]>
Commit | Line | Data |
---|---|---|
cd1a2927 MT |
1 | /* SmoothWall helper program - restartsnort\r |
2 | *\r | |
3 | * This program is distributed under the terms of the GNU General Public\r | |
4 | * Licence. See the file COPYING for details.\r | |
5 | *\r | |
6 | * (c) Lawrence Manning, 2001\r | |
7 | * Restarting snort.\r | |
8 | * \r | |
9 | * $Id: restartsnort.c,v 1.8.2.3 2005/10/16 12:36:14 rkerr Exp $\r | |
10 | * \r | |
11 | */\r | |
12 | \r | |
13 | #include <stdio.h>\r | |
14 | #include <string.h>\r | |
15 | #include <stdlib.h>\r | |
16 | #include <unistd.h>\r | |
17 | #include <sys/types.h>\r | |
18 | #include <sys/stat.h>\r | |
19 | #include <string.h>\r | |
20 | #include <fcntl.h>\r | |
21 | #include <signal.h>\r | |
22 | #include "libsmooth.h"\r | |
23 | #include "setuid.h"\r | |
24 | \r | |
25 | struct keyvalue *kv = NULL;\r | |
26 | FILE *varsfile = NULL;\r | |
27 | \r | |
28 | void exithandler(void)\r | |
29 | {\r | |
30 | if (varsfile)\r | |
31 | fclose (varsfile);\r | |
32 | \r | |
33 | if (kv)\r | |
34 | freekeyvalues(kv);\r | |
35 | }\r | |
36 | \r | |
37 | int killsnort(char *interface)\r | |
38 | {\r | |
39 | int fd;\r | |
40 | char pidname[STRING_SIZE] = "";\r | |
41 | char buffer[STRING_SIZE] = "";\r | |
42 | int pid;\r | |
43 | \r | |
44 | sprintf(pidname, "/var/run/snort_%s.pid", interface);\r | |
45 | \r | |
46 | if ((fd = open(pidname, O_RDONLY)) != -1)\r | |
47 | {\r | |
48 | if (read(fd, buffer, STRING_SIZE - 1) == -1)\r | |
49 | fprintf(stderr, "Couldn't read from pid file\n");\r | |
50 | else\r | |
51 | {\r | |
52 | pid = atoi(buffer);\r | |
53 | if (pid <= 1)\r | |
54 | fprintf(stderr, "Bad pid value\n");\r | |
55 | else\r | |
56 | {\r | |
57 | if (kill(pid, SIGTERM) == -1)\r | |
58 | fprintf(stderr, "Unable to send SIGTERM\n");\r | |
59 | close (fd);\r | |
60 | return 0;\r | |
61 | }\r | |
62 | }\r | |
63 | close(fd);\r | |
64 | }\r | |
65 | return 1;\r | |
66 | }\r | |
67 | \r | |
68 | int main(int argc, char *argv[])\r | |
69 | {\r | |
70 | int fd = -1;\r | |
71 | FILE *ifacefile, *ipfile, *dns1file, *dns2file;\r | |
72 | char iface[STRING_SIZE] = "";\r | |
73 | char locip[STRING_SIZE] = "";\r | |
74 | char dns1[STRING_SIZE] = "";\r | |
75 | char dns2[STRING_SIZE] = "";\r | |
76 | char command[STRING_SIZE] = "";\r | |
77 | char greendev[STRING_SIZE] = "";\r | |
78 | char orangedev[STRING_SIZE] = "";\r | |
79 | char bluedev[STRING_SIZE] = "";\r | |
80 | char greenip[STRING_SIZE] = "";\r | |
81 | char orangeip[STRING_SIZE] = "";\r | |
82 | char blueip[STRING_SIZE] = "";\r | |
83 | struct stat st;\r | |
84 | int i;\r | |
85 | int restartred = 0, restartgreen = 0, restartblue = 0, restartorange = 0;\r | |
86 | \r | |
87 | if (!(initsetuid()))\r | |
88 | exit(1);\r | |
89 | \r | |
90 | atexit(exithandler);\r | |
91 | \r | |
92 | for (i=0; i<argc; i++) {\r | |
93 | if (!strcmp(argv[i], "red"))\r | |
94 | restartred = 1;\r | |
95 | if (!strcmp(argv[i], "orange"))\r | |
96 | restartorange = 1;\r | |
97 | if (!strcmp(argv[i], "blue"))\r | |
98 | restartblue = 1;\r | |
99 | if (!strcmp(argv[i], "green"))\r | |
100 | restartgreen = 1;\r | |
101 | }\r | |
102 | \r | |
103 | kv = initkeyvalues();\r | |
104 | if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")))\r | |
105 | exit(1);\r | |
106 | \r | |
107 | if (! findkey(kv, "GREEN_DEV", greendev)) {\r | |
108 | fprintf(stderr, "Couldn't find GREEN device\n");\r | |
109 | exit(1);\r | |
110 | }\r | |
111 | if (! strlen (greendev) > 0) {\r | |
112 | fprintf(stderr, "Couldn't find GREEN device\n");\r | |
113 | exit(1);\r | |
114 | }\r | |
115 | if (!VALID_DEVICE(greendev))\r | |
