#!/bin/sh
#
# /etc/init.d/rc.d/snortd
#
# chkconfig: - 90 10
# description:  snort is a lightweight network intrusion detection tool that
#		currently detects more than 1100 host and network
#		vulnerabilities, portscans, backdoors, and more.
# processname: snort
# config: /etc/snort/snort.conf
# pidfile: /var/run/snort.pid

# Do not load RH compatibility interface.
WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

# Get config.
CONFIG=/etc/sysconfig/snort
SourceIfNotEmpty "$CONFIG" || exit 0

RETVAL=0

[ -n "$INTERFACES" ] || exit 0

IFN=`echo $INTERFACES | sed -e 's/, */ /g' | awk '{split($0, iface); {for (i in iface) {print $i;}}}'`

start()
{
    for i in $IFN; do
	PIDFILE=/var/run/snort_$i.pid
	LOCKFILE=/var/lock/subsys/snort_$i
	start_daemon --pidfile "$PIDFILE" \
	    --lockfile "$LOCKFILE" \
	    --expect-user snort -- \
	    snort -u snort -g snort \
	    -t /var/log/snort \
	    $(eval echo $(echo \$`echo ADDPARAMS_$i`))
	RETVAL=$?
	if [ $RETVAL != 0 ]; then
	    return $RETVAL
	fi
    done
}

stop()
{
    for i in $IFN; do
	PIDFILE=/var/run/snort_$i.pid
	LOCKFILE=/var/lock/subsys/snort_$i
	stop_daemon --pidfile "$PIDFILE" \
	    --lockfile "$LOCKFILE" \
	    --expect-user snort \
	    snort
    done
    return $RETVAL
}

restart()
{
    stop
    start
}

# See how we were called.
case "$1" in
    start)
	start
	;;
    stop)
	stop
	;;
    restart|reload)
	restart
	;;
    condstop)
	if [ -e "$LOCKFILE" ]; then
	    stop
	fi
	;;
    condrestart)
	if [ -e "$LOCKFILE" ]; then
	    restart
	fi
	;;
    condreload)
	if [ -e "$LOCKFILE" ]; then
	    restart
	fi
	;;
    status)
	for i in $IFN; do
	    PIDFILE=/var/run/snort_$i.pid
	    status --pidfile "$PIDFILE" --expect-user snort snort
	    RETVAL=$?
	done
	;;
    *)
	msg_usage "${0##*/} {start|stop|reload|restart|condstop|condrestart|condreload|status}"
	RETVAL=1
esac

exit $RETVAL
