$snortsettings{'ENABLE_SNORT_GREEN'} = 'off';
$snortsettings{'ENABLE_SNORT_BLUE'} = 'off';
$snortsettings{'ENABLE_SNORT_ORANGE'} = 'off';
+$snortsettings{'ENABLE_GUARDIAN'} = 'off';
$snortsettings{'ACTION'} = '';
$snortsettings{'RULES'} = '';
$snortsettings{'OINKCODE'} = '';
} else {
unlink "${General::swroot}/snort/enable_orange";
}
+ if ($snortsettings{'ENABLE_GUARDIAN'} eq 'on')
+ {
+ system ('/usr/bin/touch', "${General::swroot}/guardian/enable");
+ } else {
+ unlink "${General::swroot}/guardian/enable";
+ }
system('/usr/local/bin/snortctrl restart >/dev/null');
$checked{'ENABLE_SNORT_ORANGE'}{'off'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{'on'} = '';
$checked{'ENABLE_SNORT_ORANGE'}{$snortsettings{'ENABLE_SNORT_ORANGE'}} = "checked='checked'";
+$checked{'ENABLE_GUARDIAN'}{'off'} = '';
+$checked{'ENABLE_GUARDIAN'}{'on'} = '';
+$checked{'ENABLE_GUARDIAN'}{$snortsettings{'ENABLE_GUARDIAN'}} = "checked='checked'";
$selected{'RULES'}{'nothing'} = '';
$selected{'RULES'}{'community'} = '';
$selected{'RULES'}{'registered'} = '';
&Header::openbox('100%', 'left', $Lang::tr{'intrusion detection system2'});
print <<END
<form method='post' action='$ENV{'SCRIPT_NAME'}'><table width='100%'>
-<tr>
- <td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />
- GREEN Snort</td>
-</tr>
+<tr><td class='base'><input type='checkbox' name='ENABLE_SNORT_GREEN' $checked{'ENABLE_SNORT_GREEN'}{'on'} />GREEN Snort
END
;
if ($netsettings{'BLUE_DEV'} ne '') {
-print <<END
-<tr>
- <td class='base'><input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} />
- BLUE Snort</td>
-</tr>
-END
-;
+ print " <input type='checkbox' name='ENABLE_SNORT_BLUE' $checked{'ENABLE_SNORT_BLUE'}{'on'} /> BLUE Snort";
}
if ($netsettings{'ORANGE_DEV'} ne '') {
-print <<END
-<tr>
- <td class='base'><input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} />
- ORANGE Snort</td>
-</tr>
-END
-;
+ print " <input type='checkbox' name='ENABLE_SNORT_ORANGE' $checked{'ENABLE_SNORT_ORANGE'}{'on'} /> ORANGE Snort";
}
+ print " <input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} /> RED Snort";
+if ( -e "/var/ipfire/guardian/guardian.conf" ) {
+ print " <input type='checkbox' name='ENABLE_GUARDIAN' $checked{'ENABLE_GUARDIAN'}{'on'} /> Guardian";
+}
+
print <<END
-<tr>
- <td class='base'><input type='checkbox' name='ENABLE_SNORT' $checked{'ENABLE_SNORT'}{'on'} />
- RED Snort</td>
-</tr>
+</td></tr>
<tr>
<td><hr /></td>
</tr>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='66%'>
<tr><td colspan='3'>
- <tr><td width='40%' align='right'>$Lang::tr{'downlink speed'}: <td width='40%' align='left'>$qossettings{'INC_SPD'} kbps
+ <tr><td width='50%' align='right'>$Lang::tr{'downlink speed'}: <td width='30%' align='left'>$qossettings{'INC_SPD'}
<td width='20%' rowspan='2' align='center' valign='middle'><input type='submit' name='ACTIONBW' value='Andern' />
- <tr><td width='40%' align='right'>$Lang::tr{'uplink speed'}: <td width='40%' align='left'>$qossettings{'OUT_SPD'} kbps
+ <tr><td width='50%' align='right'>$Lang::tr{'uplink speed'}: <td width='30%' align='left'>$qossettings{'OUT_SPD'}
