+++ /dev/null
-/* SmoothWall helper program - restartsnort\r
- *\r
- * This program is distributed under the terms of the GNU General Public\r
- * Licence. See the file COPYING for details.\r
- *\r
- * (c) Lawrence Manning, 2001\r
- * Restarting snort.\r
- * \r
- * $Id: restartsnort.c,v 1.8.2.3 2005/10/16 12:36:14 rkerr Exp $\r
- * \r
- */\r
- \r
-#include <stdio.h>\r
-#include <string.h>\r
-#include <stdlib.h>\r
-#include <unistd.h>\r
-#include <sys/types.h>\r
-#include <sys/stat.h>\r
-#include <string.h>\r
-#include <fcntl.h>\r
-#include <signal.h>\r
-#include "libsmooth.h"\r
-#include "setuid.h"\r
-\r
-struct keyvalue *kv = NULL;\r
-FILE *varsfile = NULL;\r
-\r
-void exithandler(void)\r
-{\r
- if (varsfile)\r
- fclose (varsfile);\r
-\r
- if (kv)\r
- freekeyvalues(kv);\r
-}\r
-\r
-int killsnort(char *interface)\r
-{\r
- int fd;\r
- char pidname[STRING_SIZE] = "";\r
- char buffer[STRING_SIZE] = "";\r
- int pid;\r
-\r
- sprintf(pidname, "/var/run/snort_%s.pid", interface);\r
-\r
- if ((fd = open(pidname, O_RDONLY)) != -1)\r
- {\r
- if (read(fd, buffer, STRING_SIZE - 1) == -1)\r
- fprintf(stderr, "Couldn't read from pid file\n");\r
- else\r
- {\r
- pid = atoi(buffer);\r
- if (pid <= 1)\r
- fprintf(stderr, "Bad pid value\n");\r
- else\r
- {\r
- if (kill(pid, SIGTERM) == -1)\r
- fprintf(stderr, "Unable to send SIGTERM\n");\r
- close (fd);\r
- return 0;\r
- }\r
- }\r
- close(fd);\r
- }\r
- return 1;\r
-}\r
-\r
-int main(int argc, char *argv[])\r
-{\r
- int fd = -1;\r
- FILE *ifacefile, *ipfile, *dns1file, *dns2file;\r
- char iface[STRING_SIZE] = "";\r
- char locip[STRING_SIZE] = "";\r
- char dns1[STRING_SIZE] = "";\r
- char dns2[STRING_SIZE] = "";\r
- char command[STRING_SIZE] = "";\r
- char greendev[STRING_SIZE] = "";\r
- char orangedev[STRING_SIZE] = "";\r
- char bluedev[STRING_SIZE] = "";\r
- char greenip[STRING_SIZE] = "";\r
- char orangeip[STRING_SIZE] = "";\r
- char blueip[STRING_SIZE] = "";\r
- struct stat st;\r
- int i;\r
- int restartred = 0, restartgreen = 0, restartblue = 0, restartorange = 0;\r
- \r
- if (!(initsetuid()))\r
- exit(1);\r
- \r
- atexit(exithandler);\r
-\r
- for (i=0; i<argc; i++) {\r
- if (!strcmp(argv[i], "red"))\r
- restartred = 1;\r
- if (!strcmp(argv[i], "orange"))\r
- restartorange = 1;\r
- if (!strcmp(argv[i], "blue"))\r
- restartblue = 1;\r
- if (!strcmp(argv[i], "green"))\r
- restartgreen = 1;\r
- }\r
- \r
- kv = initkeyvalues();\r
- if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")))\r
- exit(1);\r
-\r
- if (! findkey(kv, "GREEN_DEV", greendev)) {\r
- fprintf(stderr, "Couldn't find GREEN device\n");\r
- exit(1);\r
- }\r
- if (! strlen (greendev) > 0) {\r
- fprintf(stderr, "Couldn't find GREEN device\n");\r
- exit(1);\r
- }\r
- if (!VALID_DEVICE(greendev))\r
- {\r
