#!/bin/sh # # snortd Start/Stop the snort IDS daemon. # # chkconfig: 2345 40 60 # description: snort is a lightweight network intrusion detection tool that # currently detects more than 1100 host and network # vulnerabilities, portscans, backdoors, and more. # # June 10, 2000 -- Dave Wreski <dave@linuxsecurity.com> # - initial version # # July 08, 2000 Dave Wreski <dave@guardiandigital.com> # - added snort user/group # - support for 1.6.2 # July 31, 2000 Wim Vandersmissen <wim@bofh.st> # - added chroot support # Source function library. . /etc/rc.d/init.d/functions [ -f /etc/sysconfig/snort ] && . /etc/sysconfig/snort # See how we were called. case "$1" in start) if [ -x /usr/sbin/snort -a ! -e /var/lock/subsys/snort ]; then gprintf "Starting snort: " cd /var/log/snort daemon /usr/sbin/snort -u snort -g snort -s -d -D \ -i ${INTERFACE} -l /var/log/snort -c /etc/snort/snort.conf touch /var/lock/subsys/snort echo else gprintf "Snort already running.\n" fi ;; stop) gprintf "Stopping snort: " killproc snort rm -f /var/lock/subsys/snort rm -f /var/run/snort_${INTERFACE}.pid echo ;; restart) $0 stop $0 start ;; status) status snort ;; *) gprintf "Usage: $0 {start|stop|restart|status}" exit 1 esac exit 0