</table></form>
END
;
<form method='post' action='$ENV{'SCRIPT_NAME'}'>
<table width='66%'>
<tr><td colspan='3'><hr />
- <tr><td width='40%' align='right'>$Lang::tr{'downlink std class'}: <td width='40%' align='left'>$qossettings{'DEFCLASS_INC'}
+ <tr><td width='50%' align='right'>$Lang::tr{'downlink std class'}: <td width='30%' align='left'>$qossettings{'DEFCLASS_INC'}
<td width='20%' rowspan='3' align='center' valign='middle'><input type='submit' name='ACTIONDEF' value='Andern' />
- <tr><td width='40%' align='right'>$Lang::tr{'uplink std class'}: <td width='40%' align='left'>$qossettings{'DEFCLASS_OUT'}
- <tr><td width='40%' align='right'>ACKs: <td width='40%' align='left'>$qossettings{'ACK'}
+ <tr><td width='50%' align='right'>$Lang::tr{'uplink std class'}: <td width='30%' align='left'>$qossettings{'DEFCLASS_OUT'}
+ <tr><td width='50%' align='right'>ACKs: <td width='30%' align='left'>$qossettings{'ACK'}
<tr><td colspan='3' width='100%'><hr />
<tr><td colspan='3' width='100%' align='center'>
</table>
<input type='hidden' name='DEF_OUT_SPD' value='' /><input type='hidden' name='DEF_INC_SPD' value='' />
<table width='66%'>
<tr><td width='100%' colspan='3'>$Lang::tr{'down and up speed'}
- <tr><td width='33%' align='right'>$Lang::tr{'downlink speed'}:
- <td width='33%' align='left'><input type='text' name='INC_SPD' maxlength='8' value="$qossettings{'INC_SPD'}" /> kbps
- <td width='33%' align='center'>
- <tr><td width='33%' align='right'>$Lang::tr{'uplink speed'}:
- <td width='33%' align='left'><input type='text' name='OUT_SPD' maxlength='8' value="$qossettings{'OUT_SPD'}" /> kbps
- <td width='33%' align='center'><input type='submit' name='ACTION' value="$Lang::tr{'save'}" /> <input type='reset' name='ACTION' value="$Lang::tr{'reset'}" />
+ <tr><td width='50%' align='right'>$Lang::tr{'downlink speed'}:
+ <td width='30%' align='left'><input type='text' name='INC_SPD' maxlength='8' value="$qossettings{'INC_SPD'}" />
+ <td width='20%' align='center'>
+ <tr><td width='50%' align='right'>$Lang::tr{'uplink speed'}:
+ <td width='30%' align='left'><input type='text' name='OUT_SPD' maxlength='8' value="$qossettings{'OUT_SPD'}" />
+ <td width='20%' align='center'><input type='submit' name='ACTION' value="$Lang::tr{'save'}" /> <input type='reset' name='ACTION' value="$Lang::tr{'reset'}" />
</table>
</form>
END
shift
if [ -n "${1}" ]; then
- ALL=0
- for i in green red blue orange; do
- eval "${i}=0"
- done
+ ALL=0
+ for i in green red blue orange; do
+ eval "${i}=0"
+ done
else
- ALL=1
- for i in green red blue orange; do
- eval "${i}=1"
- done
+ ALL=1
+ for i in green red blue orange; do
+ eval "${i}=1"
+ done
fi
while [ ! $# = 0 ]; do
- for i in green red blue orange; do
- if [ "${i}" == "${1}" ]; then
- eval "${i}=1"
- shift
- fi
- done
+ for i in green red blue orange; do
+ if [ "${i}" == "${1}" ]; then
+ eval "${i}=1"
+ shift
+ fi
+ done
done
case "${DO}" in
- start)
- if [ "${ALL}" == "1" ]; then
- boot_mesg "Loading iptables helper modules"
- modprobe iptable_nat || failed=1
- modprobe ip_conntrack || failed=1
- modprobe ip_conntrack_ftp || failed=1
