File snortd.suse.init of Package snort294

#!/bin/sh
#
# /etc/init.d/snortd
#   and its symbolic link
# /usr/sbin/rcsnortd
#
###
### adappted to openSUSE 11.0 by hans @ www.kriyayoga.com
### December 13 2008
### use as is - use at your own risk
### report bugs in THIS snortd init-script to hans@kriyayoga.com
###
### BEGIN INIT INFO
# Provides:          snort
# Required-Start:    $syslog $remote_fs
# Required-Stop:     $syslog $remote_fs
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: Start snort
# Description:       Start snort IDS
### END INIT INFO
PATH=/usr/sbin:/usr/bin:/usr/sbin:/sbin:/usr/sbin:/usr/bin:/bin
SNORT_BIN=/usr/sbin/snort
SNORT_SOCKET=/var/run/snort_eth0.pid

test -x $SNORT_BIN || { echo "$SNORT_BIN not installed";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }

# Check for existence of needed config file and read it
SNORT_CONFIG=/etc/snort/snort.conf
test -r $SNORT_CONFIG || { echo "$SNORT_CONFIG not existing";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 6; fi; }

. /etc/rc.status

# Shell functions sourced from /etc/rc.status:
#      rc_check         check and set local and overall rc status
#      rc_status        check and set local and overall rc status
#      rc_status -v     ditto but be verbose in local rc status
#      rc_status -v -r  ditto and clear the local rc status
#      rc_failed        set local and overall rc status to failed
#      rc_reset         clear local rc status (overall remains)
#      rc_exit          exit appropriate to overall rc status

# First reset status of this service

# Reset status of this service
rc_reset

# Source the local configuration file
. /etc/sysconfig/snort

SNORT_SOCKET=/var/run/snort_${INTERFACE}.pid
INTERFACE_CONF=${INTERFACE}
# Convert the /etc/sysconfig/snort settings to something snort can
# use on the startup line.
if [ "$ALERTMODE"X = "X" ]; then
   ALERTMODE=""
else
   ALERTMODE="-A $ALERTMODE"
fi

if [ "$USER"X = "X" ]; then
   USER="snort"
fi

if [ "$GROUP"X = "X" ]; then
   GROUP="snort"
fi

if [ "$BINARY_LOG"X = "1X" ]; then
   BINARY_LOG="-b"
else
   BINARY_LOG=""
fi

if [ "$CONF"X = "X" ]; then
   CONF="-c /etc/snort/snort.conf"
else
   CONF="-c $CONF"
fi

if [ "$INTERFACE"X = "X" ]; then
   INTERFACE="-i eth0"
else 
   INTERFACE="-i $INTERFACE"
fi

if [ "$DUMP_APP"X = "1X" ]; then
   DUMP_APP="-d"
else
   DUMP_APP=""
fi

if [ "$NO_PACKET_LOG"X = "1X" ]; then
   NO_PACKET_LOG="-N"
else
   NO_PACKET_LOG=""
fi

if [ "$PRINT_INTERFACE"X = "1X" ]; then
   PRINT_INTERFACE="-I"
else
   PRINT_INTERFACE=""
fi

if [ "$PASS_FIRST"X = "1X" ]; then
   PASS_FIRST="-o"
else
   PASS_FIRST=""
fi

if [ "$LOGDIR"X = "X" ]; then
   LOGDIR=/var/log/snort
fi

# These are used by the 'stats' option
if [ "$SYSLOG"X = "X" ]; then
   SYSLOG=/var/log/messages
fi

if [ "$SECS"X = "X" ]; then
   SECS=5
fi

if [ ! "$BPFFILE"X = "X" ]; then
   BPFFILE="-F $BPFFILE"
fi

######################################
# Now to the real heart of the matter:

