#!/bin/bash
#
# portsentry Start the portsentry portscan detector 
#
# Authors: Craig Rowland <crowland@psionic.com>, Tim Powers <timp@redhat.com>
#          and Matthias Saou <matthias.saou@est.une.marmotte.net>
#
# chkconfig: 345 98 05
# description: PortSentry Port Scan Detector is part of the Abacus Project \
#              suite of tools. The Abacus Project is an initiative to release \
#              low-maintenance, generic, and reliable host based intrusion \
#              detection software to the Internet community.
# processname: portsentry
# configfile: /etc/portsentry/portsentry.conf
# pidfile: /var/run/portsentry.pid

# Source function library.
. /etc/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

# For this script to work on non english systems
export LANG=C

RETVAL=0

start () {
	# Set up the ignore file
	SENTRYDIR=/etc/portsentry
	FINALIGNORE=$SENTRYDIR/portsentry.ignore
	TMPFILE=/var/portsentry/portsentry.ignore.tmp
	# Testline is used to see if the initscript has already been run
	if [ -f $FINALIGNORE ] ; then
		cp -f $FINALIGNORE $TMPFILE
		testline=`grep -n "Do NOT edit below this" $TMPFILE | cut --delimiter=":" -f1`
		if [ -z "$testline" ] ; then
			echo > /dev/null # Do nothing
		else
			let headline=$testline-2
			head -$headline $FINALIGNORE > $TMPFILE
		fi
	fi
	echo '#########################################' >> $TMPFILE
	echo '# Do NOT edit below this line, if you   #' >> $TMPFILE
	echo '# do, your changes will be lost when    #' >> $TMPFILE
	echo '# portsentry is restarted via the       #' >> $TMPFILE
	echo '# initscript. Make all changes above    #' >> $TMPFILE
	echo '# this box.                             #' >> $TMPFILE
	echo '#########################################' >> $TMPFILE

	echo '' >> $TMPFILE
	echo '# Exclude all local interfaces' >> $TMPFILE
	for i in `/sbin/ifconfig -a | grep inet | awk '{print $2}' | sed 's/addr://'` ; do
		echo $i >> $TMPFILE
	done

	echo '' >> $TMPFILE
	echo '# Exclude the default gateway(s)' >> $TMPFILE
	for i in `/sbin/route -n | grep ^0.0.0.0 | awk '{print $2}'` ; do
		echo $i >> $TMPFILE
	done

	echo '' >> $TMPFILE
	echo '# Exclude the nameservers' >> $TMPFILE
	for i in `/bin/cat /etc/resolv.conf | grep ^nameserver | awk '{print $2}'` ; do
		echo $i >> $TMPFILE
	done

	echo '' >> $TMPFILE
	echo '# And last but not least...' >> $TMPFILE
	echo '0.0.0.0' >> $TMPFILE
	echo '' >> $TMPFILE

	cp -f $TMPFILE  $SENTRYDIR/portsentry.ignore
	rm -f $TMPFILE

	# Check for modes defined in the config file
	if [ -s $SENTRYDIR/portsentry.modes ] ; then
		modes=`cut -d "#" -f 1 $SENTRYDIR/portsentry.modes`
	else
		modes="tcp udp"
	fi
	for i in $modes ; do
		action $"Starting portsentry -$i: " /usr/sbin/portsentry -$i
		RETVAL=$?
	done
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/portsentry
	return $RETVAL
}

stop() {
	echo -n $"Stopping portsentry: "
	killproc portsentry
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/portsentry
	return $RETVAL
}

# See how we were called.
case $1 in 
  start)
	start
	;;
  stop)
	stop
	;;
  status)
	status portsentry
	RETVAL=$?
	;;
  restart)
	stop
	start
	RETVAL=$?
	;;
  condrestart)
	if [ -f /var/lock/subsys/portsentry ]; then
	  stop
	  start
	  RETVAL=$?
	fi
	;;
  *)
	echo $"Usage: portsentry {start|stop|restart|condrestart|status}"
	exit 1
esac

exit $RETVAL

