blob: 089a8b2e51dd7170a7ec4518ce72da430c32fb83 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#!/bin/sh
set -ex
SERVICE="suricata.service"
ETC_SERVICE_FILE="/etc/systemd/system/${SERVICE}"
LIB_SERVICE_FILE="/lib/systemd/system/${SERVICE}"
CONFIG_FILE="/etc/suricata/suricata.yaml"
IFACE=$(ip route show | awk '/default/ {print $5}')
if [ ! -r "$LIB_SERVICE_FILE" ] ; then
: ERROR unable to read $LIB_SERVICE_FILE
exit 1
fi
if [ ! -w "$CONFIG_FILE" ] ; then
: ERROR unable to write to $CONFIG_FILE
exit 1
fi
systemctl_action()
{
if ! systemctl $1 $SERVICE ; then
journalctl -u $SERVICE
return 1
fi
return 0
}
echo "
%YAML 1.1
---
default-rule-path: /etc/suricata/rules
rule-files:
- tor.rules
- http-events.rules
- smtp-events.rules
- dns-events.rules
- tls-events.rules
classification-file: /etc/suricata/classification.config
reference-config-file: /etc/suricata/reference.config
default-log-dir: /var/log/suricata/
af-packet:
- interface: $IFACE
cluster-id: 99
cluster-type: cluster_flow
defrag: yes
- interface: default
tpacket-v3: yes
block-size: 131072
app-layer:
protocols:
ssh:
enabled: yes
host-mode: auto
unix-command:
enabled: yes
filename: /var/run/suricata-command.socket
detect:
profile: medium
custom-values:
toclient-groups: 3
toserver-groups: 25
sgh-mpm-context: auto
inspection-recursion-limit: 3000
grouping:
profiling:
grouping:
dump-to-disk: false
include-rules: false
include-mpm-stats: false
mpm-algo: auto
spm-algo: auto
" > $CONFIG_FILE
#
# before start, package installation may start the daemon
#
if systemctl -q is-active $SERVICE ; then
: WARNING initial service running, stopping now
if ! systemctl_action stop ; then
: ERROR cant stop initial service
exit 1
fi
fi
#
# First run of the daemon and basic checks
#
if ! systemctl_action start ; then
: ERROR cant start the service
exit 1
fi
sleep 10 # wait for service startup
systemctl status $SERVICE
#
# Restart the daemon
#
if ! systemctl_action restart ; then
: ERROR unable to restart the service
exit 1
fi
sleep 10 # wait for serive startup
if ! systemctl -q is-active $SERVICE ; then
journalctl -u $SERVICE
: ERROR service not active after restart
exit 1
fi
#
# Reload the daemon
#
: WARNING: Not testing daemon reload: it timeouts in ci.debian.net
#if ! systemctl_action reload ; then
# : ERROR unable to reload the service
# exit 1
#fi
#sleep 10 # wait for service reload
#if ! systemctl -q is-active $SERVICE ; then
# journalctl -u $SERVICE
# : ERROR service not active after reload
# exit 1
#fi
: INFO all tests OK
exit 0
|
