From: Christian Schmidt Date: Sat, 29 Oct 2011 10:52:14 +0000 (+0000) Subject: suricara: Added systemd file and fixed reference-config-file option. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74e6b01b002903568fb468767ae5af6f8bf63eed;p=ipfire-3.x.git suricara: Added systemd file and fixed reference-config-file option. Systemd needs to support ExecStopPre to delete the chain. --- diff --git a/suricata/suricata.conf b/suricata/suricata.conf index 22d0218a7..672a30696 100644 --- a/suricata/suricata.conf +++ b/suricata/suricata.conf @@ -1,6 +1,7 @@ %YAML 1.1 --- # Suricata Emergingthreats Pro Open Rulesets Recommended +reference-config-file: /etc/suricata/reference.config # Number of packets allowed to be processed simultaneously. Default is a # conservative 50. a higher number will make sure CPU's/CPU cores will be diff --git a/suricata/suricata.nm b/suricata/suricata.nm index b1deb7901..c676d0c5f 100644 --- a/suricata/suricata.nm +++ b/suricata/suricata.nm @@ -5,7 +5,7 @@ name = suricata version = 1.1beta3 -release = 3 +release = 4 groups = Networking/IDS url = http://www.openinfosecfoundation.org/ @@ -51,6 +51,31 @@ end packages package %{name} + + prerquires = systemd-units + + configfiles + /etc/suricata/suricata.conf + end + + script postin + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + end + + script preun + /bin/systemctl --no-reload disable suricata.service >/dev/null 2>&1 || : + /bin/systemctl stop suricata.service >/dev/null 2>&1 || : + end + + script postun + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + end + + script postup + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl try-restart suricata.service >/dev/null 2>&1 || : + end + end package %{name}-devel diff --git a/suricata/systemd/suricata.service b/suricata/systemd/suricata.service new file mode 100644 index 000000000..2c2cecad6 --- /dev/null +++ b/suricata/systemd/suricata.service @@ -0,0 +1,14 @@ +[Unit] +Description=Open Source Next Generation Intrusion Detection and Prevention Engine +After=syslog.target network.target + +[Service] +Type=forking +ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.conf -q 0 -q 1 -D +ExecStartPost=/sbin/iptables -I INPUT -j NFQUEUE -–queue-balance 0:1 +ExecReload=/bin/kill -HUP $MAINPID +ExecStopPre=/sbin/iptables -D INPUT -j NFQUEUE -–queue-balance 0:1 +ExecStop=/bin/kill $MAINPID + +[Install] +WantedBy=multi-user.target