- fprintf(stderr, "Bad GREEN_DEV: %s\n", greendev);\r
- exit(1);\r
- }\r
- if (!(findkey(kv, "GREEN_ADDRESS", greenip))) {\r
- fprintf(stderr, "Couldn't find GREEN address\n");\r
- exit(1);\r
- }\r
- if (!VALID_IP(greenip)) {\r
- fprintf(stderr, "Bad GREEN_ADDRESS: %s\n", greenip);\r
- exit(1);\r
- }\r
-\r
- if (findkey(kv, "ORANGE_DEV", orangedev) && strlen (orangedev) > 0) {\r
- if (!VALID_DEVICE(orangedev))\r
- {\r
- fprintf(stderr, "Bad ORANGE_DEV: %s\n", orangedev);\r
- exit(1);\r
- }\r
- if (!(findkey(kv, "ORANGE_ADDRESS", orangeip))) {\r
- fprintf(stderr, "Couldn't find ORANGE address\n");\r
- exit(1);\r
- }\r
- if (!VALID_IP(orangeip)) {\r
- fprintf(stderr, "Bad ORANGE_ADDRESS: %s\n", orangeip);\r
- exit(1);\r
- }\r
- }\r
-\r
- if (findkey(kv, "BLUE_DEV", bluedev) && strlen (bluedev) > 0) {\r
- if (!VALID_DEVICE(bluedev))\r
- {\r
- fprintf(stderr, "Bad BLUE_DEV: %s\n", bluedev);\r
- exit(1);\r
- }\r
- if (!(findkey(kv, "BLUE_ADDRESS", blueip))) {\r
- fprintf(stderr, "Couldn't find BLUE address\n");\r
- exit(1);\r
- }\r
- if (!VALID_IP(blueip)) {\r
- fprintf(stderr, "Bad BLUE_ADDRESS: %s\n", blueip);\r
- exit(1);\r
- }\r
- }\r
-\r
- stat(CONFIG_ROOT "/red/active", &st);\r
-\r
- if (S_ISREG(st.st_mode)) {\r
- if (!(ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open iface file\n");\r
- exit(0);\r
- }\r
-\r
- if (fgets(iface, STRING_SIZE, ifacefile))\r
- {\r
- if (iface[strlen(iface) - 1] == '\n')\r
- iface[strlen(iface) - 1] = '\0';\r
- }\r
- fclose(ifacefile);\r
- if (!VALID_DEVICE(iface))\r
- {\r
- fprintf(stderr, "Bad iface: %s\n", iface);\r
- exit(0);\r
- }\r
-\r
- if (!(ipfile = fopen(CONFIG_ROOT "/red/local-ipaddress", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open local ip file\n");\r
- exit(0);\r
- }\r
- if (fgets(locip, STRING_SIZE, ipfile))\r
- {\r
- if (locip[strlen(locip) - 1] == '\n')\r
- locip[strlen(locip) - 1] = '\0';\r
- }\r
- fclose (ipfile);\r
- if (strlen(locip) && !VALID_IP(locip))\r
- {\r
- fprintf(stderr, "Bad local IP: %s\n", locip);\r
- exit(1);\r
- }\r
- \r
- if (!(dns1file = fopen(CONFIG_ROOT "/red/dns1", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open dns1 file\n");\r
- exit(0);\r
- }\r
- if (fgets(dns1, STRING_SIZE, dns1file))\r
- {\r
- if (dns1[strlen(dns1) - 1] == '\n')\r
- dns1[strlen(dns1) - 1] = '\0';\r
- }\r
- fclose (dns1file);\r
- if (strlen(dns1) && !VALID_IP(dns1))\r
- {\r
- fprintf(stderr, "Bad DNS1 IP: %s\n", dns1);\r
- exit(1);\r
- }\r
- \r
- if (!(dns2file = fopen(CONFIG_ROOT "/red/dns2", "r")))\r
- {\r
- fprintf(stderr, "Couldn't open dns2 file\n");\r
- exit(1);\r
- }\r
- if (fgets(dns2, STRING_SIZE, dns2file))\r
- {\r
- if (dns2[strlen(dns2) - 1] == '\n')\r
- dns2[strlen(dns2) - 1] = '\0';\r
- }\r
- fclose (dns2file);\r
- if (strlen(dns2) && !VALID_IP(dns2))\r
