snort/rc.snort@9dacbd1d1aa2 (annotated)
snort/rc.snort
Fri, 07 Sep 2012 19:08:07 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Fri, 07 Sep 2012 19:08:07 +0200
- changeset 667
- 9dacbd1d1aa2
- permissions
- -rw-r--r--
Correct build configuration in Solaris subdir, correct english grammar,
remove irrelevant strip notice, introduce custom CFLAG logic, facilitate
use of Solaris Studio compiler with needed build configuration
adjustments, conditionally build 64 bit position independent code,
and accommodate tun(7) in newer Solaris releases by renaming driver
and module from conflicting 'tun' to 'vtun'. These changes include
some nonstandard 'I give up' logic causing out of tree builds by
manipulating the PATH, for example.
| michael@549 | 1 | #!@l_prefix@/bin/openpkg rc |
| michael@549 | 2 | ## |
| michael@549 | 3 | ## rc.snort -- Run-Commands |
| michael@549 | 4 | ## |
| michael@549 | 5 | |
| michael@549 | 6 | %config |
| michael@549 | 7 | snort_enable="$openpkg_rc_def" |
| michael@549 | 8 | snort_if="" |
| michael@549 | 9 | snort_flags="-N -Afast -o" |
| michael@549 | 10 | snort_log_prolog="true" |
| michael@549 | 11 | snort_log_epilog="true" |
| michael@549 | 12 | snort_log_numfiles="10" |
| michael@549 | 13 | snort_log_minsize="1M" |
| michael@549 | 14 | snort_log_complevel="9" |
| michael@549 | 15 | snort_update_time="once" |
| michael@549 | 16 | snort_update_source="file://@l_prefix@/share/snort/rules.tar.gz" |
| michael@549 | 17 | |
| michael@549 | 18 | %common |
| michael@549 | 19 | snort_cfgfile="@l_prefix@/etc/snort/snort.conf" |
| michael@549 | 20 | snort_logdir="@l_prefix@/var/snort" |
| michael@549 | 21 | snort_piddir="@l_prefix@/var/snort" |
| michael@549 | 22 | snort_pidfile="$snort_piddir/snort_${snort_if}.pid" |
| michael@549 | 23 | snort_signal () { |
| michael@549 | 24 | [ -f $snort_pidfile ] && kill -$1 `cat $snort_pidfile` |
| michael@549 | 25 | } |
| michael@549 | 26 | snort_update () { |
| michael@549 | 27 | @l_prefix@/sbin/snort-update "$snort_update_source" |
| michael@549 | 28 | } |
| michael@549 | 29 | |
| michael@549 | 30 | %status -u @l_susr@ -o |
| michael@549 | 31 | snort_usable="no" |
| michael@549 | 32 | snort_active="no" |
| michael@549 | 33 | @l_prefix@/sbin/snort \ |
| michael@549 | 34 | -q -T \ |
| michael@549 | 35 | -u "@l_rusr@" -g "@l_rgrp@" \ |
| michael@549 | 36 | -i "$snort_if" \ |
| michael@549 | 37 | -c "$snort_cfgfile" \ |
| michael@549 | 38 | -l "$snort_logdir" \ |
| michael@549 | 39 | >/dev/null 2>&1 && snort_usable="yes" |
| michael@549 | 40 | [ ".$snort_if" = . ] && snort_usable="no" |
| michael@549 | 41 | rcService snort enable yes && snort_signal 0 && snort_active="yes" |
| michael@549 | 42 | echo "snort_enable=\"$snort_enable\"" |
| michael@549 | 43 | echo "snort_usable=\"$snort_usable\"" |
| michael@549 | 44 | echo "snort_active=\"$snort_active\"" |
| michael@549 | 45 | |
| michael@549 | 46 | %start -p 100 -u @l_susr@ |
| michael@549 | 47 | rcService snort enable yes || exit 0 |
| michael@549 | 48 | rcService snort active yes && exit 0 |
| michael@549 | 49 | @l_prefix@/sbin/snort \ |
| michael@549 | 50 | -q -D \ |
| michael@549 | 51 | -u "@l_rusr@" -g "@l_rgrp@" \ |
| michael@549 | 52 | -i "$snort_if" \ |
| michael@549 | 53 | -c "$snort_cfgfile" \ |
| michael@549 | 54 | -l "$snort_logdir" \ |
| michael@549 | 55 | ${snort_flags} |
| michael@549 | 56 | |
| michael@549 | 57 | %stop -p 900 -u @l_susr@ |
| michael@549 | 58 | rcService snort enable yes || exit 0 |
| michael@549 | 59 | rcService snort active no && exit 0 |
| michael@549 | 60 | snort_signal TERM |
| michael@549 | 61 | sleep 2 |
| michael@549 | 62 | rm -f $snort_pidfile 2>/dev/null || true |
| michael@549 | 63 | |
| michael@549 | 64 | %restart -p 100 -u @l_susr@ |
| michael@549 | 65 | rcService snort enable yes || exit 0 |
| michael@549 | 66 | rcService snort active no && exit 0 |
| michael@549 | 67 | rc snort stop start |
| michael@549 | 68 | |
| michael@549 | 69 | %hourly -u @l_rusr@ |
| michael@549 | 70 | rcService snort enable yes || exit 0 |
| michael@549 | 71 | if [ ".$snort_update_time" = .hourly ]; then |
| michael@549 | 72 | snort_update || exit $? |
| michael@549 | 73 | fi |
| michael@549 | 74 | |
| michael@549 | 75 | %daily -u @l_rusr@ |
| michael@549 | 76 | rcService snort enable yes || exit 0 |
| michael@549 | 77 | if [ ".$snort_update_time" = .daily ]; then |
| michael@549 | 78 | snort_update || exit $? |
| michael@549 | 79 | fi |
| michael@549 | 80 | shtool rotate -f \ |
| michael@549 | 81 | -n ${snort_log_numfiles} -s ${snort_log_minsize} -d \ |
| michael@549 | 82 | -z ${snort_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \ |
| michael@549 | 83 | -P "${snort_log_prolog}" \ |
| michael@549 | 84 | -E "${snort_log_epilog}; rc snort reload" \ |
| michael@549 | 85 | $snort_logdir/snort.alert.log |
| michael@549 | 86 | |
| michael@549 | 87 | %weekly -u @l_rusr@ |
| michael@549 | 88 | rcService snort enable yes || exit 0 |
| michael@549 | 89 | if [ ".$snort_update_time" = .weekly ]; then |
| michael@549 | 90 | snort_update || exit $? |
| michael@549 | 91 | fi |
| michael@549 | 92 |
