#!/bin/bash
#
# Init file for suricata
#
#
# chkconfig: 345 52 48
# description: Network Intrusion Detection System
#
# processname: Suricata
# pidfile: /var/run/suricata.pid

source /etc/rc.d/init.d/functions


### Read configuration
[ -r "$SYSCONFIG" ] && source "$SYSCONFIG"

RETVAL=0
prog="suricata"
desc="Suricata IDS"

start() {
    # Make sure the interfaces are up, or suricata won't start.
    for interface in <% @interface.each do |int| -%><%= int %> <% end -%>
    do
        /sbin/ifconfig $interface up
    done

    echo -n $"Starting $desc ($prog): "
    daemon "suricata -D -c /etc/suricata/suricata.yaml <% @interface.each do |int| -%> -i <%= int %> <% end -%> >> /var/log/suricata/suricata.log"
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
    return $RETVAL
}

stop() {
    echo -n $"Shutting down $desc ($prog): "
    killproc $prog
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
    return $RETVAL
}

restart() {
    stop
    start
}

reload() {
    echo "Checking config before restarting"
    suricata -T -c /etc/suricata/suricata.yaml >/dev/null 2>&1
    RETVAL=$?
    if [ $RETVAL -eq 0 ]
    then
        kill -USR2 $(cat /var/run/suricata.pid)
    else
        echo "Config broken, not reloading"
    fi
    return $RETVAL
}

case "$1" in
  start)
    start
    ;;
  stop)
    stop
    ;;
  restart)
    restart
    ;;
  reload)
    reload
    ;;
  condrestart)
    [ -e /var/lock/subsys/$prog ] && restart
    RETVAL=$?
    ;;
  status)
    status $prog
    RETVAL=$?
    ;;
  *)
    echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
    RETVAL=1
esac

exit $RETVAL