- modprobe ip_nat_ftp || failed=1
- modprobe ip_conntrack_h323 || failed=1
- modprobe ip_nat_h323 || failed=1
- modprobe ip_conntrack_irc || failed=1
- modprobe ip_nat_irc || failed=1
- modprobe ip_conntrack_mms || failed=1
- modprobe ip_nat_mms || failed=1
- modprobe ip_conntrack_pptp || failed=1
- modprobe ip_nat_pptp || failed=1
- modprobe ip_conntrack_sip || failed=1
- modprobe ip_nat_sip || failed=1
- (exit ${failed})
- evaluate_retval
-
- boot_mesg "Setting up IPFire firewall rules"
- /etc/rc.d/init.d/firewall start; evaluate_retval
-
- boot_mesg "Setting up IP Accounting"
- /etc/rc.d/helper/writeipac.pl || failed=1
- /usr/sbin/fetchipac -S || failed=1
- (exit ${failed})
- evaluate_retval
-
- boot_mesg "Setting IPFire DMZ pinholes"
- /usr/local/bin/setdmzholes; evaluate_retval
-
- if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- boot_mesg "Setting up wireless firewall rules"
- /usr/local/bin/restartwireless; evaluate_retval
- fi
-
- # Start DNSMASQ with defaults
- killall -KILL dnsmasq 2> /dev/null
- sleep 1
- if [ "$DOMAIN_NAME_GREEN" == "" ]; then
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases
- else
- /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN"
- fi
- fi
-
- # Starting interfaces...
- # GREEN
- if [ "$green" == "1" ]; then
- name=green /etc/rc.d/init.d/net/ifup
- fi
-
- # BLUE
- if [ "$blue" == "1" ]; then
- if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- name=blue /etc/rc.d/init.d/net/ifup
- fi
- fi
-
- # ORANGE
- if [ "$orange" == "1" ]; then
- if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ]; then
- name=orange /etc/rc.d/init.d/net/ifup
- fi
- fi
+ start)
+ if [ "${ALL}" == "1" ]; then
+ boot_mesg "Loading iptables helper modules"
+ modprobe iptable_nat || failed=1
+ modprobe ip_conntrack || failed=1
+ modprobe ip_conntrack_ftp || failed=1
+ modprobe ip_nat_ftp || failed=1
+ modprobe ip_conntrack_h323 || failed=1
+ modprobe ip_nat_h323 || failed=1
+ modprobe ip_conntrack_irc || failed=1
+ modprobe ip_nat_irc || failed=1
+ modprobe ip_conntrack_mms || failed=1
+ modprobe ip_nat_mms || failed=1
+ modprobe ip_conntrack_pptp || failed=1
+ modprobe ip_nat_pptp || failed=1
+ modprobe ip_conntrack_sip || failed=1
+ modprobe ip_nat_sip || failed=1
+ (exit ${failed})
+ evaluate_retval
+
+ boot_mesg "Setting up IPFire firewall rules"
+ /etc/rc.d/init.d/firewall start; evaluate_retval
+
+ boot_mesg "Setting up IP Accounting"
+ /etc/rc.d/helper/writeipac.pl || failed=1
+ /usr/sbin/fetchipac -S || failed=1
+ (exit ${failed})
+ evaluate_retval
+
+ boot_mesg "Setting IPFire DMZ pinholes"
+ /usr/local/bin/setdmzholes; evaluate_retval
+
+ if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
+ boot_mesg "Setting up wireless firewall rules"
+ /usr/local/bin/restartwireless; evaluate_retval
+ fi
+
+ # Start DNSMASQ with defaults
+ killall -KILL dnsmasq 2> /dev/null
+ sleep 1
+ if [ "$DOMAIN_NAME_GREEN" == "" ]; then
+ /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases
+ else
+ /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN"
+ fi
+ fi
+
+ # Starting interfaces...
