#!@l_prefix@/bin/openpkg rc
##
##  rc.snort -- Run-Commands
##

%config
    snort_enable="$openpkg_rc_def"
    snort_if=""
    snort_flags="-N -Afast -o"
    snort_log_prolog="true"
    snort_log_epilog="true"
    snort_log_numfiles="10"
    snort_log_minsize="1M"
    snort_log_complevel="9"
    snort_update_time="once"
    snort_update_source="file://@l_prefix@/share/snort/rules.tar.gz"

%common
    snort_cfgfile="@l_prefix@/etc/snort/snort.conf"
    snort_logdir="@l_prefix@/var/snort"
    snort_piddir="@l_prefix@/var/snort"
    snort_pidfile="$snort_piddir/snort_${snort_if}.pid"
    snort_signal () {
        [ -f $snort_pidfile ] && kill -$1 `cat $snort_pidfile`
    }
    snort_update () {
        @l_prefix@/sbin/snort-update "$snort_update_source"
    }

%status -u @l_susr@ -o
    snort_usable="no"
    snort_active="no"
    @l_prefix@/sbin/snort \
        -q -T \
        -u "@l_rusr@" -g "@l_rgrp@" \
        -i "$snort_if" \
        -c "$snort_cfgfile" \
        -l "$snort_logdir" \
        >/dev/null 2>&1 && snort_usable="yes"
    [ ".$snort_if" = . ] && snort_usable="no"
    rcService snort enable yes && snort_signal 0 && snort_active="yes"
    echo "snort_enable=\"$snort_enable\""
    echo "snort_usable=\"$snort_usable\""
    echo "snort_active=\"$snort_active\""

%start -p 100 -u @l_susr@
    rcService snort enable yes || exit 0
    rcService snort active yes && exit 0
    @l_prefix@/sbin/snort \
        -q -D \
        -u "@l_rusr@" -g "@l_rgrp@" \
        -i "$snort_if" \
        -c "$snort_cfgfile" \
        -l "$snort_logdir" \
        ${snort_flags}

%stop -p 900 -u @l_susr@
    rcService snort enable yes || exit 0
    rcService snort active no  && exit 0
    snort_signal TERM
    sleep 2
    rm -f $snort_pidfile 2>/dev/null || true

%restart -p 100 -u @l_susr@
    rcService snort enable yes || exit 0
    rcService snort active no  && exit 0
    rc snort stop start

%hourly -u @l_rusr@
    rcService snort enable yes || exit 0
    if [ ".$snort_update_time" = .hourly ]; then
        snort_update || exit $?
    fi

%daily -u @l_rusr@
    rcService snort enable yes || exit 0
    if [ ".$snort_update_time" = .daily ]; then
        snort_update || exit $?
    fi
    shtool rotate -f \
        -n ${snort_log_numfiles} -s ${snort_log_minsize} -d \
        -z ${snort_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \
        -P "${snort_log_prolog}" \
        -E "${snort_log_epilog}; rc snort reload" \
        $snort_logdir/snort.alert.log

%weekly -u @l_rusr@
    rcService snort enable yes || exit 0
    if [ ".$snort_update_time" = .weekly ]; then
        snort_update || exit $?
    fi