116 | {\r | |
117 | fprintf(stderr, "Bad GREEN_DEV: %s\n", greendev);\r | |
118 | exit(1);\r | |
119 | }\r | |
120 | if (!(findkey(kv, "GREEN_ADDRESS", greenip))) {\r | |
121 | fprintf(stderr, "Couldn't find GREEN address\n");\r | |
122 | exit(1);\r | |
123 | }\r | |
124 | if (!VALID_IP(greenip)) {\r | |
125 | fprintf(stderr, "Bad GREEN_ADDRESS: %s\n", greenip);\r | |
126 | exit(1);\r | |
127 | }\r | |
128 | \r | |
129 | if (findkey(kv, "ORANGE_DEV", orangedev) && strlen (orangedev) > 0) {\r | |
130 | if (!VALID_DEVICE(orangedev))\r | |
131 | {\r | |
132 | fprintf(stderr, "Bad ORANGE_DEV: %s\n", orangedev);\r | |
133 | exit(1);\r | |
134 | }\r | |
135 | if (!(findkey(kv, "ORANGE_ADDRESS", orangeip))) {\r | |
136 | fprintf(stderr, "Couldn't find ORANGE address\n");\r | |
137 | exit(1);\r | |
138 | }\r | |
139 | if (!VALID_IP(orangeip)) {\r | |
140 | fprintf(stderr, "Bad ORANGE_ADDRESS: %s\n", orangeip);\r | |
141 | exit(1);\r | |
142 | }\r | |
143 | }\r | |
144 | \r | |
145 | if (findkey(kv, "BLUE_DEV", bluedev) && strlen (bluedev) > 0) {\r | |
146 | if (!VALID_DEVICE(bluedev))\r | |
147 | {\r | |
148 | fprintf(stderr, "Bad BLUE_DEV: %s\n", bluedev);\r | |
149 | exit(1);\r | |
150 | }\r | |
151 | if (!(findkey(kv, "BLUE_ADDRESS", blueip))) {\r | |
152 | fprintf(stderr, "Couldn't find BLUE address\n");\r | |
153 | exit(1);\r | |
154 | }\r | |
155 | if (!VALID_IP(blueip)) {\r | |
156 | fprintf(stderr, "Bad BLUE_ADDRESS: %s\n", blueip);\r | |
157 | exit(1);\r | |
158 | }\r | |
159 | }\r | |
160 | \r | |
161 | stat(CONFIG_ROOT "/red/active", &st);\r | |
162 | \r | |
163 | if (S_ISREG(st.st_mode)) {\r | |
164 | if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))\r | |
165 | {\r | |
166 | fprintf(stderr, "Couldn't open iface file\n");\r | |
167 | exit(0);\r | |
168 | }\r | |
169 | \r | |
170 | if (fgets(iface, STRING_SIZE, ifacefile))\r | |
171 | {\r | |
172 | if (iface[strlen(iface) - 1] == '\n')\r | |
173 | iface[strlen(iface) - 1] = '\0';\r | |
174 | }\r | |
175 | fclose(ifacefile);\r | |
176 | if (!VALID_DEVICE(iface))\r | |
177 | {\r | |
178 | fprintf(stderr, "Bad iface: %s\n", iface);\r | |
179 | exit(0);\r | |
180 | }\r | |
181 | \r | |
182 | if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r | |
183 | {\r | |
184 | fprintf(stderr, "Couldn't open local ip file\n");\r | |
185 | exit(0);\r | |
186 | }\r | |
187 | if (fgets(locip, STRING_SIZE, ipfile))\r | |
188 | {\r | |
189 | if (locip[strlen(locip) - 1] == '\n')\r | |
190 | locip[strlen(locip) - 1] = '\0';\r | |
191 | }\r | |
192 | fclose (ipfile);\r | |
193 | if (strlen(locip) && !VALID_IP(locip))\r | |
194 | {\r | |
195 | fprintf(stderr, "Bad local IP: %s\n", locip);\r | |
196 | exit(1);\r | |
197 | }\r | |
198 | \r | |
199 | if (!(dns1file = fopen(CONFIG_ROOT "/red/dns1", "r")))\r | |
200 | {\r | |
201 | fprintf(stderr, "Couldn't open dns1 file\n");\r | |
202 | exit(0);\r | |
203 | }\r | |
204 | if (fgets(dns1, STRING_SIZE, dns1file))\r | |
205 | {\r | |
206 | if (dns1[strlen(dns1) - 1] == '\n')\r | |
207 | dns1[strlen(dns1) - 1] = '\0';\r | |
208 | }\r | |
209 | fclose (dns1file);\r | |
210 | if (strlen(dns1) && !VALID_IP(dns1))\r | |
211 | {\r | |
212 | fprintf(stderr, "Bad DNS1 IP: %s\n", dns1);\r | |
213 | exit(1);\r | |
214 | }\r | |
215 | \r | |
216 | if (!(dns2file = fopen(CONFIG_ROOT "/red/dns2", "r")))\r | |
217 | {\r | |
218 | fprintf(stderr, "Couldn't open dns2 file\n");\r | |
219 | exit(1);\r | |
220 | }\r | |
221 | if (fgets(dns2, STRING_SIZE, dns2file))\r | |
222 | {\r | |
223 | if (dns2[strlen(dns2) - 1] == '\n')\r | |
224 | dns2[strlen(dns2) - 1] = '\0';\r | |
