#!/bin/sh # # /etc/init.d/rc.d/snortd # # chkconfig: - 90 10 # description: snort is a lightweight network intrusion detection tool that # currently detects more than 1100 host and network # vulnerabilities, portscans, backdoors, and more. # processname: snort # config: /etc/snort/snort.conf # pidfile: /var/run/snort.pid # Do not load RH compatibility interface. WITHOUT_RC_COMPAT=1 # Source function library. . /etc/init.d/functions # Testing tricks. if [ "$1" = "--trace-script" ]; then shift echo Enable script tracing... set -x fi # Get config. CONFIG=/etc/sysconfig/snort SourceIfNotEmpty "$CONFIG" || exit 0 COMMON_LOCKFILE="/var/lock/subsys/snortd" COMMON_OPTIONS= DEFAULT_PARAMS="-A fast -b -d -D -c /etc/snort/snort.conf" RETVAL=0 [ -n "$INTERFACES" ] || exit 0 function print_all_ifaces() { local linenum=0 netstat -i | egrep -v '^lo' | while read first_word unused_tail; do case $[++linenum] in 1 | 2 ) ;; * ) echo $first_word ;; esac done } IFN=`echo $INTERFACES | sed -e 's/, */ /g'` case "$IFN" in "" | any | all | Any | All | ANY | ALL ) IFN=`print_all_ifaces` ;; esac foreach_iface() { local func="$1" shift for i in $IFN; do PIDFILE="/var/run/snort_$i.pid" LOCKFILE="/var/lock/subsys/snort_$i" COMMON_OPTIONS="--pidfile $PIDFILE --lockfile $LOCKFILE --expect-user snort" "$func" "$i" "$@" || return 1 done return $RETVAL } status0() { status $COMMON_OPTIONS snort 2>&1 >/dev/null local retval=$? [ $retval -eq 0 ] && RETVAL=$retval # at least one instance is loaded return 0 } is_loaded() { RETVAL=1 # assume not loaded foreach_iface status0 return $RETVAL } start1() { local add_params for suffix in "`echo "$1" | tr : _`" any all Any All ANY ALL; do eval add_params="\$ADDPARAMS_$suffix" test -n "$add_params" && break done [ -z "$add_params" ] && add_params="$DEFAULT_PARAMS" start_daemon $COMMON_OPTIONS -- snort -u snort -g snort \ -t /var/log/snort \ -i "$1" \ "$add_params" local retval=$? [ $RETVAL -eq 0 ] && RETVAL=$retval return $retval } start() { foreach_iface start1 [ $RETVAL = 0 ] && /bin/touch -f "$COMMON_LOCKFILE" } stop1() { stop_daemon $COMMON_OPTIONS snort local retval=$? [ $RETVAL -eq 0 ] && RETVAL=$retval return $retval } stop() { foreach_iface stop1 [ $RETVAL = 0 ] && /bin/rm -f "$COMMON_LOCKFILE" } restart() { stop start } reload1() { stop_daemon $COMMON_OPTIONS -HUP snort local retval=$? [ $RETVAL -eq 0 ] && RETVAL=$retval return $retval } reload() { restart return # Following code works only when snort daemon is running # under root privileges and without chrooting! msg_reloading snort foreach_iface reload1 } status1() { status $COMMON_OPTIONS snort local retval=$? [ $RETVAL -eq 0 ] && RETVAL=$retval } checkstatus() { foreach_iface status1 && echo Active interfaces: $IFN } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) checkstatus ;; restart) restart ;; reload) reload ;; condstop) is_loaded && stop ;; condrestart) is_loaded && restart ;; condreload) is_loaded && reload ;; *) msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}" RETVAL=1 esac exit $RETVAL