• file
• revisions
• annotate
• diff
• comparison
• raw

snort/rc.snort@a2c6460cfb16 (annotated)

snort/rc.snort

Mon, 28 Jan 2013 17:37:18 +0100

author

Michael Schloh von Bennewitz <michael@schloh.com>

date

Mon, 28 Jan 2013 17:37:18 +0100

changeset 758

a2c6460cfb16

permissions

-rw-r--r--

Correct socket error reporting improvement with IPv6 portable code,
after helpful recommendation by Saúl Ibarra Corretgé on OSips devlist.

michael@549	1	#!@l_prefix@/bin/openpkg rc
michael@549	2	##
michael@549	3	## rc.snort -- Run-Commands
michael@549	4	##
michael@549	5
michael@549	6	%config
michael@549	7	snort_enable="$openpkg_rc_def"
michael@549	8	snort_if=""
michael@549	9	snort_flags="-N -Afast -o"
michael@549	10	snort_log_prolog="true"
michael@549	11	snort_log_epilog="true"
michael@549	12	snort_log_numfiles="10"
michael@549	13	snort_log_minsize="1M"
michael@549	14	snort_log_complevel="9"
michael@549	15	snort_update_time="once"
michael@549	16	snort_update_source="file://@l_prefix@/share/snort/rules.tar.gz"
michael@549	17
michael@549	18	%common
michael@549	19	snort_cfgfile="@l_prefix@/etc/snort/snort.conf"
michael@549	20	snort_logdir="@l_prefix@/var/snort"
michael@549	21	snort_piddir="@l_prefix@/var/snort"
michael@549	22	snort_pidfile="$snort_piddir/snort_${snort_if}.pid"
michael@549	23	snort_signal () {
michael@549	24	[ -f $snort_pidfile ] && kill -$1 `cat $snort_pidfile`
michael@549	25	}
michael@549	26	snort_update () {
michael@549	27	@l_prefix@/sbin/snort-update "$snort_update_source"
michael@549	28	}
michael@549	29
michael@549	30	%status -u @l_susr@ -o
michael@549	31	snort_usable="no"
michael@549	32	snort_active="no"
michael@549	33	@l_prefix@/sbin/snort \
michael@549	34	-q -T \
michael@549	35	-u "@l_rusr@" -g "@l_rgrp@" \
michael@549	36	-i "$snort_if" \
michael@549	37	-c "$snort_cfgfile" \
michael@549	38	-l "$snort_logdir" \
michael@549	39	>/dev/null 2>&1 && snort_usable="yes"
michael@549	40	[ ".$snort_if" = . ] && snort_usable="no"
michael@549	41	rcService snort enable yes && snort_signal 0 && snort_active="yes"
michael@549	42	echo "snort_enable=\"$snort_enable\""
michael@549	43	echo "snort_usable=\"$snort_usable\""
michael@549	44	echo "snort_active=\"$snort_active\""
michael@549	45
michael@549	46	%start -p 100 -u @l_susr@
michael@549	47	rcService snort enable yes || exit 0
michael@549	48	rcService snort active yes && exit 0
michael@549	49	@l_prefix@/sbin/snort \
michael@549	50	-q -D \
michael@549	51	-u "@l_rusr@" -g "@l_rgrp@" \
michael@549	52	-i "$snort_if" \
michael@549	53	-c "$snort_cfgfile" \
michael@549	54	-l "$snort_logdir" \
michael@549	55	${snort_flags}
michael@549	56
michael@549	57	%stop -p 900 -u @l_susr@
michael@549	58	rcService snort enable yes || exit 0
michael@549	59	rcService snort active no && exit 0
michael@549	60	snort_signal TERM
michael@549	61	sleep 2
michael@549	62	rm -f $snort_pidfile 2>/dev/null || true
michael@549	63
michael@549	64	%restart -p 100 -u @l_susr@
michael@549	65	rcService snort enable yes || exit 0
michael@549	66	rcService snort active no && exit 0
michael@549	67	rc snort stop start
michael@549	68
michael@549	69	%hourly -u @l_rusr@
michael@549	70	rcService snort enable yes || exit 0
michael@549	71	if [ ".$snort_update_time" = .hourly ]; then
michael@549	72	snort_update || exit $?
michael@549	73	fi
michael@549	74
michael@549	75	%daily -u @l_rusr@
michael@549	76	rcService snort enable yes || exit 0
michael@549	77	if [ ".$snort_update_time" = .daily ]; then
michael@549	78	snort_update || exit $?
michael@549	79	fi
michael@549	80	shtool rotate -f \
michael@549	81	-n ${snort_log_numfiles} -s ${snort_log_minsize} -d \
michael@549	82	-z ${snort_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \
michael@549	83	-P "${snort_log_prolog}" \
michael@549	84	-E "${snort_log_epilog}; rc snort reload" \
michael@549	85	$snort_logdir/snort.alert.log
michael@549	86
michael@549	87	%weekly -u @l_rusr@
michael@549	88	rcService snort enable yes || exit 0
michael@549	89	if [ ".$snort_update_time" = .weekly ]; then
michael@549	90	snort_update || exit $?
michael@549	91	fi
michael@549	92