#!/sbin/sh
#
# powered by: Andre' Lue
# ident     : @(#)snort   ver 1.0.0   01/28/2001   01/28/2001   ASL
# signature : UNLEASH HELL
#
INT="bge1"
USR="nobody"
GRP="nobody"
BIN="/usr/bin"
SBIN="/usr/sbin"
CBIN="/usr/local/bin"
ROOT="/export/home/ids"
CFG="/usr/local/etc/snort.conf"
LOG="/tmp"
ALF="/tmp/alert"
PRF="/tmp/portscan"

case "${1}" in
'start')
   # start snort
   if [ -x ${ROOT}/${CBIN}/snort -a -f ${ROOT}/${CFG} ] ; then
      # roll alert and portscan logs
      DM=`date +'%m%d'`
      TM=`date +'%H%M'`
      cp -p ${ROOT}${ALF} ${ROOT}${ALF}-${DM}@${TM}.log
      cat /dev/null > ${ROOT}${ALF}
      cp -p ${ROOT}${PRF} ${ROOT}${PRF}-${DM}@${TM}.log
      cat /dev/null > ${ROOT}${PRF}

      echo "starting SNORT Intrusion Detection System."
      ${SBIN}/chroot ${ROOT} ${CBIN}/snort \
      -D -b -i ${INT} -c ${CFG} -u ${USR} -g ${GRP} -l ${LOG} &
   fi
   ;;

'stop')
   echo "stopping SNORT Intrusion Detection System."
   ${BIN}/kill `ps -ef | grep -v grep | grep -v S99 | \
                grep snort | awk '{print $2}'`
   ;;

'restart')
   /etc/rc3.d/S99snort stop
   /etc/rc3.d/S99snort start
   exit 0
   ;;

*)
   echo "\nusage: ${0} { start | stop | restart }\n"
   exit 1
   ;;
esac
exit 0