+ # GREEN
+ if [ "$green" == "1" ]; then
+ name=green /etc/rc.d/init.d/net/ifup
+ fi
+
+ # BLUE
+ if [ "$blue" == "1" ]; then
+ if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
+ name=blue /etc/rc.d/init.d/net/ifup
+ fi
+ fi
+
+ # ORANGE
+ if [ "$orange" == "1" ]; then
+ if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ]; then
+ name=orange /etc/rc.d/init.d/net/ifup
+ fi
+ fi
+
+ # RED
+ if [ "$red" == "1" ]; then
+ if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
+ # Remove possible leftover files
+ rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
+ if [ "$AUTOCONNECT" == "off" ]; then
+ echo -n # Do anything
+ else
+ name=red /etc/rc.d/init.d/net/ifup
+ fi
+ fi
+ fi
+
+ if [ -f "/var/ipfire/ovpn/enable" -o -f "/var/ipfire/ovpn/enable_blue" -o -f "/var/ipfire/ovpn/enable_orange" ];then
+ boot_mesg "Setting OpenVPN Rules if enabled"
+ /etc/rc.d/init.d/firewall startovpn; evaluate_retval
+
+ boot_mesg "Setting OpenVPN if enabled"
+ /usr/local/bin/openvpnctrl -s; evaluate_retval
+ fi
- # RED
- if [ "$red" == "1" ]; then
- if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- # Remove possible leftover files
- rm -f /var/ipfire/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
- if [ "$AUTOCONNECT" == "off" ]; then
- echo -n # Do anything
- else
- name=red /etc/rc.d/init.d/net/ifup
- fi
- boot_mesg "Setting OpenVPN Rules if enabled"
- /etc/rc.d/init.d/firewall startovpn; evaluate_retval
- fi
- fi
-
- boot_mesg "Setting OpenVPN if enabled"
- /usr/local/bin/openvpnctrl -s; evaluate_retval
-
- boot_mesg "Starting Snort if enabled"
- /etc/rc.d/init.d/snort start; evaluate_retval
- ;;
+ if [ -f "/var/ipfire/snort/enable" -o -f "/var/ipfire/snort/enable_blue" -o -f "/var/ipfire/snort/enable_orange" ];then
+ boot_mesg "Starting Snort if enabled"
+ /etc/rc.d/init.d/snort start; evaluate_retval
+ fi
+ ;;
- stop)
- # Stopping interfaces...
- # GREEN
- if [ "$green" == "1" ]; then
- name=green /etc/rc.d/init.d/net/ifdown
- fi
-
- # BLUE
- if [ "$blue" == "1" ]; then
- if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- name=blue /etc/rc.d/init.d/net/ifdown
- fi
- fi
-
- # ORANGE
- if [ "$orange" == "1" ]; then
- if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ]; then
- name=orange /etc/rc.d/init.d/net/ifdown
- fi
- fi
+ stop)
+ # Stopping interfaces...
