[ipfire-2.x.git] / src / initscripts / system / suricata

#!/bin/sh
########################################################################
# Begin $rc_base/init.d/suricata
#
# Description : Suricata Initscript
#
# Author      : Stefan Schantl <stefan.schantl@ipfire.org>
#
# Version     : 01.00
#
# Notes       :
#
########################################################################

. /etc/sysconfig/rc
. ${rc_functions}

PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH

eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings)

case "$1" in
        start)
		# Get amount of CPU cores.
		NFQUEUES=
		CPUCOUNT=0
		while read line; do
			[ "$line" ] && [ -z "${line%processor*}" ] && NFQUEUES+="-q $CPUCOUNT " && ((CPUCOUNT++))
		done </proc/cpuinfo

		boot_mesg "Starting Intrusion Detection System..."
                /usr/bin/suricata -c /etc/suricata/suricata.yaml -D $NFQUEUES
               	evaluate_retval
	;;

        stop)
		boot_mesg "Stopping Intrusion Detection System..."
		killproc -p /var/run/suricata.pid /var/run

		# Remove suricata control socket.              
		rm /var/run/suricata/* >/dev/null 2>/dev/null

		# Don't report returncode of rm if suricata was not started
		exit 0
        ;;
                
        status)
                statusproc /usr/bin/suricata
                ;;
                
        restart)
                $0 stop
                $0 start
                ;;
	reload)
		# Send SIGUSR2 to the suricata process to perform a reload
		# of the ruleset.
		kill -USR2 $(pidof suricata)
		;;
                
        *)
                echo "Usage: $0 {start|stop|restart|reload|status}"
                exit 1
                ;;
esac

chmod 644 /var/log/suricata/* 2>/dev/null

# End $rc_base/init.d/suricata
Commit	Line	Data
d72b3e64 SS	1	#!/bin/sh
	2	########################################################################
	3	# Begin $rc_base/init.d/suricata
	4	#
	5	# Description : Suricata Initscript
	6	#
	7	# Author : Stefan Schantl <stefan.schantl@ipfire.org>
	8	#
	9	# Version : 01.00
	10	#
	11	# Notes :
	12	#
	13	########################################################################
	14
	15	. /etc/sysconfig/rc
	16	. ${rc_functions}
	17
	18	PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
	19
	20	eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
	21	eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings)
	22
	23	case "$1" in
	24	start)
	25	# Get amount of CPU cores.
	26	NFQUEUES=
	27	CPUCOUNT=0
	28	while read line; do
	29	[ "$line" ] && [ -z "${line%processor*}" ] && NFQUEUES+="-q $CPUCOUNT " && ((CPUCOUNT++))
	30	done </proc/cpuinfo
	31
	32	boot_mesg "Starting Intrusion Detection System..."
	33	/usr/bin/suricata -c /etc/suricata/suricata.yaml -D $NFQUEUES
	34	evaluate_retval
	35	;;
	36
	37	stop)
	38	boot_mesg "Stopping Intrusion Detection System..."
	39	killproc -p /var/run/suricata.pid /var/run
	40
	41	# Remove suricata control socket.
	42	rm /var/run/suricata/* >/dev/null 2>/dev/null
	43
	44	# Don't report returncode of rm if suricata was not started
	45	exit 0
	46	;;
	47
	48	status)
	49	statusproc /usr/bin/suricata
	50	;;
	51
	52	restart)
	53	$0 stop
	54	$0 start
	55	;;
6187da50 SS	56	reload)
	57	# Send SIGUSR2 to the suricata process to perform a reload
	58	# of the ruleset.
	59	kill -USR2 $(pidof suricata)
	60	;;
d72b3e64 SS	61
d72b3e64 SS	62	*)
6187da50	63	echo "Usage: $0 {start\|stop\|restart\|reload\|status}"
d72b3e64 SS	64	exit 1
	65	;;
	66	esac
	67
	68	chmod 644 /var/log/suricata/* 2>/dev/null
	69
	70	# End $rc_base/init.d/suricata