|
@@ -0,0 +1,257 @@
+#!/bin/sh
+#
+# /etc/init.d/snortd
+# and its symbolic link
+# /usr/sbin/rcsnortd
+#
+###
+### adappted to openSUSE 11.0 by hans @ www.kriyayoga.com
+### December 13 2008
+### use as is - use at your own risk
+### report bugs in THIS snortd init-script to hans@kriyayoga.com
+###
+### BEGIN INIT INFO
+# Provides: snort
+# Required-Start: $syslog $remote_fs
+# Required-Stop: $syslog $remote_fs
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Short-Description: Start snort
+# Description: Start snort IDS
+### END INIT INFO
+PATH=/usr/sbin:/usr/bin:/usr/sbin:/sbin:/usr/sbin:/usr/bin:/bin
+SNORT_BIN=/usr/sbin/snort
+SNORT_SOCKET=/var/run/snort_eth0.pid
+
+test -x $SNORT_BIN || { echo "$SNORT_BIN not installed";
+ if [ "$1" = "stop" ]; then exit 0;
+ else exit 5; fi; }
+
+# Check for existence of needed config file and read it
+SNORT_CONFIG=/etc/snort/snort.conf
+test -r $SNORT_CONFIG || { echo "$SNORT_CONFIG not existing";
+ if [ "$1" = "stop" ]; then exit 0;
+ else exit 6; fi; }
+
+. /etc/rc.status
+
+# Shell functions sourced from /etc/rc.status:
+# rc_check check and set local and overall rc status
+# rc_status check and set local and overall rc status
+# rc_status -v ditto but be verbose in local rc status
+# rc_status -v -r ditto and clear the local rc status
+# rc_failed set local and overall rc status to failed
+# rc_reset clear local rc status (overall remains)
+# rc_exit exit appropriate to overall rc status
+
+# First reset status of this service
+
+# Reset status of this service
+rc_reset
+
+# Source the local configuration file
+. /etc/sysconfig/snort
+
+# Convert the /etc/sysconfig/snort settings to something snort can
+# use on the startup line.
+if [ "$ALERTMODE"X = "X" ]; then
+ ALERTMODE=""
+else
+ ALERTMODE="-A $ALERTMODE"
+fi
+
+if [ "$USER"X = "X" ]; then
+ USER="snort"
+fi
+
+if [ "$GROUP"X = "X" ]; then
+ GROUP="snort"
+fi
+
+if [ "$BINARY_LOG"X = "1X" ]; then
+ BINARY_LOG="-b"
+else
+ BINARY_LOG=""
+fi
+
+if [ "$CONF"X = "X" ]; then
+ CONF="-c /etc/snort/snort.conf"
+else
+ CONF="-c $CONF"
+fi
+
+if [ "$INTERFACE"X = "X" ]; then
+ INTERFACE="-i eth0"
+else
+ INTERFACE="-i $INTERFACE"
+fi
+
+if [ "$DUMP_APP"X = "1X" ]; then
+ DUMP_APP="-d"
+else
+ DUMP_APP=""
+fi
+
+if [ "$NO_PACKET_LOG"X = "1X" ]; then
+ NO_PACKET_LOG="-N"
+else
+ NO_PACKET_LOG=""
+fi
+
+if [ "$PRINT_INTERFACE"X = "1X" ]; then
+ PRINT_INTERFACE="-I"
+else
+ PRINT_INTERFACE=""
+fi
+
+if [ "$PASS_FIRST"X = "1X" ]; then
+ PASS_FIRST="-o"
+else
+ PASS_FIRST=""
+fi
+
+if [ "$LOGDIR"X = "X" ]; then
+ LOGDIR=/var/log/snort
+fi
+
+# These are used by the 'stats' option
+if [ "$SYSLOG"X = "X" ]; then
+ SYSLOG=/var/log/messages
+fi
+
+if [ "$SECS"X = "X" ]; then
+ SECS=5
+fi
+
+if [ ! "$BPFFILE"X = "X" ]; then
+ BPFFILE="-F $BPFFILE"
+fi
+
+######################################
+# Now to the real heart of the matter:
+
+# See how we were called.
+
+case "$1" in
+ start)
+ cd $LOGDIR
+ if [ "$INTERFACE" = "-i ALL" ]; then
+ for i in `cat /proc/net/dev|grep eth|awk -F ":" '{ print $1; }'`
+ do
+ mkdir -p "$LOGDIR/$i"
+ chown -R $USER:$GROUP $LOGDIR
+ /sbin/startproc -p $SNORT_SOCKET $SNORT_BIN $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i $PASS_FIRST $BPFFILE $BPF > /dev/null 2>&1
+ # Remember status and be verbose
+ rc_status -v
+ done
+ else
+ # check if more than one interface is given
+ if [ `echo $INTERFACE|wc -w` -gt 2 ]; then
+ for i in `echo $INTERFACE | sed s/"-i "//`
+ do
+ mkdir -p "$LOGDIR/$i"
+ chown -R $USER:$GROUP $LOGDIR
+ /sbin/startproc -p $SNORT_SOCKET $SNORT_BIN $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i $PASS_FIRST $BPFFILE $BPF > /dev/null 2>&1
+ # Remember status and be verbose
+ rc_status -v
+ done
+ else
+ # Run with a single interface (default)
+ /sbin/startproc -p $SNORT_SOCKET $SNORT_BIN $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR $PASS_FIRST $BPFFILE $BPF > /dev/null 2>&1
+ # Remember status and be verbose
+ rc_status -v
+ fi
+ fi
+ ;;
+ stop)
+ echo -n "Shutting down snort "
+ /sbin/killproc $SNORT_BIN > /dev/null 2>&1
+ chown -R $USER:$GROUP /var/run/snort_eth0.* &&
+ rm -f /var/run/snort_eth0.pi*
+ rc_status -v
+ ;;
+ restart)
+ $0 stop
+ echo -n "starting snort - moment please "
+ i=60
+ while [ -e $SNORT_SOCKET ] && [ $i -gt 0 ]; do
+ sleep 1
+ i=$[$i-1]
+ echo -n "."
+ done
+ echo "."
+ $0 start
+ ;;
+ reload)
+ echo "Sorry, not implemented yet"
+ ;;
+ status)
+ echo -n "Checking for service snort "
+ /sbin/checkproc $SNORT_BIN
+ rc_status -v
+ ;;
+ ## Check status with checkproc(8), if process is running
+ ## checkproc will return with exit status 0.
+
+ # Status has a slightly different for the status command:
+ # 0 - service running
+ # 1 - service dead, but /var/run/ pid file exists
+ # 2 - service dead, but /var/lock/ lock file exists
|