suricata: Introduce basic initscript

Add a very basic initscript, which currently allows to start/stop/restart suricata and
check if the daemon is running.

The script will detect when starting suricata how many CPU cores are present on the system and
will launch suricata in inline mode (NFQUEUE) and listen to as much queues as CPU cores are
detected.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 66a7be55b8518610d2a560d8b8425b973b742755..c4265905ee68fe7df87236d801684c49586b6727 100644 (file)
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -79,6 +79,7 @@ etc/rc.d/init.d/snort
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
+etc/rc.d/init.d/suricata
 etc/rc.d/init.d/swap
 etc/rc.d/init.d/swconfig
 etc/rc.d/init.d/sysctl

diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 8f3d41476d502f9ce5bdcb9d4d64b5022c706e43..115343977771558594ad314ff94119cc3276d321 100644 (file)
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -79,6 +79,7 @@ etc/rc.d/init.d/snort
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
+etc/rc.d/init.d/suricata
 etc/rc.d/init.d/swap
 etc/rc.d/init.d/sysctl
 etc/rc.d/init.d/sysklogd

diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index 8f3d41476d502f9ce5bdcb9d4d64b5022c706e43..115343977771558594ad314ff94119cc3276d321 100644 (file)
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -79,6 +79,7 @@ etc/rc.d/init.d/snort
 etc/rc.d/init.d/squid
 etc/rc.d/init.d/sshd
 etc/rc.d/init.d/static-routes
+etc/rc.d/init.d/suricata
 etc/rc.d/init.d/swap
 etc/rc.d/init.d/sysctl
 etc/rc.d/init.d/sysklogd

diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata
new file mode 100644 (file)
index 0000000..e295028
--- /dev/null
+++ b/src/initscripts/system/suricata
@@ -0,0 +1,65 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/suricata
+#
+# Description : Suricata Initscript
+#
+# Author      : Stefan Schantl <stefan.schantl@ipfire.org>
+#
+# Version     : 01.00
+#
+# Notes       :
+#
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
+
+eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
+eval $(/usr/local/bin/readhash /var/ipfire/suricata/settings)
+
+case "$1" in
+        start)
+               # Get amount of CPU cores.
+               NFQUEUES=
+               CPUCOUNT=0
+               while read line; do
+                       [ "$line" ] && [ -z "${line%processor*}" ] && NFQUEUES+="-q $CPUCOUNT " && ((CPUCOUNT++))
+               done </proc/cpuinfo
+
+               boot_mesg "Starting Intrusion Detection System..."
+                /usr/bin/suricata -c /etc/suricata/suricata.yaml -D $NFQUEUES
+                       evaluate_retval
+       ;;
+
+        stop)
+               boot_mesg "Stopping Intrusion Detection System..."
+               killproc -p /var/run/suricata.pid /var/run
+
+               # Remove suricata control socket.              
+               rm /var/run/suricata/* >/dev/null 2>/dev/null
+
+               # Don't report returncode of rm if suricata was not started
+               exit 0
+        ;;
+                
+        status)
+                statusproc /usr/bin/suricata
+                ;;
+                
+        restart)
+                $0 stop
+                $0 start
+                ;;
+                
+        *)
+                echo "Usage: $0 {start|stop|restart|status}"
+                exit 1
+                ;;
+esac
+
+chmod 644 /var/log/suricata/* 2>/dev/null
+
+# End $rc_base/init.d/suricata