CVS: moonbase/security/portsentry/init.d portsentry,NONE,1.1

sofar at lunar-linux.org sofar at lunar-linux.org
Sun Aug 3 12:50:04 GMT 2003


Update of /var/cvs/lunar/moonbase/security/portsentry/init.d
In directory dbguin.lunar-linux.org:/tmp/cvs-serv29735/init.d

Added Files:
	portsentry 
Log Message:
Adding init.d wrappers for portsentry: a portsentry.modes default file for better hinting how to startup portsentry, and a proper init.d script that doesn't need any editing. Should make portsentry a lot easier to install!


--- NEW FILE: portsentry ---
#!/bin/bash
#
# portsentry Start the portsentry portscan detector 
#
# Authors: Craig Rowland <crowland at psionic.com>, Tim Powers <timp at redhat.com>
#          and Matthias Saou <matthias.saou at est.une.marmotte.net>
#
# chkconfig: 345 98 05
# description: PortSentry Port Scan Detector is part of the Abacus Project \
#              suite of tools. The Abacus Project is an initiative to release \
#              low-maintenance, generic, and reliable host based intrusion \
#              detection software to the Internet community.
# processname: portsentry
# configfile: /etc/portsentry/portsentry.conf
# configfile: /etc/portsentry/portsentry.modes
# pidfile: /var/run/portsentry.pid

start () {
	# Set up the ignore file
	SENTRYDIR=/etc/portsentry
	FINALIGNORE=$SENTRYDIR/portsentry.ignore
        TMPFILE=$SENTRYDIR/portsentry.ignore.tmp
	# Testline is used to see if the initscript has already been run
	if [ -f $FINALIGNORE ] ; then
	  cp -f $FINALIGNORE $TMPFILE
	  testline=`grep -n "Do NOT edit below this" $TMPFILE | cut --delimiter=":" -f1`
	  if [ -n "$testline" ] ; then
	    let headline=$testline-2
	    head -$headline $FINALIGNORE > $TMPFILE
	  fi
	fi
	echo '#########################################' >> $TMPFILE
	echo '# Do NOT edit below this line, if you   #' >> $TMPFILE
	echo '# do, your changes will be lost when    #' >> $TMPFILE
	echo '# portsentry is restarted via the       #' >> $TMPFILE
	echo '# initscript. Make all changes above    #' >> $TMPFILE
	echo '# this box.                             #' >> $TMPFILE
	echo '#########################################' >> $TMPFILE

	echo '' >> $TMPFILE
	echo '# Exclude all local interfaces' >> $TMPFILE
	for i in `/sbin/ifconfig -a | grep inet | awk '{print $2}' | sed 's/addr://'` ; do
	  echo $i >> $TMPFILE
	done

	echo '' >> $TMPFILE
	echo '# Exclude the default gateway(s)' >> $TMPFILE
	for i in `/sbin/route -n | grep ^0.0.0.0 | awk '{print $2}'` ; do
	  echo $i >> $TMPFILE
	done

	echo '' >> $TMPFILE
	echo '# Exclude the nameservers' >> $TMPFILE
	for i in `/bin/cat /etc/resolv.conf | grep ^nameserver | awk '{print $2}'` ; do
	  echo $i >> $TMPFILE
	done

	echo '' >> $TMPFILE
	echo '# And last but not least...' >> $TMPFILE
	echo '0.0.0.0' >> $TMPFILE
	echo '' >> $TMPFILE

	cp -f $TMPFILE $FINALIGNORE
	rm -f $TMPFILE

	# Check for modes defined in the config file
	if [ -s $SENTRYDIR/portsentry.modes ] ; then
	  modes=`cut -d "#" -f 1 $SENTRYDIR/portsentry.modes`
	else
	  modes="atcp audp"
	fi
	for i in $modes ; do
	  echo -n "Starting portsentry -$i: "
	  /usr/sbin/portsentry -$i && echo -e $RESULT_OK || echo -e $RESULT_FAIL
	  RETVAL=$?
	done

	/bin/pgrep -P 1 portsentry > /var/run/portsentry.pid
}

stop() {
	echo -n "Stopping portsentry: "
	kill $(cat /var/run/portsentry.pid) && rm /var/run/portsentry.pid && echo -e $RESULT_OK || echo -e $RESULT_FAIL
	RETVAL=$?
}


# Source function library.
. /lib/lsb/init-functions

exit $RETVAL




More information about the Lunar-commits mailing list