File: snort-inline.init.d

package info (click to toggle)
snort 2.8.5.2-8
  • links: PTS
  • area: main
  • in suites: squeeze
  • size: 37,692 kB
  • ctags: 25,758
  • sloc: ansic: 177,775; sh: 11,401; makefile: 1,994; yacc: 495; perl: 491; lex: 252; sql: 213
file content (256 lines) | stat: -rw-r--r-- 6,489 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
 
#!/bin/sh -e

test $DEBIAN_SCRIPT_DEBUG && set -v -x

DAEMON=/usr/sbin/snort
NAME=snort
DESC="Network Intrusion Detection System"

CONFIG=/etc/snort/snort.debian.conf
# Old (obsolete) way to provide parameters
if [ -r /etc/snort/snort.common.parameters ] ; then
	COMMON=`cat /etc/snort/snort.common.parameters`
elif [ -r /etc/default/snort ] ; then
# Only read this if the old configuration is not present
	. /etc/default/snort
	COMMON="$PARAMS -l $LOGDIR -u $SNORTUSER -g $SNORTGROUP"
fi

test -x $DAEMON || exit 0
test -f $CONFIG && . $CONFIG
test -z "$DEBIAN_SNORT_HOME_NET" && DEBIAN_SNORT_HOME_NET="192.168.0.0/16"

# to find the lib files
cd /etc/snort

check_log_dir() {
# Does the logging directory belong to Snort?
	# If we cannot determine the logdir return without error
	# (we will not check it)
	# This will only be used by people using /etc/default/snort
	[ -n "$LOGDIR" ] || return 0
	[ -n "$SNORTUSER" ] || return 0
	if [ ! -e "$LOGDIR" ] ; then
		echo -n "ERR: logging directory $LOGDIR does not exist"
		return 1
	elif [ ! -d "$LOGDIR" ] ; then
		echo -n "ERR: logging directory $LOGDIR does not exist"
		return 1
	else
		real_log_user=`stat -c %U $LOGDIR`
	# An alternative way is to check if the snort user can create 
	# a file there...
		if [ "$real_log_user" != "$SNORTUSER" ] ; then
			echo -n "ERR: logging directory $LOGDIR does not belong to the snort user $SNORTUSER"
			return 1
		fi
	fi
	return 0
}

case "$1" in
  start)
        if [ -e /etc/snort/db-pending-config ] ; then
		echo "WARN: /etc/snort/db-pending-config file found"
		echo "WARN: Snort will not start as its database is not yet configured."
		echo "WARN: Please configure the database as described in"
		echo "WARN: /usr/share/doc/snort-{pgsql,mysql}/README-database.Debian"
		echo "WARN: and remove /etc/snort/db-pending-config"
		exit 1
	fi

	echo -n "Starting $DESC: "
        if ! check_log_dir; then
		echo " will not start $DESC!"
		exit 1
	fi
	if [ "$DEBIAN_SNORT_STARTUP" = "dialup" ]; then
		shift
		set +e
		/etc/ppp/ip-up.d/snort "$@"
		exit $?
	fi

	# Usually, we start all interfaces
	interfaces="$DEBIAN_SNORT_INTERFACE"

	# If we are requested to start a specific interface...
	test "$2" && interfaces="$2"

	myret=0
	got_instance=0
	for interface in $interfaces; do
		got_instance=1
		echo -n "$NAME($interface)"

		PIDFILE=/var/run/snort_$interface.pid

		fail="failed (check /var/log/daemon.log)"
		/sbin/start-stop-daemon --stop --signal 0 --quiet \
			--pidfile "$PIDFILE" --exec $DAEMON >/dev/null &&
				fail="already running"

		CONFIGFILE=/etc/snort/snort.$interface.conf
		if [ ! -e "$CONFIGFILE" ]; then
			echo "using /etc/snort/snort.conf"
			CONFIGFILE=/etc/snort/snort.conf
		else
			echo "using /etc/snort/snort.$interface.conf"
                fi

		set +e
		/sbin/start-stop-daemon --start --quiet --pidfile "$PIDFILE" \
			--exec $DAEMON -- $COMMON $DEBIAN_SNORT_OPTIONS \
			-c $CONFIGFILE \
			-S "HOME_NET=[$DEBIAN_SNORT_HOME_NET]" \
			-i $interface >/dev/null
		ret=$?
		set -e
		case "$ret" in
			0)
				echo "."
				;;
			*)
				echo "...$fail."
				myret=$(expr "$myret" + 1)
				;;
		esac
	done

	if [ "$got_instance" = 0 ]; then
		echo "No snort instance found to be started!" >&2
		exit 1
	fi

	exit $myret
	;;
  stop)
	if [ "$DEBIAN_SNORT_STARTUP" = "dialup" ]; then
		shift
		set +e
		/etc/ppp/ip-down.d/snort "$@"
		exit $?
	fi

	# Usually, we stop all current running interfaces
	pidpattern=/var/run/snort_*.pid

	# If we are requested to stop a specific interface...
	test "$2" && pidpattern=/var/run/snort_"$2".pid

	got_instance=0
	for PIDFILE in $pidpattern; do
		# This check is also needed, if the above pattern doesn't match
		test -f "$PIDFILE" || continue

		got_instance=1
		interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//')

		echo -n "Stopping $DESC: $NAME($interface)"

		/sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
			--pidfile "$PIDFILE" --exec $DAEMON >/dev/null
		rm -f "$PIDFILE"

		echo "."
	done

	if [ "$got_instance" = 0 ]; then
		echo "No snort instance found to be stopped!" >&2
	fi
	;;
  restart|force-restart|reload|force-reload)
	# Usually, we restart all current running interfaces
	pidpattern=/var/run/snort_*.pid

	# If we are requested to restart a specific interface...
	test "$2" && pidpattern=/var/run/snort_"$2".pid

	got_instance=0
	for PIDFILE in $pidpattern; do
		# This check is also needed, if the above pattern doesn't match
		test -f "$PIDFILE" || continue

		got_instance=1
		interface=$(basename "$PIDFILE" .pid | sed -e 's/^snort_//')
		$0 stop $interface || true
		$0 start $interface || true
	done

	if [ "$got_instance" = 0 ]; then
		echo "No snort instance found to be restarted!" >&2
	fi
	;;
  status)
        echo -n "Status of snort daemon(s):"
	interfaces="$DEBIAN_SNORT_INTERFACE"
	# If we are requested to check for a specific interface...
	test "$2" && interfaces="$2"
	for interface in $interfaces; do
                echo -n " $interface "
                pidfile=/var/run/snort_$interface.pid
                if [ -f  "$pidfile" ] ; then
 	                pidval=`cat $pidfile`
		        if ps -p $pidval | grep -q snort; then
		       		echo -n "(ok)"
			else
				echo -n "(nok!)"
			fi
                 else
                        echo -n "(nok!)"
                 fi
        done
        echo "."
        ;;
  config-check)
	if [ "$DEBIAN_SNORT_STARTUP" = "dialup" ]; then
		echo "Config-check is currently not supported for snort in Dialup configuration"
		exit 0
	fi

	# usually, we test all interfaces
	interfaces="$DEBIAN_SNORT_INTERFACE"
	# if we are requested to test a specific interface...
	test "$2" && interfaces="$2"

	myret=0
	got_instance=0
	for interface in $interfaces; do
		got_instance=1
		echo -n "checking $desc config: $name($interface)"

		CONFIGFILE=/etc/snort/snort.$interface.conf
		if [ ! -e "$CONFIGFILE" ]; then
			CONFIGFILE=/etc/snort/snort.conf
		fi
		COMMON=`echo $COMMON | sed -e 's/-D//'`
		set +e
		$DAEMON -T $COMMON $DEBIAN_SNORT_OPTIONS \
			-c $CONFIGFILE \
			-S "HOME_NET=[$DEBIAN_SNORT_HOME_NET]" \
			-i $interface >/dev/null 2>&1
		ret=$?
		set -e
		case "$ret" in
			0)
				echo ".ok."
				;;
			*)
				echo "...failed."
				myret=$(expr "$myret" + 1)
				;;
		esac
	done
	if [ "$got_instance" = 0 ]; then
		echo "no snort instance found to be started!" >&2
		exit 1
	fi

	exit $myret
	;;
  *)
	echo "Usage: $0 {start|stop|restart|force-restart|reload|force-reload|status|config-check}"
	exit 1
	;;
esac
exit 0