUP $SNORTPID
                RETVAL=0
        else
                RETVAL=1
        fi
        ;;
  restart)
        $0 stop
        $0 start
        ;;
  condrestart)
        [ -e /var/lock/subsys/snort ] && /etc/rc.d/init.d/snort restart
        ;;
  status)
        status snort
        RETVAL=$?
        ;;
  *)
        echo "Usage: $0 {start|stop|reload|restart|condrestart|status}"
        exit 2
esac

exit $RETVAL
1	#!/bin/sh
2	#
3	# snort Start/Stop the snort IDS daemon.
4	#
5	# chkconfig: 2345 40 60
6	# description: snort is a lightweight network intrusion detection tool that \
7	# currently detects more than 1100 host and network \
8	# vulnerabilities, portscans, backdoors, and more.
9	#
10	# Comments to support LSB init script conventions
11	### BEGIN INIT INFO
12	# Provides: snort
13	# Required-Start: $network
14	# Required-Stop: $network
15	# Should-Start: mysqld postgresql
16	# Should-Stop: mysqld postgresql
17	# Default-Start: 3 4 5
18	# Default-Stop: 0 1 6
19	# Short-Description: Start/Stop the snort IDS daemon.
20	# Description: snort is a lightweight network intrusion detection tool that \
21	# currently detects more than 1100 host and network \
22	# vulnerabilities, portscans, backdoors, and more.
23	### END INIT INFO
24
25	# Source function library.
26	. /etc/rc.d/init.d/functions
27
28	# Source the local configuration file
29	. /etc/sysconfig/snort
30
31	# Convert the /etc/sysconfig/snort settings to something snort can
32	# use on the startup line.
33	if [ "$ALERTMODE"X = "X" ]; then
34	ALERTMODE=""
35	else
36	ALERTMODE="-A $ALERTMODE"
37	fi
38
39	if [ "$USER"X = "X" ]; then
40	USER="snort"
41	fi
42
43	if [ "$GROUP"X = "X" ]; then
44	GROUP="snort"
45	fi
46
47	if [ "$BINARY_LOG"X = "1X" ]; then
48	BINARY_LOG="-b"
49	else
50	BINARY_LOG=""
51	fi
52
53	if [ "$CONF"X = "X" ]; then
54	CONF="-c /etc/snort/snort.conf"
55	else
56	CONF="-c $CONF"
57	fi
58
59	if [ "$INTERFACE"X = "X" ]; then
60	INTERFACE="-i eth0"
61	else
62	INTERFACE="-i $INTERFACE"
63	fi
64
65	if [ "$DUMP_APP"X = "1X" ]; then
66	DUMP_APP="-d"
67	else
68	DUMP_APP=""
69	fi
70
71	if [ "$NO_PACKET_LOG"X = "1X" ]; then
72	NO_PACKET_LOG="-N"
73	else
74	NO_PACKET_LOG=""
75	fi
76
77	if [ "$PRINT_INTERFACE"X = "1X" ]; then
78	PRINT_INTERFACE="-I"
79	else
80	PRINT_INTERFACE=""
81	fi
82
83	if [ "$PASS_FIRST"X = "1X" ]; then
84	PASS_FIRST="-o"
85	else
86	PASS_FIRST=""
87	fi
88
89	if [ "$LOGDIR"X = "X" ]; then
90	LOGDIR=/var/log/snort
91	fi
92
93	RETVAL=0
94
95	######################################
96	# Now to the real heart of the matter:
97
98	# See how we were called.
99	case "$1" in
100	start)
101	echo -n "Starting snort: "
102	chown -R snort:snort $LOGDIR
103	/usr/sbin/snort -c /etc/snort/snort.conf -T > /dev/null 2>&1
104	RETVAL=$?
105	if [ "$RETVAL" != "0" ]; then
106	failure
107	echo
108	exit $RETVAL
109	fi
110	cd $LOGDIR
111	if [ "$INTERFACE" = "-i ALL" ]; then
112	for i in `cd /proc/sys/net/ipv4/conf; ls -d eth* \|sed s/"\/"//g`
113	do
114	mkdir -p "$LOGDIR/$i"
115	chown -R snort:snort $LOGDIR
116	daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i $PASS_FIRST
117	done
118	else
119	daemon /usr/sbin/snort $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR $PASS_FIRST
120	fi
121	touch /var/lock/subsys/snort
122	echo
123	;;
124	stop)
125	echo -n "Stopping snort: "
126	killproc snort
127	RETVAL=$?
128	if [ "$RETVAL" = "0" ]; then
129	rm -f /var/lock/subsys/snort
130	fi
131	echo
132	;;
133	reload)
134	echo -n "Testing configuration"
135	/usr/sbin/snort -c snort.conf -T
136	TESTVAL=$?
137	if [ "$TESTVAL" = "0" ]; then
138	echo -n ", reloading: "
139	SNORTPID=`/bin/pidof snort`
140	kill -SIGHUP $SNORTPID
141	RETVAL=0
142	else
143	RETVAL=1
144	fi
145	;;
146	restart)
147	$0 stop
148	$0 start
149	;;
150	condrestart)
151	[ -e /var/lock/subsys/snort ] && /etc/rc.d/init.d/snort restart
152	;;
153	status)
154	status snort
155	RETVAL=$?
156	;;
157	*)
158	echo "Usage: $0 {start\|stop\|reload\|restart\|condrestart\|status}"
159	exit 2
160	esac
161
162	exit $RETVAL