]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - src/misc-progs/restartsnort.c
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
git-svn-id: http://svn.ipfire.org/svn/ipfire/IPFire/source@16 ea5c0bd1-69bd-2848...
[people/pmueller/ipfire-2.x.git] / src / misc-progs / restartsnort.c
1 /* SmoothWall helper program - restartsnort
2 *
3 * This program is distributed under the terms of the GNU General Public
4 * Licence. See the file COPYING for details.
5 *
6 * (c) Lawrence Manning, 2001
7 * Restarting snort.
8 *
9 * $Id: restartsnort.c,v 1.8.2.3 2005/10/16 12:36:14 rkerr Exp $
10 *
11 */
12
13 #include <stdio.h>
14 #include <string.h>
15 #include <stdlib.h>
16 #include <unistd.h>
17 #include <sys/types.h>
18 #include <sys/stat.h>
19 #include <string.h>
20 #include <fcntl.h>
21 #include <signal.h>
22 #include "libsmooth.h"
23 #include "setuid.h"
24
25 struct keyvalue *kv = NULL;
26 FILE *varsfile = NULL;
27
28 void exithandler(void)
29 {
30 if (varsfile)
31 fclose (varsfile);
32
33 if (kv)
34 freekeyvalues(kv);
35 }
36
37 int killsnort(char *interface)
38 {
39 int fd;
40 char pidname[STRING_SIZE] = "";
41 char buffer[STRING_SIZE] = "";
42 int pid;
43
44 sprintf(pidname, "/var/run/snort_%s.pid", interface);
45
46 if ((fd = open(pidname, O_RDONLY)) != -1)
47 {
48 if (read(fd, buffer, STRING_SIZE - 1) == -1)
49 fprintf(stderr, "Couldn't read from pid file\n");
50 else
51 {
52 pid = atoi(buffer);
53 if (pid <= 1)
54 fprintf(stderr, "Bad pid value\n");
55 else
56 {
57 if (kill(pid, SIGTERM) == -1)
58 fprintf(stderr, "Unable to send SIGTERM\n");
59 close (fd);
60 return 0;
61 }
62 }
63 close(fd);
64 }
65 return 1;
66 }
67
68 int main(int argc, char *argv[])
69 {
70 int fd = -1;
71 FILE *ifacefile, *ipfile, *dns1file, *dns2file;
72 char iface[STRING_SIZE] = "";
73 char locip[STRING_SIZE] = "";
74 char dns1[STRING_SIZE] = "";
75 char dns2[STRING_SIZE] = "";
76 char command[STRING_SIZE] = "";
77 char greendev[STRING_SIZE] = "";
78 char orangedev[STRING_SIZE] = "";
79 char bluedev[STRING_SIZE] = "";
80 char greenip[STRING_SIZE] = "";
81 char orangeip[STRING_SIZE] = "";
82 char blueip[STRING_SIZE] = "";
83 struct stat st;
84 int i;
85 int restartred = 0, restartgreen = 0, restartblue = 0, restartorange = 0;
86
87 if (!(initsetuid()))
88 exit(1);
89
90 atexit(exithandler);
91
92 for (i=0; i<argc; i++) {
93 if (!strcmp(argv[i], "red"))
94 restartred = 1;
95 if (!strcmp(argv[i], "orange"))
96 restartorange = 1;
97 if (!strcmp(argv[i], "blue"))
98 restartblue = 1;
99 if (!strcmp(argv[i], "green"))
100 restartgreen = 1;
101 }
102
103 kv = initkeyvalues();
104 if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")))
105 exit(1);
106
107 if (! findkey(kv, "GREEN_DEV", greendev)) {
108 fprintf(stderr, "Couldn't find GREEN device\n");
109 exit(1);
110 }
111 if (! strlen (greendev) > 0) {
112 fprintf(stderr, "Couldn't find GREEN device\n");
113 exit(1);
114 }
115 if (!VALID_DEVICE(greendev))
116 {
117 fprintf(stderr, "Bad GREEN_DEV: %s\n", greendev);
118 exit(1);
119 }
120 if (!(findkey(kv, "GREEN_ADDRESS", greenip))) {
121 fprintf(stderr, "Couldn't find GREEN address\n");
122 exit(1);
123 }
124 if (!VALID_IP(greenip)) {
125 fprintf(stderr, "Bad GREEN_ADDRESS: %s\n", greenip);
126 exit(1);
127 }
128
129 if (findkey(kv, "ORANGE_DEV", orangedev) && strlen (orangedev) > 0) {
130 if (!VALID_DEVICE(orangedev))
131 {
132 fprintf(stderr, "Bad ORANGE_DEV: %s\n", orangedev);
133 exit(1);
134 }
135 if (!(findkey(kv, "ORANGE_ADDRESS", orangeip))) {
136 fprintf(stderr, "Couldn't find ORANGE address\n");
137 exit(1);
138 }
139 if (!VALID_IP(orangeip)) {
140 fprintf(stderr, "Bad ORANGE_ADDRESS: %s\n", orangeip);
141 exit(1);
142 }
143 }
144
145 if (findkey(kv, "BLUE_DEV", bluedev) && strlen (bluedev) > 0) {
146 if (!VALID_DEVICE(bluedev))
147 {
148 fprintf(stderr, "Bad BLUE_DEV: %s\n", bluedev);
149 exit(1);
150 }
151 if (!(findkey(kv, "BLUE_ADDRESS", blueip))) {
152 fprintf(stderr, "Couldn't find BLUE address\n");
153 exit(1);
154 }
155 if (!VALID_IP(blueip)) {
156 fprintf(stderr, "Bad BLUE_ADDRESS: %s\n", blueip);
157 exit(1);
158 }
159 }
160
161 stat(CONFIG_ROOT "/red/active", &st);
162
163 if (S_ISREG(st.st_mode)) {
164 if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
165 {
