1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/snort/rc.snort Tue Aug 28 18:31:50 2012 +0200
1.3 @@ -0,0 +1,92 @@
1.4 +#!@l_prefix@/bin/openpkg rc
1.5 +##
1.6 +## rc.snort -- Run-Commands
1.7 +##
1.8 +
1.9 +%config
1.10 + snort_enable="$openpkg_rc_def"
1.11 + snort_if=""
1.12 + snort_flags="-N -Afast -o"
1.13 + snort_log_prolog="true"
1.14 + snort_log_epilog="true"
1.15 + snort_log_numfiles="10"
1.16 + snort_log_minsize="1M"
1.17 + snort_log_complevel="9"
1.18 + snort_update_time="once"
1.19 + snort_update_source="file://@l_prefix@/share/snort/rules.tar.gz"
1.20 +
1.21 +%common
1.22 + snort_cfgfile="@l_prefix@/etc/snort/snort.conf"
1.23 + snort_logdir="@l_prefix@/var/snort"
1.24 + snort_piddir="@l_prefix@/var/snort"
1.25 + snort_pidfile="$snort_piddir/snort_${snort_if}.pid"
1.26 + snort_signal () {
1.27 + [ -f $snort_pidfile ] && kill -$1 `cat $snort_pidfile`
1.28 + }
1.29 + snort_update () {
1.30 + @l_prefix@/sbin/snort-update "$snort_update_source"
1.31 + }
1.32 +
1.33 +%status -u @l_susr@ -o
1.34 + snort_usable="no"
1.35 + snort_active="no"
1.36 + @l_prefix@/sbin/snort \
1.37 + -q -T \
1.38 + -u "@l_rusr@" -g "@l_rgrp@" \
1.39 + -i "$snort_if" \
1.40 + -c "$snort_cfgfile" \
1.41 + -l "$snort_logdir" \
1.42 + >/dev/null 2>&1 && snort_usable="yes"
1.43 + [ ".$snort_if" = . ] && snort_usable="no"
1.44 + rcService snort enable yes && snort_signal 0 && snort_active="yes"
1.45 + echo "snort_enable=\"$snort_enable\""
1.46 + echo "snort_usable=\"$snort_usable\""
1.47 + echo "snort_active=\"$snort_active\""
1.48 +
1.49 +%start -p 100 -u @l_susr@
1.50 + rcService snort enable yes || exit 0
1.51 + rcService snort active yes && exit 0
1.52 + @l_prefix@/sbin/snort \
1.53 + -q -D \
1.54 + -u "@l_rusr@" -g "@l_rgrp@" \
1.55 + -i "$snort_if" \
1.56 + -c "$snort_cfgfile" \
1.57 + -l "$snort_logdir" \
1.58 + ${snort_flags}
1.59 +
1.60 +%stop -p 900 -u @l_susr@
1.61 + rcService snort enable yes || exit 0
1.62 + rcService snort active no && exit 0
1.63 + snort_signal TERM
1.64 + sleep 2
1.65 + rm -f $snort_pidfile 2>/dev/null || true
1.66 +
1.67 +%restart -p 100 -u @l_susr@
1.68 + rcService snort enable yes || exit 0
1.69 + rcService snort active no && exit 0
1.70 + rc snort stop start
1.71 +
1.72 +%hourly -u @l_rusr@
1.73 + rcService snort enable yes || exit 0
1.74 + if [ ".$snort_update_time" = .hourly ]; then
1.75 + snort_update || exit $?
1.76 + fi
1.77 +
1.78 +%daily -u @l_rusr@
1.79 + rcService snort enable yes || exit 0
1.80 + if [ ".$snort_update_time" = .daily ]; then
1.81 + snort_update || exit $?
1.82 + fi
1.83 + shtool rotate -f \
1.84 + -n ${snort_log_numfiles} -s ${snort_log_minsize} -d \
1.85 + -z ${snort_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \
1.86 + -P "${snort_log_prolog}" \
1.87 + -E "${snort_log_epilog}; rc snort reload" \
1.88 + $snort_logdir/snort.alert.log
1.89 +
1.90 +%weekly -u @l_rusr@
1.91 + rcService snort enable yes || exit 0
1.92 + if [ ".$snort_update_time" = .weekly ]; then
1.93 + snort_update || exit $?
1.94 + fi
1.95 +
