#!/bin/bash

#######################################################################
# etc.init.d.snort is copyright 2009 by ultrapig.com. All rights reserved.
# Application / script is hereby licensed under the
# 'Attribution-Noncommercial-Share Alike 3.0 United States' license.
# http://creativecommons.org/licenses/by-nc-sa/3.0/us/
# Read the license. Know your rights.
#
# (means you can't sell it, but you can use it forever wherever you need it)
#
# Snort rules are licensed by the nice folks at snort and are under
# their own license here: http://www.snort.org/snort/license/
#
#######################################################################
# Script runs snort for you. run it once to start snort, run it again to 
# quit snort. handy if you build from source all the time like I do 
#
#######################################################################
# Requrements:
# nothing much. copy it to your /etc/init.d directory, chmod +x and run it.
#
# Visit http://ultrapig.com for support or questions.
#######################################################################



# Check to see if I'm the root user. if not, then quit.

if [ $UID != 0 ]; then
        echo "`date` - you are not the root user. Quitting."
        exit
fi


# First, let's check for any snort PID's in /var/run. If there's a eth0.pid, then
# there may be more.
if [ -f /var/run/snort_eth0.pid ]; then
        echo "`date` - snort is running. Killing it off"

        # cat out the contents of the .pid files and kill them off
        # then, remove all the leftover .pid and lock files

                for i in `cat /var/run/snort_eth*.pid`; do
                        kill -9 $i
                        rm -rf /var/run/snort_eth*.pid
                        rm -rf /var/run/snort_eth*.pid.lck
                done
        else

# If snort isn't running, let's start it up.

echo "`date` - snort is not running. starting it up now..."

# To through all the eth* devices on the system and pass it to the "main"
# snort script. You will want to change that script a bit, depending on your
# setup and how you like to start your own snort

for i in `ifconfig | grep eth | awk ' { print $1 } '`; do
        echo "running snort -c /etc/snort/snort.conf -F /etc/snort/excludes.conf -D -i $i now"
        snort -c /etc/snort/snort.conf -F /etc/snort/excludes.conf -D -i $i
done
fi