# See how we were called.

case "$1" in
    start)
        cd $LOGDIR
        if [ "$INTERFACE" = "-i ALL" ]; then
           for i in `cat /proc/net/dev|grep eth|awk -F ":" '{ print $1; }'`
           do
                mkdir -p "$LOGDIR/$i"
                chown -R $USER:$GROUP $LOGDIR
                /sbin/startproc -p $SNORT_SOCKET $SNORT_BIN $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i $PASS_FIRST $BPFFILE $BPF > /dev/null 2>&1
	# Remember status and be verbose
	rc_status -v
           done
        else
           # check if more than one interface is given
           if [ `echo $INTERFACE|wc -w` -gt 2 ]; then
              for i in `echo $INTERFACE | sed s/"-i "//`
                do
                  mkdir -p "$LOGDIR/$i"
                  chown -R $USER:$GROUP $LOGDIR
                  /sbin/startproc -p $SNORT_SOCKET $SNORT_BIN $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE -i $i -u $USER -g $GROUP $CONF -l $LOGDIR/$i $PASS_FIRST $BPFFILE $BPF > /dev/null 2>&1
	# Remember status and be verbose
	rc_status -v
             done
           else
              # Run with a single interface (default)
              /sbin/startproc -p $SNORT_SOCKET $SNORT_BIN  $ALERTMODE $BINARY_LOG $NO_PACKET_LOG $DUMP_APP -D $PRINT_INTERFACE $INTERFACE -u $USER -g $GROUP $CONF -l $LOGDIR $PASS_FIRST $BPFFILE $BPF > /dev/null 2>&1
	# Remember status and be verbose
	rc_status -v
           fi
        fi
        ;;
    stop)
        echo -n "Shutting down snort "
        /sbin/killproc $SNORT_BIN > /dev/null 2>&1
	chown -R $USER:$GROUP /var/run/snort_${INTERFACE_CONF}.* && 
	rm -f /var/run/snort_${INTERFACE_CONF}.pi*
        rc_status -v
        ;;
    restart)
        $0 stop
        echo -n "starting snort - moment please "
        i=60
        while [ -e $SNORT_SOCKET ] && [ $i -gt 0 ]; do
                sleep 1
                i=$[$i-1]
                echo -n "."
        done
        echo "."
        $0 start
        ;;
    reload)
        echo "Sorry, not implemented yet"
        ;;
    status)
        echo -n "Checking for service snort "
        /sbin/checkproc $SNORT_BIN
        rc_status -v
        ;;
	## Check status with checkproc(8), if process is running
	## checkproc will return with exit status 0.

# Status has a slightly different for the status command:
	# 0 - service running
	# 1 - service dead, but /var/run/  pid  file exists
	# 2 - service dead, but /var/lock/ lock file exists
	# 3 - service not running

stats)
        TC=125                          # Trailing context to grep
        SNORTNAME='snort'               # Process name to look for

if [ ! -x "/sbin/pidof" ]; then
           echo "/sbin/pidof not present, sorry, I cannot go on like this!"
           exit 1
        fi

#Grab Snort's PID
        PID=`pidof -o $$ -o $PPID -o %PPID -x ${SNORTNAME}`

if [ ! -n "$PID" ]; then        # if we got no PID then:
           echo "No PID found: ${SNORTNAME} must not running."
           exit 2
        fi

echo ""
        echo "*******"
        echo "WARNING:  This feature is EXPERIMENTAL - please report errors!"
        echo "*******"
        echo ""
        echo "You can also run: $0 stats [long | opt]"
        echo ""
        echo "Dumping ${SNORTNAME}'s ($PID) statistics"
        echo "please wait..."

# Get the date and tell Snort to dump stats as close together in
        # time as possible--not 100%, but it seems to work.
        startdate=`date '+%b %e %H:%M:%S'`

# This causes the stats to be dumped to syslog
        kill -USR1 $PID

# Sleep for $SECS secs to give syslog a chance to catch up
        # May need to be adjusted for slow/busy systems
        sleep $SECS

if [ "$2" = "long" ]; then              # Long format
            egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
                grep snort.*:
        elif [ "$2" = "opt" ]; then             # OPTimize format
           # Just show stuff useful for optimizing Snort
            egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
                egrep "snort.*: Snort analyzed |snort.*: dropping|emory .aults:"
        else                                    # Default format
            egrep -B 3 -A $TC "^$startdate .* snort.*: ={79}" $SYSLOG | \
                grep snort.*: | cut -d: -f4-
        fi
        ;;
   *)
        echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
        exit 1
        ;;
esac
rc_exit