comparison: snort/rc.snort
snort/rc.snort
- changeset 680
- d27cad483271
equal
deleted
inserted
replaced
| -1:000000000000 | 0:ef94dad6404c |
|---|---|
| 1 #!@l_prefix@/bin/openpkg rc | |
| 2 ## | |
| 3 ## rc.snort -- Run-Commands | |
| 4 ## | |
| 5 | |
| 6 %config | |
| 7 snort_enable="$openpkg_rc_def" | |
| 8 snort_if="" | |
| 9 snort_flags="-N -Afast -o" | |
| 10 snort_log_prolog="true" | |
| 11 snort_log_epilog="true" | |
| 12 snort_log_numfiles="10" | |
| 13 snort_log_minsize="1M" | |
| 14 snort_log_complevel="9" | |
| 15 snort_update_time="once" | |
| 16 snort_update_source="file://@l_prefix@/share/snort/rules.tar.gz" | |
| 17 | |
| 18 %common | |
| 19 snort_cfgfile="@l_prefix@/etc/snort/snort.conf" | |
| 20 snort_logdir="@l_prefix@/var/snort" | |
| 21 snort_piddir="@l_prefix@/var/snort" | |
| 22 snort_pidfile="$snort_piddir/snort_${snort_if}.pid" | |
| 23 snort_signal () { | |
| 24 [ -f $snort_pidfile ] && kill -$1 `cat $snort_pidfile` | |
| 25 } | |
| 26 snort_update () { | |
| 27 @l_prefix@/sbin/snort-update "$snort_update_source" | |
| 28 } | |
| 29 | |
| 30 %status -u @l_susr@ -o | |
| 31 snort_usable="no" | |
| 32 snort_active="no" | |
| 33 @l_prefix@/sbin/snort \ | |
| 34 -q -T \ | |
| 35 -u "@l_rusr@" -g "@l_rgrp@" \ | |
| 36 -i "$snort_if" \ | |
| 37 -c "$snort_cfgfile" \ | |
| 38 -l "$snort_logdir" \ | |
| 39 >/dev/null 2>&1 && snort_usable="yes" | |
| 40 [ ".$snort_if" = . ] && snort_usable="no" | |
| 41 rcService snort enable yes && snort_signal 0 && snort_active="yes" | |
| 42 echo "snort_enable=\"$snort_enable\"" | |
| 43 echo "snort_usable=\"$snort_usable\"" | |
| 44 echo "snort_active=\"$snort_active\"" | |
| 45 | |
| 46 %start -p 100 -u @l_susr@ | |
| 47 rcService snort enable yes || exit 0 | |
| 48 rcService snort active yes && exit 0 | |
| 49 @l_prefix@/sbin/snort \ | |
| 50 -q -D \ | |
| 51 -u "@l_rusr@" -g "@l_rgrp@" \ | |
| 52 -i "$snort_if" \ | |
| 53 -c "$snort_cfgfile" \ | |
| 54 -l "$snort_logdir" \ | |
| 55 ${snort_flags} | |
| 56 | |
| 57 %stop -p 900 -u @l_susr@ | |
| 58 rcService snort enable yes || exit 0 | |
| 59 rcService snort active no && exit 0 | |
| 60 snort_signal TERM | |
| 61 sleep 2 | |
| 62 rm -f $snort_pidfile 2>/dev/null || true | |
| 63 | |
| 64 %restart -p 100 -u @l_susr@ | |
| 65 rcService snort enable yes || exit 0 | |
| 66 rcService snort active no && exit 0 | |
| 67 rc snort stop start | |
| 68 | |
| 69 %hourly -u @l_rusr@ | |
| 70 rcService snort enable yes || exit 0 | |
| 71 if [ ".$snort_update_time" = .hourly ]; then | |
| 72 snort_update || exit $? | |
| 73 fi | |
| 74 | |
| 75 %daily -u @l_rusr@ | |
| 76 rcService snort enable yes || exit 0 | |
| 77 if [ ".$snort_update_time" = .daily ]; then | |
| 78 snort_update || exit $? | |
| 79 fi | |
| 80 shtool rotate -f \ | |
| 81 -n ${snort_log_numfiles} -s ${snort_log_minsize} -d \ | |
| 82 -z ${snort_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \ | |
| 83 -P "${snort_log_prolog}" \ | |
| 84 -E "${snort_log_epilog}; rc snort reload" \ | |
| 85 $snort_logdir/snort.alert.log | |
| 86 | |
| 87 %weekly -u @l_rusr@ | |
| 88 rcService snort enable yes || exit 0 | |
| 89 if [ ".$snort_update_time" = .weekly ]; then | |
| 90 snort_update || exit $? | |
| 91 fi | |
| 92 |
