You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
92 lines
2.6 KiB
92 lines
2.6 KiB
#!@l_prefix@/bin/openpkg rc |
|
## |
|
## rc.snort -- Run-Commands |
|
## |
|
|
|
%config |
|
snort_enable="$openpkg_rc_def" |
|
snort_if="" |
|
snort_flags="-N -Afast -o" |
|
snort_log_prolog="true" |
|
snort_log_epilog="true" |
|
snort_log_numfiles="10" |
|
snort_log_minsize="1M" |
|
snort_log_complevel="9" |
|
snort_update_time="once" |
|
snort_update_source="file://@l_prefix@/share/snort/rules.tar.gz" |
|
|
|
%common |
|
snort_cfgfile="@l_prefix@/etc/snort/snort.conf" |
|
snort_logdir="@l_prefix@/var/snort" |
|
snort_piddir="@l_prefix@/var/snort" |
|
snort_pidfile="$snort_piddir/snort_${snort_if}.pid" |
|
snort_signal () { |
|
[ -f $snort_pidfile ] && kill -$1 `cat $snort_pidfile` |
|
} |
|
snort_update () { |
|
@l_prefix@/sbin/snort-update "$snort_update_source" |
|
} |
|
|
|
%status -u @l_susr@ -o |
|
snort_usable="no" |
|
snort_active="no" |
|
@l_prefix@/sbin/snort \ |
|
-q -T \ |
|
-u "@l_rusr@" -g "@l_rgrp@" \ |
|
-i "$snort_if" \ |
|
-c "$snort_cfgfile" \ |
|
-l "$snort_logdir" \ |
|
>/dev/null 2>&1 && snort_usable="yes" |
|
[ ".$snort_if" = . ] && snort_usable="no" |
|
rcService snort enable yes && snort_signal 0 && snort_active="yes" |
|
echo "snort_enable=\"$snort_enable\"" |
|
echo "snort_usable=\"$snort_usable\"" |
|
echo "snort_active=\"$snort_active\"" |
|
|
|
%start -p 100 -u @l_susr@ |
|
rcService snort enable yes || exit 0 |
|
rcService snort active yes && exit 0 |
|
@l_prefix@/sbin/snort \ |
|
-q -D \ |
|
-u "@l_rusr@" -g "@l_rgrp@" \ |
|
-i "$snort_if" \ |
|
-c "$snort_cfgfile" \ |
|
-l "$snort_logdir" \ |
|
${snort_flags} |
|
|
|
%stop -p 900 -u @l_susr@ |
|
rcService snort enable yes || exit 0 |
|
rcService snort active no && exit 0 |
|
snort_signal TERM |
|
sleep 2 |
|
rm -f $snort_pidfile 2>/dev/null || true |
|
|
|
%restart -p 100 -u @l_susr@ |
|
rcService snort enable yes || exit 0 |
|
rcService snort active no && exit 0 |
|
rc snort stop start |
|
|
|
%hourly -u @l_rusr@ |
|
rcService snort enable yes || exit 0 |
|
if [ ".$snort_update_time" = .hourly ]; then |
|
snort_update || exit $? |
|
fi |
|
|
|
%daily -u @l_rusr@ |
|
rcService snort enable yes || exit 0 |
|
if [ ".$snort_update_time" = .daily ]; then |
|
snort_update || exit $? |
|
fi |
|
shtool rotate -f \ |
|
-n ${snort_log_numfiles} -s ${snort_log_minsize} -d \ |
|
-z ${snort_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \ |
|
-P "${snort_log_prolog}" \ |
|
-E "${snort_log_epilog}; rc snort reload" \ |
|
$snort_logdir/snort.alert.log |
|
|
|
%weekly -u @l_rusr@ |
|
rcService snort enable yes || exit 0 |
|
if [ ".$snort_update_time" = .weekly ]; then |
|
snort_update || exit $? |
|
fi |
|
|
|
|