- {\r
- fprintf(stderr, "Bad DNS2 IP: %s\n", dns2);\r
- exit(1);\r
- }\r
- }\r
-\r
- if (restartred)\r
- killsnort(iface);\r
-\r
- if (restartblue)\r
- killsnort(bluedev);\r
- \r
- if (restartorange)\r
- killsnort(orangedev);\r
-\r
- if (restartgreen)\r
- killsnort(greendev);\r
- \r
- if (!(varsfile = fopen("/etc/snort/vars", "w")))\r
- {\r
- fprintf(stderr, "Couldn't create vars file\n");\r
- exit(1);\r
- }\r
- if (strlen(blueip)) {\r
- if (strlen(orangeip)) {\r
- if (strlen(locip)) {\r
- fprintf(varsfile, "var HOME_NET [%s,%s,%s,%s]\n", greenip, orangeip, blueip, locip);\r
- } else {\r
- fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, orangeip, blueip);\r
- }\r
- } else {\r
- if (strlen(locip)) {\r
- fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, blueip, locip);\r
- } else {\r
- fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, blueip);\r
- }\r
- }\r
- } else {\r
- if (strlen(orangeip)) {\r
- if (strlen(locip)) {\r
- fprintf(varsfile, "var HOME_NET [%s,%s,%s]\n", greenip, orangeip, locip);\r
- } else {\r
- fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, orangeip);\r
- }\r
- } else {\r
- if (strlen(locip)) {\r
- fprintf(varsfile, "var HOME_NET [%s,%s]\n", greenip, locip);\r
- } else {\r
- fprintf(varsfile, "var HOME_NET [%s]\n", greenip);\r
- }\r
- }\r
- }\r
- if (strlen(dns1))\r
- {\r
- if (strlen(dns2))\r
- fprintf(varsfile, "var DNS_SERVERS [%s,%s]\n", dns1, dns2);\r
- else\r
- fprintf(varsfile, "var DNS_SERVERS %s\n", dns1);\r
- } else {\r
- fprintf(varsfile, "var DNS_SERVERS []\n");\r
- }\r
- fclose(varsfile);\r
- varsfile = NULL;\r
- \r
- if (restartred && strlen(iface) && (fd = open(CONFIG_ROOT "/snort/enable", O_RDONLY)) != -1)\r
- {\r
- close(fd);\r
- snprintf(command, STRING_SIZE -1,\r
- "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r
- iface);\r
- safe_system(command);\r
- }\r
- if (restartblue && strlen(bluedev) && (fd = open(CONFIG_ROOT "/snort/enable_blue", O_RDONLY)) != -1 && bluedev)\r
- {\r
- close(fd);\r
- snprintf(command, STRING_SIZE -1,\r
- "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r
- bluedev);\r
- safe_system(command);\r
- }\r
- if (restartorange && strlen(orangedev) && (fd = open(CONFIG_ROOT "/snort/enable_orange", O_RDONLY)) != -1 && orangedev)\r
- {\r
- close(fd);\r
- snprintf(command, STRING_SIZE -1,\r
- "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r
- orangedev);\r
- safe_system(command);\r
- }\r
- if (restartgreen && (fd = open(CONFIG_ROOT "/snort/enable_green", O_RDONLY)) != -1)\r
- {\r
- close(fd);\r
- snprintf(command, STRING_SIZE -1,\r
- "/usr/sbin/snort -c /etc/snort/snort.conf -D -u snort -g snort -d -e -o -p -b -A fast -m 022 -i %s",\r
- greendev);\r
- safe_system(command);\r
- }\r
-\r
- return 0;\r
-}\r