Changd the guardian check.

[people/pmueller/ipfire-2.x.git] / src / initscripts / init.d / snort

diff --git a/src/initscripts/init.d/snort b/src/initscripts/init.d/snort
old mode 100755 (executable)
new mode 100644 (file)
index e0d93c6..b157b80
--- a/src/initscripts/init.d/snort
+++ b/src/initscripts/init.d/snort
@@ -15,97 +15,133 @@
 . /etc/sysconfig/rc
 . ${rc_functions}
 
+PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
+
 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/snort/settings)
 
-if [ "$ENABLE_SNORT_ORANGE" == "on" ]; then
-       HOME_NET+="$ORANGE_ADDRESS,"
-       DEVICES+="$ORANGE_DEV "
-fi
+case "$1" in
+        start)
+               if [ "$BLUE_NETADDRESS" ]; then
+                       BLUE_NET="$BLUE_NETADDRESS/$BLUE_NETMASK,"
+                       BLUE_IP="$BLUE_ADDRESS,"
+               fi
 
-if [ "$ENABLE_SNORT_GREEN" == "on" ]; then
-       HOME_NET+="$GREEN_ADDRESS,"
-       DEVICES+="$GREEN_DEV "
-fi
+               if [ "$ORANGE_NETADDRESS" ]; then
+                       ORANGE_NET="$ORANGE_NETADDRESS/$ORANGE_NETMASK,"
+                       ORANGE_IP="$ORANGE_ADDRESS,"
+               fi
 
-if [ "$ENABLE_SNORT_BLUE" == "on" ]; then
-       HOME_NET+="$BLUE_ADDRESS,"
-       DEVICES+="$BLUE_DEV "
-fi
+               if [ "$ENABLE_SNORT_ORANGE" == "on" ]; then
+                       DEVICES+="$ORANGE_DEV "
+                       HOMENET+="$ORANGE_IP"
+               else
+                       HOMENET+="$ORANGE_NET"
+               fi
 
-if [ "$ENABLE_SNORT" == "on" ]; then
-       LOCAL_IP=`cat /var/ipfire/red/local-ipaddress`
-       if [ "$LOCAL_IP" ]; then
-               HOME_NET+="$LOCAL_IP,"
-       else
-               exit 1 ## Add error handling here
-       fi
-       DEVICES+=`cat /var/ipfire/red/iface`
-fi
+               if [ "$ENABLE_SNORT_BLUE" == "on" ]; then
+                       DEVICES+="$BLUE_DEV "
+                       HOMENET+="$BLUE_IP"
+               else
+                       HOMENET+="$BLUE_NET"
+               fi
 
-COUNT=`echo $HOME_NET | wc -m`
-HOME_NET=`echo $HOME_NET | cut -c $[$COUNT - 2]`
- 
-echo "var HOME_NET [$HOME_NET]" >      /etc/snort/vars
-echo "var EXTERNAL_NET ANY" >>                 /etc/snort/vars
+               if [ "$ENABLE_SNORT_GREEN" == "on" ]; then
+                       DEVICES+="$GREEN_DEV "
+                       HOMENET+="$GREEN_ADDRESS,"
+               else
+                       HOMENET+="$GREEN_NETADDRESS/$GREEN_NETMASK,"
+               fi
 
-DNS1=`cat /var/ipfire/red/dns1`
-DNS2=`cat /var/ipfire/red/dns2`
+               if [ "$ENABLE_SNORT" == "on" ]; then
+                       DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
+                       LOCAL_IP=`cat /var/ipfire/red/local-ipaddress 2>/dev/null`
+                       if [ "$LOCAL_IP" ]; then
+                               HOMENET+="$LOCAL_IP,"
+                       fi
+               fi
+               HOMENET+="127.0.0.1"
+               echo "var HOME_NET [$HOMENET]" > /etc/snort/vars
 
-if [ "$DNS2" ]; then
-       echo "var DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars
-else
-       echo "var DNS_SERVERS $DNS1" >> /etc/snort/vars
-fi 
+               DNS1=`cat /var/ipfire/red/dns1 2>/dev/null`
+               DNS2=`cat /var/ipfire/red/dns2 2>/dev/null`
 
