File: psad.init

package info (click to toggle)
psad 2.4.6-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 5,084 kB
  • sloc: perl: 13,976; ansic: 1,322; sh: 319; makefile: 18
file content (229 lines) | stat: -rw-r--r-- 4,485 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
 
#! /bin/sh
### BEGIN INIT INFO
# Provides:          psad
# Required-Start:    $remote_fs
# Required-Stop:     $remote_fs
# Should-Start:      netfilter-persistent
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Port Scan Attack Detector (psad)
# Description:       Enable the Port Scan Attack Detector (psad)
### END INIT INFO

# Author: Franck Joncourt <franck@debian.org>

PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Port Scan Attack Detector"
NAME=psad
DAEMON=/usr/sbin/$NAME
PIDDIR=/var/run/psad
SCRIPTNAME=/etc/init.d/psad

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Load user options to pass to psad daemon
DAEMON_ARGS=""
[ -r /etc/default/psad ] && . /etc/default/psad

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

#
# Function that checks if all of the configuration files exist
#
# Return
#   0 : all of the configuration files exist
#   6 : at least one file is missing

check_config()
{
	local retval
	local file_list

	retval=0
	file_list="/etc/psad/psad.conf"

	for ConfFile in $file_list; do
		if [ ! -f "$ConfFile" ]; then
			retval=6	
		 	break	
		fi
	done

	return $retval
}

#
# Function to check if psad is running
#
#    0 : the psad.pid file has been found ; we assume the daemon is running
#    1 : no pid file has been found ; we assume the daemon is not running
#
is_psad_running()
{
        local pidfile="$PIDDIR/psad.pid"
        local retval

        retval=0
        if [ -r "$pidfile" ]; then
                retval=1
        fi

        return $retval
}

#
# Function that starts the daemon/service
#
#   0 : daemon has been started or was already running
#   1 : generic or unspecified errors (could not be started)
#   6 : program is not configured (missing configuration files)

do_start()
{
	local retval


        mkdir -p $PIDDIR
        chmod 755 $PIDDIR

	# Check psad configuration
	check_config
	retval=$?

	# Try to start psad
        is_psad_running
        if [ "$?" = 1 ]; then
            log_action_msg "The psad daemon is already running"
            retval=0

	elif [ "$retval"  = "0" ]; then
		start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS
		retval="$?"
	fi

	# Handle return status codes
	case "$retval" in
		0)	 
			;;
		6)	
			log_action_msg "You are missing the configuration file $ConfFile" || true
			;;
		9)	
			retval=0
			;;
		*)
			retval=1
			log_action_msg "Unable to start the daemon" || true
			;;
	esac

	log_daemon_msg "Starting Port Scan Attack Detector" "psad" || true
        log_end_msg $retval || true

	return $retval
}

#
# Function that stops the daemon/service
#
# The upstream author has allowed the daemon to be killed through the 
# following command-line : psad --Kill
#
# As psad starts kmsgsd, psadwatchd and psad_fw_read on its own, we need
# to stop them before.
#
# Return
#   0 : daemon has been stopped or was already stopped
#   1 : daemon could not be stopped

do_stop()
{
	local retval="0"
	local status kill_status
	local pid pidfile
	local process_list="psadwatchd kmsgsd psad psad_fw_read"

	# For each process
	for process in $process_list; do

		pidfile="$PIDDIR/$process.pid"
		status="0"
		kill_status="1"

		log_action_msg "Stopping the $process process"

		# Try to kill the process associated to the pid
		if [ -r "$pidfile" ]; then
			pid=`cat "$pidfile" 2>/dev/null`
			kill -0 "${pid:-}" 2>/dev/null
			kill_status="$?"
		fi

		# Stop the process
		if [ "$kill_status" = "0" ]; then
			start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile"
			status="$?"
		fi

		# Remove its pid file
		if [ -r "$pidfile" ] && [ "$status" = "0" ]; then
			 rm -f "$pidfile" 2>/dev/null
			 status="$?"
		fi

		[ "$status" = "0" ] || retval="1"

	done

	if [ "$retval" != "0" ]; then
		log_action_msg "One or more process could not be stopped" || true
	fi

        log_daemon_msg "Stopping Port Scan Attack Detector" "psad" || true
        log_end_msg $retval || true

	return $retval
}

#
# Function that returns the daemon status
#
do_status()
{
	echo "Status of $DESC:"
	$DAEMON --Status
}

case "$1" in
	start)
		do_start
		;;

	stop)
		do_stop
		;;

	restart|force-reload)
		do_stop
		sleep 1
		do_start
		;;

	status)
		do_status
		exit 0
		;;

	*)
		log_success_msg "Usage: $0 {start|stop|restart|status}" >&2
		exit 1 
		;;
esac

exit