#!/bin/bash
#
# chkconfig: 35 90 12
# description: Start/Stop snort
#

# OK, WHAT ARE WE WATCHING
# - normally on most VM hosts using bridging I would use br0
# - on my laptop that uses bridging I put it on the wireless adapter even tho br0 got all traffic
# - if you do not use bridging use the actual interface ie: eth0
interface="eth0"

case "$1" in
  "test") /usr/local/bin/snort -T -i ${interface} -u snort -g snort -c /etc/snort/snort.conf
          ;;
  "foreground") /usr/local/bin/snort -A fast -b -d -i ${interface} -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort -b
          ;;
  "start") myid=`whoami`
           if [ "${myid}." == "root." ];
           then
              /usr/local/bin/snort -D -A fast -b -d -i ${interface} -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort -b 
           else
              echo "snort not started. You must be the root user to start snort"
           fi
          ;;
  "status") pid=`ps -ef | grep '/usr/local/bin/snort' | grep -v grep | awk {'print $2'}`
          if [ "${pid}." == "." ];
          then
             echo "snort is not running"
          else
             echo "snort is running (pid ${pid})"
          fi
          ;;
  "stop") pid=`ps -ef | grep '/usr/local/bin/snort' | grep -v grep | awk {'print $2'}`
          if [ "${pid}." == "." ];
          then
             echo "snort is not running"
          else
             kill -9 ${pid}
             pid=`ps -ef | grep '/usr/local/bin/snort' | grep -v grep | awk {'print $1'}`
             if [ "${pid}." != "." ];
             then
                echo "Unable to stop snort process (pid ${pid})"
             fi
          fi
          ;;
  *)      echo "Expecting: test/foreground/start/stop/reload"
          exit 1
          ;;
esac
exit 0