-case "$1" in
-       start)
-               for DEVICE in $DEVICES; do
-                       boot_mesg "Starting Intrusion Detection System on $DEVICE..."
-                       /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --pid-path /var/run/
-                       evaluate_retval
-                       chmod 644 /var/run/snort_$DEVICE.pid
-               done
-               ;;
-               
-       stop)
-            DEVICES=""
-            if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
-                DEVICES+="$BLUE_DEV "
-       fi
-            if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
-                DEVICES+="$GREEN_DEV "
-       fi
-            if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
-                DEVICES+="$ORANGE_DEV "
-       fi
+               if [ "$DNS2" ]; then
+                       echo "var DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars
+               else
+                       echo "var DNS_SERVERS $DNS1" >> /etc/snort/vars
+               fi
+
+                for DEVICE in $DEVICES; do
+                        boot_mesg "Starting Intrusion Detection System on $DEVICE..."
+                        /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/
+                        evaluate_retval
+                       sleep 1
+                        chmod 644 /var/run/snort_$DEVICE.pid
+                done
+                
+         
+                if [ -r /var/ipfire/guardian/enable ]; then
+                             IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
+                       sed -e "s/^Interface.*/Interface       ${IFACE}/" /var/ipfire/guardian/guardian.conf > temp
+                       mv temp /var/ipfire/guardian/guardian.conf
+                       chown nobody.root /var/ipfire/guardian/guardian.conf
+                     
+                  boot_mesg "Starting Guardian..."
+                             loadproc /usr/local/bin/guardian.pl -c /var/ipfire/guardian/guardian.conf
+                           fi
+                   ;;
+                
+        stop)
+               DEVICES=""
+               if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
+                 DEVICES+="$BLUE_DEV "
+               fi
+               
+               if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
+                 DEVICES+="$GREEN_DEV "
+              fi
+             
+              if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
+                 DEVICES+="$ORANGE_DEV "
+              fi
       
-       RED=`cat /var/ipfire/red/iface`
-       if [ -r /var/run/snort_$RED.pid ]; then
-                DEVICES+=`cat /var/ipfire/red/iface`
-       fi
+              RED=`cat /var/ipfire/red/iface 2>/dev/null`
+              if [ -r /var/run/snort_$RED.pid ]; then
+                 DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
+              fi
        
-    for DEVICE in $DEVICES; do
-                       boot_mesg "Stopping Intrusion Detection System on $DEVICE..."
-                       killproc -p /var/run/snort_$DEVICE.pid /var/run
-               done
-               
-               rm /var/run/snort_*
-               ;;
-               
-       status)
-               statusproc /usr/sbin/snort
-               ;;
-               
-       restart)
-               $0 stop
-               $0 start
-               ;;
-               
-       *)
-               echo "Usage: $0 {start|stop|restart|status}"
-               exit 1
-               ;;
+              for DEVICE in $DEVICES; do
+                 boot_mesg "Stopping Intrusion Detection System on $DEVICE..."
+                 killproc -p /var/run/snort_$DEVICE.pid /var/run
+              done
+              
+              rm /var/run/snort_* >/dev/null 2>/dev/null
+                
+              if ([ -r /var/ipfire/guardian/enable ] || [ ! -z $(pidofproc /usr/local/bin/guardian.pl) ]); then
+                         boot_mesg "Stopping Guardian..."
+                         killproc /usr/local/bin/guardian.pl
+                         fi
+
+               # Don't report returncode of rm if snort was not started
+               exit 0
+        ;;
+                
+        status)
+                statusproc /usr/sbin/snort
+                ;;
+                
+        restart)
+                $0 stop
+                $0 start
+                ;;
+                
+        *)
+                echo "Usage: $0 {start|stop|restart|status}"
+                exit 1
+                ;;
 esac
 
+chmod 644 /var/log/snort/* 2>/dev/null
+
 # End $rc_base/init.d/snort