#!/bin/sh
#
# /etc/init.d/rc.d/snortd
#
# chkconfig: - 90 10
# description:  snort is a lightweight network intrusion detection tool that
#		currently detects more than 1100 host and network
#		vulnerabilities, portscans, backdoors, and more.
# processname: snort
# config: /etc/snort/snort.conf
# pidfile: /var/run/snort.pid

# Do not load RH compatibility interface.
WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Testing tricks.
if [ "$1" = "--trace-script" ]; then
    shift
    echo Enable script tracing...
    set -x
fi

# Get config.
CONFIG=/etc/sysconfig/snort
SourceIfNotEmpty "$CONFIG" || exit 0

COMMON_LOCKFILE="/var/lock/subsys/snortd"
COMMON_OPTIONS=
DEFAULT_PARAMS="-t /var/log/snort -A fast -b -d -c /etc/snort/snort.conf"

RETVAL=0

[ -n "$INTERFACES" ] || exit 0

function print_all_ifaces() {
    local linenum=0
    netstat -i | egrep -v '^lo' | while read first_word unused_tail; do
	case $[++linenum] in
	    1 | 2 ) ;;
	    * ) echo $first_word ;;
	esac
    done
}

is_active_iface()
{
    local iface="$1";shift

    netstat --interfaces="$iface" | grep -qs "^$iface" 2>/dev/null
}

IFN=`echo $INTERFACES | sed -e 's/, */ /g'`
case "$IFN" in
    "" | any | all | Any | All | ANY | ALL ) IFN=`print_all_ifaces` ;;
esac

foreach_iface() {
    local func="$1"
    shift
    for i in $IFN; do
	PIDFILE="/var/run/snort_$i.pid"
	LOCKFILE="/var/lock/subsys/snort_$i"
	COMMON_OPTIONS="--name snort --pidfile $PIDFILE --lockfile $LOCKFILE	--expect-user snort --displayname snort($i)"
	"$func" "$i" "$@" || return 1
    done
    return $RETVAL
}

status0() {
    status $COMMON_OPTIONS snort 2>&1 >/dev/null
    local retval=$?
    [ $retval -eq 0 ] && RETVAL=$retval   # at least one instance is loaded
    return 0
}

is_loaded() {
    RETVAL=1  # assume not loaded
    foreach_iface status0
    return $RETVAL
}

start1() {
    local add_params

    is_active_iface "$1" || return 0
    for suffix in "`echo "$1" | tr : _`" any all Any All ANY ALL; do
        eval add_params="\$ADDPARAMS_$suffix"
        test -n "$add_params" && break
    done
    [ -z "$add_params" ] && add_params="$DEFAULT_PARAMS"

    start_daemon $COMMON_OPTIONS -- snort -u snort -g snort \
        -D \
        -i "$1" \
        "$add_params"
    local retval=$?
    [ $RETVAL -eq 0 ] && RETVAL=$retval
    return $retval
}

start() {
    foreach_iface start1
    [ $RETVAL = 0 ] && /bin/touch -f "$COMMON_LOCKFILE"
}

stop1() {
    stop_daemon $COMMON_OPTIONS snort
    local retval=$?
    [ $RETVAL -eq 0 ] && RETVAL=$retval
    return $retval
}

stop() {
    foreach_iface stop1
    [ $RETVAL = 0 ] && /bin/rm -f "$COMMON_LOCKFILE"
}

restart() {
    stop
    start
}

reload1() {
    stop_daemon $COMMON_OPTIONS -HUP snort
    local retval=$?
    [ $RETVAL -eq 0 ] && RETVAL=$retval
    return $retval
}

reload() {
    restart
    return

    # Following code works only when snort daemon is running
    # under root privileges and without chrooting!
    msg_reloading snort
    foreach_iface reload1
}

status1() {
    status $COMMON_OPTIONS snort
    local retval=$?
    [ $RETVAL -eq 0 ] && RETVAL=$retval
}

checkstatus() {
    foreach_iface status1
}

# See how we were called.
case "$1" in
    start)    start        ;;
    stop)     stop         ;;
    status)   checkstatus  ;;
    restart)  restart      ;;
    reload)   reload       ;;
    condstop)    is_loaded && stop    ;;
    condrestart) is_loaded && restart ;;
    condreload)  is_loaded && reload  ;;
    *)
	msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
	RETVAL=1
esac

exit $RETVAL
