Skip to content

Instantly share code, notes, and snippets.

@isMTv

isMTv/suricata

Last active August 17, 2022 12:36
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save isMTv/e05207396ccf533a5929213a183a3e12 to your computer and use it in GitHub Desktop.
Save isMTv/e05207396ccf533a5929213a183a3e12 to your computer and use it in GitHub Desktop.
Download ZIP
/etc/init.d/
Raw
suricata
#!/bin/sh -e
#
### BEGIN INIT INFO
# Provides: suricata
# Required-Start: $time $network $local_fs $remote_fs
# Required-Stop: $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Next Generation IDS/IPS
# Description: Intrusion detection system that will
# capture traffic from the network cards and will
# match against a set of known attacks.
### END INIT INFO
# Source function library.
. /lib/lsb/init-functions
if test -f /etc/default/suricata; then
. /etc/default/suricata
else
echo "/etc/default/suricata is missing... bailing out!" >&2
exit 1
fi
# We'll add up all the options above and use them
NAME=suricata
DAEMON=/usr/bin/$NAME
# Use this if you want the user to explicitly set 'RUN' in
# /etc/default/
if [ "x$RUN" != "xyes" ] ; then
log_failure_msg "$NAME disabled, please adjust the configuration to your needs "
log_failure_msg "and then set RUN to 'yes' in /etc/default/$NAME to enable it."
exit 0
fi
check_root() {
if [ "$(id -u)" != "0" ]; then
log_failure_msg "You must be root to start, stop or restart $NAME."
exit 4
fi
}
check_nfqueue() {
if [ ! \( -e /proc/net/netfilter/nfnetlink_queue -o -e /proc/net/netfilter/nf_queue \) ]; then
log_warning_msg "NFQUEUE support not found !"
log_warning_msg "Please ensure the nfnetlink_queue module is loaded or built in kernel"
fi
}
check_run_dir() {
if [ ! -d /var/run/suricata ]; then
mkdir /var/run/suricata
chmod 0755 /var/run/suricata
fi
}
load_libtcmalloc_minimal() {
lib="/usr/lib/libtcmalloc_minimal.so.4"
if [ -f "$lib" ] && [ "x$TCMALLOC" = "xYES" ]; then
export LD_PRELOAD="$lib"
fi
}
check_root
case "$LISTENMODE" in
nfqueue)
IDMODE="IPS (nfqueue)"
LISTEN_OPTIONS=" -q $NFQUEUE"
check_nfqueue
;;
pcap)
IDMODE="IDS (pcap)"
LISTEN_OPTIONS=" -i $IFACE"
;;
af-packet)
IDMODE="IDS (af-packet)"
LISTEN_OPTIONS=" --af-packet"
;;
*)
echo "Unsupported listen mode $LISTENMODE, aborting"
exit 1
;;
esac
SURICATA_OPTIONS=" -c $SURCONF --pidfile $PIDFILE $LISTEN_OPTIONS -D"
# See how we were called.
case "$1" in
start)
if [ -f $PIDFILE ]; then
PID1=$(cat $PIDFILE)
if kill -0 "$PID1" 2>/dev/null; then
echo "$NAME is already running with PID $PID1"
exit 0
fi
fi
check_run_dir
echo -n "Starting suricata in $IDMODE mode..."
load_libtcmalloc_minimal
$DAEMON $SURICATA_OPTIONS > /var/log/suricata/suricata-start.log 2>&1 &
echo " done."
;;
stop)
echo -n "Stopping suricata: "
if [ -f $PIDFILE ]; then
PID2=$(cat $PIDFILE)
else
echo " No PID file found; not running?"
exit 0;
fi
start-stop-daemon --oknodo --stop --quiet --pidfile=$PIDFILE --exec $DAEMON
if [ -n "$PID2" ]; then
kill "$PID2"
ret=$?
sleep 2
if kill -0 "$PID2" 2>/dev/null; then
ret=$?
echo -n "Waiting . "
cnt=0
while kill -0 "$PID2" 2>/dev/null; do
ret=$?
cnt=$(expr "$cnt" + 1)
if [ "$cnt" -gt 10 ]; then
kill -9 "$PID2"
break
fi
sleep 2
echo -n ". "
done
fi
fi
if [ -e $PIDFILE ]; then
rm $PIDFILE > /dev/null 2>&1
fi
echo " done."
;;
status)
# Check if running...
if [ -s $PIDFILE ]; then
PID3=$(cat $PIDFILE)
if kill -0 "$PID3" 2>/dev/null; then
echo "$NAME is running with PID $PID3"
exit 0
else
echo "PID file $PIDFILE exists, but process not running!"
fi
else
echo "$NAME not running!"
fi
;;
restart)
$0 stop
$0 start
;;
force-reload)
$0 stop
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
exit 1
esac
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment