diff options
Diffstat (limited to 'debian/suricata.init')
| -rw-r--r-- | debian/suricata.init | 167 |
1 files changed, 167 insertions, 0 deletions
diff --git a/debian/suricata.init b/debian/suricata.init new file mode 100644 index 0000000..951e42a --- /dev/null +++ b/debian/suricata.init @@ -0,0 +1,167 @@ +#!/bin/sh -e +# +### BEGIN INIT INFO +# Provides: suricata +# Required-Start: $time $network $local_fs $remote_fs +# Required-Stop: $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Next Generation IDS/IPS +# Description: Intrusion detection system that will +# capture traffic from the network cards and will +# match against a set of known attacks. +### END INIT INFO + +# Source function library. +. /lib/lsb/init-functions + +if test -f /etc/default/suricata; then + . /etc/default/suricata +else + echo "/etc/default/suricata is missing... bailing out!" >&2 + exit 1 +fi + +# We'll add up all the options above and use them +NAME=suricata +DAEMON=/usr/bin/$NAME + +# Use this if you want the user to explicitly set 'RUN' in +# /etc/default/ +if [ "x$RUN" != "xyes" ] ; then + log_failure_msg "$NAME disabled, please adjust the configuration to your needs " + log_failure_msg "and then set RUN to 'yes' in /etc/default/$NAME to enable it." + exit 0 +fi + +check_root() { + if [ "$(id -u)" != "0" ]; then + log_failure_msg "You must be root to start, stop or restart $NAME." + exit 4 + fi +} + +check_nfqueue() { + if [ ! \( -e /proc/net/netfilter/nfnetlink_queue -o -e /proc/net/netfilter/nf_queue \) ]; then + log_warning_msg "NFQUEUE support not found !" + log_warning_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel" + fi +} + +check_run_dir() { + if [ ! -d /var/run/suricata ]; then + mkdir /var/run/suricata + chmod 0755 /var/run/suricata + fi +} + +load_libtcmalloc_minimal() { + lib="/usr/lib/libtcmalloc_minimal.so.4" + + if [ -f "$lib" ] && [ "x$TCMALLOC" = "xYES" ]; then + export LD_PRELOAD="$lib" + fi +} + +check_root + +case "$LISTENMODE" in +nfqueue) + IDMODE="IPS (nfqueue)" + LISTEN_OPTIONS=" -q $NFQUEUE" + check_nfqueue + ;; +pcap) + IDMODE="IDS (pcap)" + LISTEN_OPTIONS=" -i $IFACE" + ;; +af-packet) + IDMODE="IDS (af-packet)" + LISTEN_OPTIONS=" --af-packet" + ;; +*) + echo "Unsupported listen mode $LISTENMODE, aborting" + exit 1 + ;; +esac + +SURICATA_OPTIONS=" -c $SURCONF --pidfile $PIDFILE $LISTEN_OPTIONS -D" + +# See how we were called. +case "$1" in +start) + if [ -f $PIDFILE ]; then + PID1=$(cat $PIDFILE) + if kill -0 "$PID1" 2>/dev/null; then + echo "$NAME is already running with PID $PID1" + exit 0 + fi + fi + check_run_dir + echo -n "Starting suricata in $IDMODE mode..." + load_libtcmalloc_minimal + $DAEMON $SURICATA_OPTIONS > /var/log/suricata/suricata-start.log 2>&1 & + echo " done." + ;; +stop) + echo -n "Stopping suricata: " + if [ -f $PIDFILE ]; then + PID2=$(cat $PIDFILE) + else + echo " No PID file found; not running?" + exit 0; + fi + start-stop-daemon --oknodo --stop --quiet --pidfile=$PIDFILE --exec $DAEMON + if [ -n "$PID2" ]; then + kill "$PID2" + ret=$? + sleep 2 + if kill -0 "$PID2" 2>/dev/null; then + ret=$? + echo -n "Waiting . " + cnt=0 + while kill -0 "$PID2" 2>/dev/null; do + ret=$? + cnt=$(expr "$cnt" + 1) + if [ "$cnt" -gt 10 ]; then + kill -9 "$PID2" + break + fi + sleep 2 + echo -n ". " + done + fi + fi + if [ -e $PIDFILE ]; then + rm $PIDFILE > /dev/null 2>&1 + fi + echo " done." + ;; +status) + # Check if running... + if [ -s $PIDFILE ]; then + PID3=$(cat $PIDFILE) + if kill -0 "$PID3" 2>/dev/null; then + echo "$NAME is running with PID $PID3" + exit 0 + else + echo "PID file $PIDFILE exists, but process not running!" + fi + else + echo "$NAME not running!" + fi + ;; +restart) + $0 stop + $0 start + ;; +force-reload) + $0 stop + $0 start + ;; +*) + echo "Usage: $0 {start|stop|restart|status}" + exit 1 +esac + +exit 0 |