suricata6: IDS/IPS/NDM version 6.0.4

Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess even the most sophisticated attacks. Signed-off-by: Donald Hoskins <grommish@gmail.com>
author: Donald Hoskins <grommish@gmail.com> 2022-03-25 23:35:18 -0400
committer: Toni Uhlig <matzeton@googlemail.com> 2022-09-11 13:16:26 +0200
commit: fc9bc4922d0e56cadc4932abcf619a1960456ae6 (patch)
tree: c93d54756cc695c5cfcd008af7a12fc9506fbddc /net/suricata6/files/etc/init.d/suricata
parent: 5bbd4b2038f612218895e2ceb6c80ae80ea8a6b6 (diff)
1 files changed, 82 insertions, 0 deletions
diff --git a/net/suricata6/files/etc/init.d/suricata b/net/suricata6/files/etc/init.d/suricata
new file mode 100755
index 0000000..ae92ca5
--- /dev/null
+++ b/net/suricata6/files/etc/init.d/suricata
@@ -0,0 +1,82 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2021 Ashkan Jazayeri <ashkan@jazayeri.net>
+
+START=99
+STOP=10
+
+USE_PROCD=1
+PROG=/usr/bin/suricata
+
+validate_suricata_section() {
+	uci_load_validate suricata suricata "$1" "$2" \
+		'scan_mode:string:af-packet' \
+		'interface:string' \
+		'config_file:string' \
+		'logdir:string' \
+		'pidfile:string' \
+		'rules_file:string' \
+		'verbose:range(0,4):0' \
+		'queue:list(range(0,65535))'
+}
+
+start_suricata_instance() {
+	[ "$2" = 0 ] || {
+		echo "validation failed"
+		return 1
+	}
+
+	[ -f $pidfile -a -z $(pgrep suricata) ] && rm $pidfile && \
+		logger -t suricata[init_script] -p daemon.alert -s \
+		"Suricata was not closed properly or it has crashed. Successfully removed the previous $pidfile"
+
+	[ ! -d $logdir ] && mkdir -p $logdir
+
+	procd_open_instance
+	procd_set_param command $PROG -c $config_file
+	[ $rules_file ] && \
+		procd_append_param command -s $rules_file
+	procd_set_param file $config_file
+
+	[ "$verbose" -gt 0 ] && {
+		procd_append_param command -$(printf 'v%.0s' $(seq 1 $verbose))
+		procd_set_param stdout 1
+		procd_set_param stderr 1
+	}
+
+		case "$scan_mode" in
+			"af-packet" )
+				procd_append_param command --af-packet
+				procd_append_param command -i $interface
+				;;
+			"nfq" )
+				[ -n "$queue" ] || {
+					logger -t suricata[init_script] -p daemon.emerg -s "No queue list provided. In NFQUEUE mode, a queue list must be specified under suricata config section (e.g. uci add_list suricata.service.queue=9)"
+					return 1
+				}
+				for number in $queue; do procd_append_param command -q $number ;done
+				;;
+		esac
+
+		procd_set_param respawn
+		procd_close_instance
+}
+
+start_service() {
+	validate_suricata_section service start_suricata_instance
+}
+
+
+stop_service()
+{
+	service_stop $PROG
+}
+
+reload_service() {
+	procd_send_signal suricata '*' SIGUSR2
+}
+
+service_triggers()
+{
+	procd_add_reload_trigger "suricata"
+	procd_add_validation validate_suricata_section
+}
author	Donald Hoskins <grommish@gmail.com>	2022-03-25 23:35:18 -0400
committer	Toni Uhlig <matzeton@googlemail.com>	2022-09-11 13:16:26 +0200
commit	fc9bc4922d0e56cadc4932abcf619a1960456ae6 (patch)
tree	c93d54756cc695c5cfcd008af7a12fc9506fbddc /net/suricata6/files/etc/init.d/suricata
parent	5bbd4b2038f612218895e2ceb6c80ae80ea8a6b6 (diff)