#!/bin/sh
# Start/stop/restart snort

# This tell snort which interface to listen on ("any" == every interface)
IFACE=${IFACE:-eth0}

# Make sure this matches your IFACE
PIDFILE=/var/log/snort/snort.pid

# You probably don't want to change this, but in case you do
LOGDIR="/var/log/snort"

# You need to edit this configuration file first
# Default configuration is not really helpful, so we skip it for now
CONF=/etc/snort/snort.lua

# Start snort:
snort_start() {
  CMDLINE="/usr/bin/snort -u snort -g snort -d -D -L pcap -i $IFACE -l $LOGDIR"
  echo "Starting Snort daemon:  $CMDLINE"
  $CMDLINE --create-pidfile -l $LOGDIR
  echo
}

# Stop snort:
snort_stop() {
  if [ -f "$PIDFILE" ]; then
    echo -n "Stopping Snort daemon (interface $IFACE)..."
    kill $(cat $PIDFILE)
    echo
    sleep 1
    rm -f $PIDFILE
  else
    echo "Pidfile $PIDFILE not found!"
    echo "Either Snort is not running or you should specify IFACE=xxxx"
    exit 1
  fi
}

# Restart snort:
snort_restart() {
  snort_stop && sleep 1 && snort_start
}

case "$1" in
'start')
  snort_start
  ;;
'stop')
  snort_stop
  ;;
'restart')
  snort_restart
  ;;
*)
  echo "usage $0 start|stop|restart"
esac