+ # GREEN
+ if [ "$green" == "1" ]; then
+ name=green /etc/rc.d/init.d/net/ifdown
+ fi
+
+ # BLUE
+ if [ "$blue" == "1" ]; then
+ if [ "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
+ name=blue /etc/rc.d/init.d/net/ifdown
+ fi
+ fi
+
+ # ORANGE
+ if [ "$orange" == "1" ]; then
+ if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "4" ]; then
+ name=orange /etc/rc.d/init.d/net/ifdown
+ fi
+ fi
+
+ # RED
+ if [ "$red" == "1" ]; then
+ if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
+ name=red /etc/rc.d/init.d/net/ifdown
+ fi
+ fi
+
+ if [ -f "/var/ipfire/ovpn/enable" -o -f "/var/ipfire/ovpn/enable_blue" -o -f "/var/ipfire/ovpn/enable_orange" ];then
+ boot_mesg "Deleting OpenVPN Rules if enabled"
+ /etc/rc.d/init.d/firewall stopovpn; evaluate_retval
- # RED
- if [ "$red" == "1" ]; then
- if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "4" ]; then
- name=red /etc/rc.d/init.d/net/ifdown
- boot_mesg "Deleting OpenVPN Rules if enabled"
- /etc/rc.d/init.d/firewall stopovpn; evaluate_retval
- fi
- fi
-
- boot_mesg "Stopping OpenVPN if enabled"
- /usr/local/bin/openvpnctrl -k; evaluate_retval
-
- boot_mesg "Stopping Snort if enabled"
- /etc/rc.d/init.d/snort stop; evaluate_retval
- ;;
+ boot_mesg "Stopping OpenVPN if enabled"
+ /usr/local/bin/openvpnctrl -k; evaluate_retval
+ fi
+
+ if [ -f "/var/ipfire/snort/enable" -o -f "/var/ipfire/snort/enable_blue" -o -f "/var/ipfire/snort/enable_orange" ];then
+ boot_mesg "Stopping Snort if enabled"
+ /etc/rc.d/init.d/snort stop; evaluate_retval
+ fi
+ ;;
- restart)
- for i in green red blue orange; do
- if [ "${!i}" == "1" ]; then
- ARGS+=" ${i}"
- fi
- done
- ${0} stop ${ARGS}
- sleep 1
- ${0} start ${ARGS}
- ;;
+ restart)
+ for i in green red blue orange; do
+ if [ "${!i}" == "1" ]; then
+ ARGS+=" ${i}"
+ fi
+ done
+ ${0} stop ${ARGS}
+ sleep 1
+ ${0} start ${ARGS}
+ ;;
- *)
- echo "Usage: ${0} {start|stop|restart}"
- exit 1
- ;;
+ *)
+ echo "Usage: ${0} {start|stop|restart}"
+ exit 1
+ ;;
esac
# End /etc/rc.d/init.d/network
. /etc/sysconfig/rc
. ${rc_functions}
+PATH=/usr/local/sbin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin; export PATH
+
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/snort/settings)
if [ "$ENABLE_SNORT_ORANGE" == "on" ]; then
- HOME_NET+="$ORANGE_ADDRESS,"
- DEVICES+="$ORANGE_DEV "
+ HOME_NET+="$ORANGE_ADDRESS,"
+ DEVICES+="$ORANGE_DEV "
fi
if [ "$ENABLE_SNORT_GREEN" == "on" ]; then
- HOME_NET+="$GREEN_ADDRESS,"
- DEVICES+="$GREEN_DEV "
+ HOME_NET+="$GREEN_ADDRESS,"
+ DEVICES+="$GREEN_DEV "
fi
if [ "$ENABLE_SNORT_BLUE" == "on" ]; then
- HOME_NET+="$BLUE_ADDRESS,"
- DEVICES+="$BLUE_DEV "
+ HOME_NET+="$BLUE_ADDRESS,"
+ DEVICES+="$BLUE_DEV "
fi
if [ "$ENABLE_SNORT" == "on" ]; then
- LOCAL_IP=`cat /var/ipfire/red/local-ipaddress`
- if [ "$LOCAL_IP" ]; then
- HOME_NET+="$LOCAL_IP,"
- else
- exit 1 ## Add error handling here
- fi
- DEVICES+=`cat /var/ipfire/red/iface`
+ LOCAL_IP=`cat /var/ipfire/red/local-ipaddress`
+ if [ "$LOCAL_IP" ]; then
+ HOME_NET+="$LOCAL_IP,"
+ else
+ exit 1 ## Add error handling here
+ fi
+ DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
fi
COUNT=`echo $HOME_NET | wc -m`
HOME_NET=`echo $HOME_NET | cut -c $[$COUNT - 2]`
-echo "var HOME_NET [$HOME_NET]" > /etc/snort/vars
-echo "var EXTERNAL_NET ANY" >> /etc/snort/vars
+echo "var HOME_NET [$HOME_NET]" > /etc/snort/vars
+echo "var EXTERNAL_NET ANY" >> /etc/snort/vars
DNS1=`cat /var/ipfire/red/dns1 2>/dev/null`
DNS2=`cat /var/ipfire/red/dns2 2>/dev/null`
if [ "$DNS2" ]; then
- echo "var DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars
+ echo "var DNS_SERVERS [$DNS1,$DNS2]" >> /etc/snort/vars
else
- echo "var DNS_SERVERS $DNS1" >> /etc/snort/vars
+ echo "var DNS_SERVERS $DNS1" >> /etc/snort/vars
fi
case "$1" in
- start)
- for DEVICE in $DEVICES; do
- boot_mesg "Starting Intrusion Detection System on $DEVICE..."
