snort/rc.snort@9fe04d4d4e5a (annotated)
snort/rc.snort
Mon, 17 Sep 2012 19:10:10 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 17 Sep 2012 19:10:10 +0200
- changeset 689
- 9fe04d4d4e5a
- permissions
- -rw-r--r--
Update to new version of vendor software although Oracle fails to deliver.
More specifically, newer db(3) patch revisions exist but Oracle has
removed them from the canonical download server URI for Berkely DB.
| michael@549 | 1 | #!@l_prefix@/bin/openpkg rc |
| michael@549 | 2 | ## |
| michael@549 | 3 | ## rc.snort -- Run-Commands |
| michael@549 | 4 | ## |
| michael@549 | 5 | |
| michael@549 | 6 | %config |
| michael@549 | 7 | snort_enable="$openpkg_rc_def" |
| michael@549 | 8 | snort_if="" |
| michael@549 | 9 | snort_flags="-N -Afast -o" |
| michael@549 | 10 | snort_log_prolog="true" |
| michael@549 | 11 | snort_log_epilog="true" |
| michael@549 | 12 | snort_log_numfiles="10" |
| michael@549 | 13 | snort_log_minsize="1M" |
| michael@549 | 14 | snort_log_complevel="9" |
| michael@549 | 15 | snort_update_time="once" |
| michael@549 | 16 | snort_update_source="file://@l_prefix@/share/snort/rules.tar.gz" |
| michael@549 | 17 | |
| michael@549 | 18 | %common |
| michael@549 | 19 | snort_cfgfile="@l_prefix@/etc/snort/snort.conf" |
| michael@549 | 20 | snort_logdir="@l_prefix@/var/snort" |
| michael@549 | 21 | snort_piddir="@l_prefix@/var/snort" |
| michael@549 | 22 | snort_pidfile="$snort_piddir/snort_${snort_if}.pid" |
| michael@549 | 23 | snort_signal () { |
| michael@549 | 24 | [ -f $snort_pidfile ] && kill -$1 `cat $snort_pidfile` |
| michael@549 | 25 | } |
| michael@549 | 26 | snort_update () { |
| michael@549 | 27 | @l_prefix@/sbin/snort-update "$snort_update_source" |
| michael@549 | 28 | } |
| michael@549 | 29 | |
| michael@549 | 30 | %status -u @l_susr@ -o |
| michael@549 | 31 | snort_usable="no" |
| michael@549 | 32 | snort_active="no" |
| michael@549 | 33 | @l_prefix@/sbin/snort \ |
| michael@549 | 34 | -q -T \ |
| michael@549 | 35 | -u "@l_rusr@" -g "@l_rgrp@" \ |
| michael@549 | 36 | -i "$snort_if" \ |
| michael@549 | 37 | -c "$snort_cfgfile" \ |
| michael@549 | 38 | -l "$snort_logdir" \ |
| michael@549 | 39 | >/dev/null 2>&1 && snort_usable="yes" |
| michael@549 | 40 | [ ".$snort_if" = . ] && snort_usable="no" |
| michael@549 | 41 | rcService snort enable yes && snort_signal 0 && snort_active="yes" |
| michael@549 | 42 | echo "snort_enable=\"$snort_enable\"" |
| michael@549 | 43 | echo "snort_usable=\"$snort_usable\"" |
| michael@549 | 44 | echo "snort_active=\"$snort_active\"" |
| michael@549 | 45 | |
| michael@549 | 46 | %start -p 100 -u @l_susr@ |
| michael@549 | 47 | rcService snort enable yes || exit 0 |
| michael@549 | 48 | rcService snort active yes && exit 0 |
| michael@549 | 49 | @l_prefix@/sbin/snort \ |
| michael@549 | 50 | -q -D \ |
| michael@549 | 51 | -u "@l_rusr@" -g "@l_rgrp@" \ |
| michael@549 | 52 | -i "$snort_if" \ |
| michael@549 | 53 | -c "$snort_cfgfile" \ |
| michael@549 | 54 | -l "$snort_logdir" \ |
| michael@549 | 55 | ${snort_flags} |
| michael@549 | 56 | |
| michael@549 | 57 | %stop -p 900 -u @l_susr@ |
| michael@549 | 58 | rcService snort enable yes || exit 0 |
| michael@549 | 59 | rcService snort active no && exit 0 |
| michael@549 | 60 | snort_signal TERM |
| michael@549 | 61 | sleep 2 |
| michael@549 | 62 | rm -f $snort_pidfile 2>/dev/null || true |
| michael@549 | 63 | |
| michael@549 | 64 | %restart -p 100 -u @l_susr@ |
| michael@549 | 65 | rcService snort enable yes || exit 0 |
| michael@549 | 66 | rcService snort active no && exit 0 |
| michael@549 | 67 | rc snort stop start |
| michael@549 | 68 | |
| michael@549 | 69 | %hourly -u @l_rusr@ |
| michael@549 | 70 | rcService snort enable yes || exit 0 |
| michael@549 | 71 | if [ ".$snort_update_time" = .hourly ]; then |
| michael@549 | 72 | snort_update || exit $? |
| michael@549 | 73 | fi |
| michael@549 | 74 | |
| michael@549 | 75 | %daily -u @l_rusr@ |
| michael@549 | 76 | rcService snort enable yes || exit 0 |
| michael@549 | 77 | if [ ".$snort_update_time" = .daily ]; then |
| michael@549 | 78 | snort_update || exit $? |
| michael@549 | 79 | fi |
| michael@549 | 80 | shtool rotate -f \ |
| michael@549 | 81 | -n ${snort_log_numfiles} -s ${snort_log_minsize} -d \ |
| michael@549 | 82 | -z ${snort_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \ |
| michael@549 | 83 | -P "${snort_log_prolog}" \ |
| michael@549 | 84 | -E "${snort_log_epilog}; rc snort reload" \ |
| michael@549 | 85 | $snort_logdir/snort.alert.log |
| michael@549 | 86 | |
| michael@549 | 87 | %weekly -u @l_rusr@ |
| michael@549 | 88 | rcService snort enable yes || exit 0 |
| michael@549 | 89 | if [ ".$snort_update_time" = .weekly ]; then |
| michael@549 | 90 | snort_update || exit $? |
| michael@549 | 91 | fi |
| michael@549 | 92 |
