#!/bin/sh
#
# snort         Start/Stop the snort IDS daemon.
#
# chkconfig: 2345 40 60
# description:  snort is a lightweight network intrusion detection tool that
#		currently detects more than 1100 host and network
#		vulnerabilities, portscans, backdoors, and more.
#

# Source function library.
. /etc/rc.d/init.d/functions
. /etc/sysconfig/network

# Get service config - may override defaults
[ -f /etc/sysconfig/snort ] && . /etc/sysconfig/snort

# Check that networking is up.
if is_yes "${NETWORKING}"; then
        if [ ! -f /var/lock/subsys/network ]; then
                # nls "ERROR: Networking is down. %s can't be run." <service>
                msg_network_down snort
                exit 1
        fi
else
        exit 0
fi

# See how we were called.
case "$1" in
  start)
        # Check if the service is already running?
        if [ ! -f /var/lock/subsys/snort ]; then
                # show "Starting %s service." <service>
                msg_starting snort
		# we need full path here; see SnortUsersManual.pdf
                daemon 	/usr/sbin/snort \
			-u snort -g snort -d -D \
			-l /var/log/snort -c /etc/snort/snort.conf
                RETVAL=$?
                [ $RETVAL -eq 0 ] && touch /var/lock/subsys/snort
        else
                # show "%s service is already running." <service>
                msg_already_running snort
                exit 1
        fi
	;;
  stop)
        # Stop daemons.
        # show "Stopping %s service" <service>
        if [ -f /var/lock/subsys/snort ]; then
                msg_stopping snort
                killproc snort
                RETVAL=$?
                rm -f /var/lock/subsys/snort
        else
                # show "%s service is not running." <service>
                msg_not_running snort
                exit 1
        fi
	;;
  reload)
	msg_reloading snort
	killproc snort -HUP
	RETVAL=$?
	;;
  restart)
	$0 stop
	$0 start
	;;
  status)
	status snort
	;;
  *)
	echo "Usage: $0 {start|stop|reload|restart|status}"
	exit 1
esac

exit $RETVAL