225 | }\r | |
226 | fclose (dns2file);\r | |
227 | if (strlen(dns2) && !VALID_IP(dns2))\r | |
228 | {\r | |
229 | fprintf(stderr, "Bad DNS2 IP: %s\n", dns2);\r | |
230 | exit(1);\r | |
231 | }\r | |
232 | }\r | |
233 | \r | |
234 | if (restartred)\r | |
235 | killsnort(iface);\r | |
236 | \r | |
237 | if (restartblue)\r | |
238 | killsnort(bluedev);\r | |
239 | \r | |
240 | if (restartorange)\r | |
241 | killsnort(orangedev);\r | |
242 | \r | |
243 | if (restartgreen)\r | |
244 | killsnort(greendev);\r | |
245 | \r | |
246 | if (!(varsfile = fopen("/etc/snort/vars", "w")))\r | |
247 | {\r | |
248 | fprintf(stderr, "Couldn't create vars file\n");\r | |
249 | exit(1);\r | |
250 | }\r | |
251 | if (strlen(blueip)) {\r | |
252 | if (strlen(orangeip)) {\r | |
253 | if (strlen(locip)) {\r | |
254 | fprintf(varsfile, "var HOME_NET [%s,%s,%s,%s]\n", greenip, orangeip, blueip, locip);\r | |
255 | } else {\r | |
256 | fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, orangeip, blueip);\r | |
257 | }\r | |
258 | } else {\r | |
259 | if (strlen(locip)) {\r | |
260 | fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, blueip, locip);\r | |
261 | } else {\r | |
262 | fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, blueip);\r | |
263 | }\r | |
264 | }\r | |
265 | } else {\r | |
266 | if (strlen(orangeip)) {\r | |
267 | if (strlen(locip)) {\r | |
268 | fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, orangeip, locip);\r | |
269 | } else {\r | |
270 | fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, orangeip);\r | |
271 | }\r | |
272 | } else {\r | |
273 | if (strlen(locip)) {\r | |
274 | fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, locip);\r | |
275 | } else {\r | |
276 | fprintf(varsfile, "var HOME_NET [%s]\n", greenip);\r | |
277 | }\r | |
278 | }\r | |
279 | }\r | |
280 | if (strlen(dns1))\r | |
281 | {\r | |
282 | if (strlen(dns2))\r | |
283 | fprintf(varsfile, "var DNS_SERVERS [%s,%s]\n", dns1, dns2);\r | |
284 | else\r | |
285 | fprintf(varsfile, "var DNS_SERVERS %s\n", dns1);\r | |
286 | } else {\r | |
287 | fprintf(varsfile, "var DNS_SERVERS []\n");\r | |
288 | }\r | |
289 | fclose(varsfile);\r | |
290 | varsfile = NULL;\r | |
291 | \r | |
292 | if (restartred && strlen(iface) && (fd = open(CONFIG_ROOT "/snort/enable", O_RDONLY)) != -1)\r | |
293 | {\r | |
294 | close(fd);\r | |
295 | snprintf(command, STRING_SIZE -1,\r | |
296 | "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r | |
297 | iface);\r | |
298 | safe_system(command);\r | |
299 | }\r | |
300 | if (restartblue && strlen(bluedev) && (fd = open(CONFIG_ROOT "/snort/enable_blue", O_RDONLY)) != -1 && bluedev)\r | |
301 | {\r | |
302 | close(fd);\r | |
303 | snprintf(command, STRING_SIZE -1,\r | |
304 | "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r | |
305 | bluedev);\r | |
306 | safe_system(command);\r | |
307 | }\r | |
308 | if (restartorange && strlen(orangedev) && (fd = open(CONFIG_ROOT "/snort/enable_orange", O_RDONLY)) != -1 && orangedev)\r | |
309 | {\r | |
310 | close(fd);\r | |
311 | snprintf(command, STRING_SIZE -1,\r | |
312 | "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r | |
313 | orangedev);\r | |
314 | safe_system(command);\r | |
315 | }\r | |
316 | if (restartgreen && (fd = open(CONFIG_ROOT "/snort/enable_green", O_RDONLY)) != -1)\r | |
317 | {\r | |
318 | close(fd);\r | |
319 | snprintf(command, STRING_SIZE -1,\r | |
320 | "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r | |
321 | greendev);\r | |
322 | safe_system(command);\r | |
323 | }\r | |
324 | \r | |
325 | return 0;\r | |
326 | }\r |