File rc.portsentry of Package portsentry

#! /bin/sh
# Copyright (c) 2012 Klaus Singvogel, Kaierberg, Dentlein a.F., Germany.
# All rights reserved.
#
# Author: Klaus Singvogel <bugs@singvogel.com>
#
# /etc/init.d/portsentry
#
# Template system startup script for some example service/daemon portsentry
#
#
### BEGIN INIT INFO
# Provides:          portsentry
# Required-Start:    $local_fs $syslog $network $named
# Should-Start:      $time
# Required-Stop:     $local_fs $syslog $network $named
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: portsentry: port scan detection tool
# Description:       Portsentry - a program designed to detect and respond
#	to port scans against a target host in real-time.
### END INIT INFO

IDENT=portsentry

test -s /etc/sysconfig/$IDENT && \
     . /etc/sysconfig/$IDENT

# Check for missing binaries (stale symlinks should not happen)
PORTSENTRY_BIN=@bindir@/$IDENT
test -x $PORTSENTRY_BIN || exit 5

# Check for existence of needed config file and read it
PORTSENTRY_CONFIG=@confdir@/portsentry.conf
test -r $PORTSENTRY_CONFIG || exit 6
. $PORTSENTRY_CONFIG

# Source LSB init functions
# providing start_daemon, killproc, pidofproc, 
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions

# source shell functions rc_* from /etc/rc.status:
. /etc/rc.status

# Reset status of this service
rc_reset

# Return values acc. to LSB for all commands but status:
# 0	  - success
# 1       - generic or unspecified error
# 2       - invalid or excess argument(s)
# 3       - unimplemented feature (e.g. "reload")
# 4       - user had insufficient privileges
# 5       - program is not installed
# 6       - program is not configured
# 7       - program is not running
# 8--199  - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
# 
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.

case "$1" in
    start)
	echo -n "Starting portsentry "
	# Note: starts only, if exactly ONE option is present
	startproc    -p /var/run/$IDENT-tcp.pid $PORTSENTRY_BIN ${PORTSENTRY_TCP_OPTION:--tcp}
	startproc -f -p /var/run/$IDENT-udp.pid $PORTSENTRY_BIN ${PORTSENTRY_UDP_OPTION:--udp}
	rc_status -v
	;;
    stop)
	echo -n "Shutting down portsentry "
	killproc -TERM $PORTSENTRY_BIN
	hosts=`awk '/TCP Blocked/{gsub("[^/]*/", "", $6); print $6}' < @confdir@/portsentry.blocked.tcp`
	for host in $hosts; do
	   regex_host=`echo $host | sed 's;\.;\\\\.;g'`
	   /usr/sbin/iptables -D INPUT -s $host -j DROP
	   perl -pi -e 's/^ALL: '$regex_host'\n//' /etc/hosts.deny
	   perl -pi -e 's/^.*'$regex_host' Port: [0-9]+ TCP Blocked\n//' @confdir@/portsentry.blocked.tcp
	   perl -pi -e 's/^.*'$regex_host' Port: [0-9]+ UDP Blocked\n//' @confdir@/portsentry.blocked.udp
	done
	hosts=`awk '/TCP Blocked/{gsub("[^/]*/", "", $6); print $6}' < @confdir@/portsentry.blocked.udp`
	for host in $hosts; do
	   regex_host=`echo $host | sed 's;\.;\\\\.;g'`
	   regex_host=`echo $host | sed 's;\.;\\\\.;g'`
	   /usr/sbin/iptables -D INPUT -s $host -j DROP
	   perl -pi -e 's/^ALL: '$regex_host'\n//' /etc/hosts.deny
	   perl -pi -e 's/^.*'$regex_host' Port: [0-9]+ UDP Blocked\n//' @confdir@/portsentry.blocked.udp
	done
	rc_status -v
	;;
    try-restart)
	## Do a restart only if the service was active before.
	## Note: try-restart is not (yet) part of LSB (as of 1.2)
	$0 status >/dev/null &&  $0 restart
	rc_status
	;;
    restart)
	## Stop the service and regardless of whether it was
	## running or not, start it again.
	$0 stop
	$0 start

	# Remember status and be quiet
	rc_status
	;;
    force-reload)
	echo -n "Reload service portsentry "
	$0 stop  &&  $0 start
	rc_status
	;;
    reload)
	## Like force-reload, but if daemon does not support
	## signaling, do nothing (!)
	rc_failed 3
	rc_status -v
	;;
    status)
	echo -n "Checking for service portsentry "
	## Check status with checkproc(8), if process is running
	## checkproc will return with exit status 0.

	# Return value is slightly different for the status command:
	# 0 - service up and running
	# 1 - service dead, but /var/run/  pid  file exists
	# 2 - service dead, but /var/lock/ lock file exists
	# 3 - service not running (unused)
	# 4 - service status unknown :-(
	# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
	
	checkproc $PORTSENTRY_BIN
	rc_status -v
	;;
    *)
	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
	exit 1
	;;
esac
rc_exit