- /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/
- evaluate_retval
- chmod 644 /var/run/snort_$DEVICE.pid
- done
- ;;
-
- stop)
- DEVICES=""
- if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
- DEVICES+="$BLUE_DEV "
- fi
- if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
- DEVICES+="$GREEN_DEV "
- fi
- if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
- DEVICES+="$ORANGE_DEV "
- fi
+ start)
+ for DEVICE in $DEVICES; do
+ boot_mesg "Starting Intrusion Detection System on $DEVICE..."
+ /usr/sbin/snort -c /etc/snort/snort.conf -i $DEVICE -D -l /var/log/snort --create-pidfile --nolock-pidfile --pid-path /var/run/
+ evaluate_retval
+ chmod 644 /var/run/snort_$DEVICE.pid
+ done
+
+
+ if [ -r /var/ipfire/guardian/enable ]; then
+ IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
+ sed -e "s/^Interface.*/Interface ${IFACE}/" /var/ipfire/guardian/guardian.conf > temp
+ mv temp /var/ipfire/guardian/guardian.conf
+
+ boot_mesg "Starting Guardian..."
+ loadproc /usr/local/bin/guardian.pl -c /var/ipfire/guardian/guardian.conf
+ fi
+ ;;
+
+ stop)
+ DEVICES=""
+ if [ -r /var/run/snort_$BLUE_DEV.pid ]; then
+ DEVICES+="$BLUE_DEV "
+ fi
+
+ if [ -r /var/run/snort_$GREEN_DEV.pid ]; then
+ DEVICES+="$GREEN_DEV "
+ fi
+
+ if [ -r /var/run/snort_$ORANGE_DEV.pid ]; then
+ DEVICES+="$ORANGE_DEV "
+ fi
- RED=`cat /var/ipfire/red/iface`
- if [ -r /var/run/snort_$RED.pid ]; then
- DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
- fi
+ RED=`cat /var/ipfire/red/iface 2>/dev/null`
+ if [ -r /var/run/snort_$RED.pid ]; then
+ DEVICES+=`cat /var/ipfire/red/iface 2>/dev/null`
+ fi
- for DEVICE in $DEVICES; do
- boot_mesg "Stopping Intrusion Detection System on $DEVICE..."
- killproc -p /var/run/snort_$DEVICE.pid /var/run
- done
-
- rm /var/run/snort_* >/dev/null 2>/dev/null
- ;;
-
- status)
- statusproc /usr/sbin/snort
- ;;
-
- restart)
- $0 stop
- $0 start
- ;;
-
- *)
- echo "Usage: $0 {start|stop|restart|status}"
- exit 1
- ;;
+ for DEVICE in $DEVICES; do
+ boot_mesg "Stopping Intrusion Detection System on $DEVICE..."
+ killproc -p /var/run/snort_$DEVICE.pid /var/run
+ done
+
+ rm /var/run/snort_* >/dev/null 2>/dev/null
+
+ if [ -r /var/ipfire/guardian/enable ]; then
+ boot_mesg "Stopping Guardian..."
+ killproc /usr/local/bin/guardian.pl
+ fi
+ ;;
+
+ status)
+ statusproc /usr/sbin/snort
+ ;;
+
+ restart)
+ $0 stop
+ $0 start
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|restart|status}"
+ exit 1
+ ;;
esac
# End $rc_base/init.d/snort