166 fprintf(stderr, "Couldn't open iface file\n");
167 exit(0);
168 }
169
170 if (fgets(iface, STRING_SIZE, ifacefile))
171 {
172 if (iface[strlen(iface) - 1] == '\n')
173 iface[strlen(iface) - 1] = '\0';
174 }
175 fclose(ifacefile);
176 if (!VALID_DEVICE(iface))
177 {
178 fprintf(stderr, "Bad iface: %s\n", iface);
179 exit(0);
180 }
181
182 if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))
183 {
184 fprintf(stderr, "Couldn't open local ip file\n");
185 exit(0);
186 }
187 if (fgets(locip, STRING_SIZE, ipfile))
188 {
189 if (locip[strlen(locip) - 1] == '\n')
190 locip[strlen(locip) - 1] = '\0';
191 }
192 fclose (ipfile);
193 if (strlen(locip) && !VALID_IP(locip))
194 {
195 fprintf(stderr, "Bad local IP: %s\n", locip);
196 exit(1);
197 }
198
199 if (!(dns1file = fopen(CONFIG_ROOT "/red/dns1", "r")))
200 {
201 fprintf(stderr, "Couldn't open dns1 file\n");
202 exit(0);
203 }
204 if (fgets(dns1, STRING_SIZE, dns1file))
205 {
206 if (dns1[strlen(dns1) - 1] == '\n')
207 dns1[strlen(dns1) - 1] = '\0';
208 }
209 fclose (dns1file);
210 if (strlen(dns1) && !VALID_IP(dns1))
211 {
212 fprintf(stderr, "Bad DNS1 IP: %s\n", dns1);
213 exit(1);
214 }
215
216 if (!(dns2file = fopen(CONFIG_ROOT "/red/dns2", "r")))
217 {
218 fprintf(stderr, "Couldn't open dns2 file\n");
219 exit(1);
220 }
221 if (fgets(dns2, STRING_SIZE, dns2file))
222 {
223 if (dns2[strlen(dns2) - 1] == '\n')
224 dns2[strlen(dns2) - 1] = '\0';
225 }
226 fclose (dns2file);
227 if (strlen(dns2) && !VALID_IP(dns2))
228 {
229 fprintf(stderr, "Bad DNS2 IP: %s\n", dns2);
230 exit(1);
231 }
232 }
233
234 if (restartred)
235 killsnort(iface);
236
237 if (restartblue)
238 killsnort(bluedev);
239
240 if (restartorange)
241 killsnort(orangedev);
242
243 if (restartgreen)
244 killsnort(greendev);
245
246 if (!(varsfile = fopen("/etc/snort/vars", "w")))
247 {
248 fprintf(stderr, "Couldn't create vars file\n");
249 exit(1);
250 }
251 if (strlen(blueip)) {
252 if (strlen(orangeip)) {
253 if (strlen(locip)) {
254 fprintf(varsfile, "var HOME_NET [%s,%s,%s,%s]\n", greenip, orangeip, blueip, locip);
255 } else {
256 fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, orangeip, blueip);
257 }
258 } else {
259 if (strlen(locip)) {
260 fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, blueip, locip);
261 } else {
262 fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, blueip);
263 }
264 }
265 } else {
266 if (strlen(orangeip)) {
267 if (strlen(locip)) {
268 fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, orangeip, locip);
269 } else {
270 fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, orangeip);
271 }
272 } else {
273 if (strlen(locip)) {
274 fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, locip);
275 } else {
276 fprintf(varsfile, "var HOME_NET [%s]\n", greenip);
277 }
278 }
279 }
280 if (strlen(dns1))
281 {
282 if (strlen(dns2))
283 fprintf(varsfile, "var DNS_SERVERS [%s,%s]\n", dns1, dns2);
284 else
285 fprintf(varsfile, "var DNS_SERVERS %s\n", dns1);
286 } else {
287 fprintf(varsfile, "var DNS_SERVERS []\n");
288 }
289 fclose(varsfile);
290 varsfile = NULL;
291
292 if (restartred && strlen(iface) && (fd = open(CONFIG_ROOT "/snort/enable", O_RDONLY)) != -1)
293 {
294 close(fd);
295 snprintf(command, STRING_SIZE -1,
296 "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",
297 iface);
298 safe_system(command);
299 }
300 if (restartblue && strlen(bluedev) && (fd = open(CONFIG_ROOT "/snort/enable_blue", O_RDONLY)) != -1 && bluedev)
301 {
302 close(fd);
303 snprintf(command, STRING_SIZE -1,
304 "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",
305 bluedev);
306 safe_system(command);
307 }
308 if (restartorange && strlen(orangedev) && (fd = open(CONFIG_ROOT "/snort/enable_orange", O_RDONLY)) != -1 && orangedev)
309 {
310 close(fd);
311 snprintf(command, STRING_SIZE -1,
312 "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",
313 orangedev);
314 safe_system(command);
315 }
316 if (restartgreen && (fd = open(CONFIG_ROOT "/snort/enable_green", O_RDONLY)) != -1)
317 {
318 close(fd);
319 snprintf(command, STRING_SIZE -1,
320 "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",
321 greendev);
322 safe_system(command);
323 }
324
325 return 0;
326 }
Peter's tree of IPFire 2.x