#!/bin/sh
#
# Startup script to for Snort Network Intrusion Detection
#
# chkconfig: 2345 99 01
# description: Snort Network Intrusion Detection System

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# Source auto-configure functions
[ -e /etc/init.d/functions-automagic ] && source /etc/init.d/functions-automagic
[ -e /etc/sysconfig/automagic ] && source /etc/sysconfig/automagic

RETVAL=0
prog="snort"

automagic() {
	# Bail if no-automagic is required
	if [ "$AUTOMAGIC" == "off" ]; then
		return
	fi

	# PPPOEKLUDGE: don't startup when PPPoE is down.  We have to count on
	# servicewatch to restart snort (sigh).
	DNSCHECK=`host -W 5 www.pointclark.net 2>&1 | grep www.pointclark.net`
	if [ -z "$DNSCHECK" ]; then
		echo -n "... waiting for network connection"
		success
		echo ""
		exit 0
	fi

	# AUTOMAGIC_EXTNETS was added with multi-WAN support.
	# Use old AUTOMAGIC_EXTNET (no S) if AUTOMAGIC_EXTNETS does not exist.
	
	if [ -z "$AUTOMAGIC_EXTNETS" ]; then
		AUTOMAGIC_EXTNETS="$AUTOMAGIC_EXTNET"
	fi

	# Define HOME_NET in /etc/snort.conf
	for NET in $AUTOMAGIC_LANNETS $AUTOMAGIC_DMZNETS $AUTOMAGIC_EXTNETS; do
		ESCAPEDNET=`echo $NET | sed 's/\//\\\\\//'`
		NETLIST="$ESCAPEDNET,$NETLIST"
	done

	NETLIST=`echo $NETLIST | sed 's/,$//'`  # Remove trailing comma
	sed -e "s/^var HOME_NET.*/var HOME_NET [${NETLIST}]/" /etc/snort.conf > /etc/snort.conf.new
	mv /etc/snort.conf.new /etc/snort.conf

	# Creates a dummy file for /etc/logrotate.d/snort script
	if [ -d /var/log/snort ]; then
		echo "Used for logrotate... do not delete" > /var/log/snort/logrotate
	fi

	# Pull in /etc/firewall settings
	[ -e /etc/firewall ] && source /etc/firewall
}

# See how we were called.
case "$1" in
  start)
	echo -n $"Starting $prog: "
	if test "x`/sbin/pidof snort`" != x; then
		failure
		echo ""
	else 
		automagic
		# Add support for multiwan
		if [ -n "$EXTIF" ]; then
				for INTERFACE in $EXTIF; do
						[[ "$INTERFACE" != eth* ]] && continue

						if [ -e /etc/snort_$INTERFACE.conf ]; then
								daemon /usr/local/nsc/scripts/sng-redirect-syslog snort.initd /usr/local/nsc/bin/snort -i $INTERFACE -D -c /etc/snort_$INTERFACE.conf
						else
								daemon /usr/local/nsc/scripts/sng-redirect-syslog snort.initd /usr/local/nsc/bin/snort -i $INTERFACE -D -c /etc/snort.conf
						fi
				done
		else
				daemon /usr/local/nsc/scripts/sng-redirect-syslog snort.initd snort -D -c /etc/snort.conf
		fi
		RETVAL=$?
		echo
		[ $RETVAL -eq 0 ] && touch /var/lock/snort
	fi
	;;
  stop)
	echo -n $"Stopping $prog: "
	killproc snort
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/snort
	;;
  status)
	status snort
	RETVAL=$?
	;;
  condrestart)
	if test "x`/sbin/pidof snort`" != x; then
		$0 stop
		$0 start
		RETVAL=$?
	fi
	;;
  restart|reload)
	$0 stop
	$0 start
	RETVAL=$?
	;;
  *)
	echo $"Usage: $0 {start|stop|status|restart|condrestart|reload}"
	exit 1
esac

exit $RETVAL
