/etc/ppp/ip-down.d/snort is in snort 2.9.7.0-5build1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 | #!/bin/sh -e
test $DEBIAN_SCRIPT_DEBUG && set -v -x
# Initial configuration :)
DAEMON=/usr/sbin/snort
NAME=snort
DESC="Network Intrusion Detection System"
CONFIG=/etc/snort/snort.debian.conf
test -x $DAEMON || exit 0
test -f $CONFIG && . $CONFIG
test "$DEBIAN_SNORT_STARTUP" = "dialup" || exit 0
if ! [ "$DEBIAN_SNORT_RECURSIVE" ]; then
# Acquire lock...
trap 'rm -f /var/run/snort.ppp.lock' 0
for tries in $(seq 1 10); do
mkfifo /var/run/snort.ppp.lock 2>/dev/null && break
sleep 1
done
# Now it's locked or timed out.
# In the latter case we assume stale lock.
fi
# If we are started with ppp environment set...
if [ "$PPPD_PID" -a "$PPP_IFACE" -a "$PPP_LOCAL" ]; then
echo -n "Stopping $DESC: $NAME($PPP_IFACE)"
PIDFILE=/var/run/snort_$PPP_IFACE.pid
ENVFILE=/var/run/snort_$PPP_IFACE.env
test -f "$PIDFILE" && pid=$(cat "$PIDFILE")
# We remove the saved environment, if we are not asked to
# keep them. DEBIAN_SNORT_KEEPENV is not set, if we're
# called by pppd, thus we always remove stale environments.
test $DEBIAN_SNORT_KEEPENV || rm -f "$ENVFILE"
/sbin/start-stop-daemon --stop --retry 5 --quiet --oknodo \
--pidfile "$PIDFILE" --exec $DAEMON >/dev/null
rm -f "$PIDFILE"
echo "."
exit 0
fi
# Else, we are started without ppp environment set...
DEBIAN_SNORT_RECURSIVE=1
export DEBIAN_SNORT_RECURSIVE
# We keep the environments, thus the instances are restartable
DEBIAN_SNORT_KEEPENV=1
export DEBIAN_SNORT_KEEPENV
# If we have saved environments, check and probably stop them...
envpattern=/var/run/snort_*.env
# If we are requested to stop one special environment...
test "$1" -a -z "$2" && envpattern=/var/run/snort_"$1".env
myret=0
got_instance=0
for env in $envpattern; do
# This check is also needed, if the above pattern doesn't match
test -f "$env" || continue;
. "$env"
# Prevent endless recursion because of damaged environments
# Check, if the environment is still valid...
if [ "$PPPD_PID" -a "$PPP_IFACE" -a "$PPP_LOCAL" ] &&
kill -0 $PPPD_PID 2>/dev/null &&
ps -p $PPPD_PID | grep -q pppd; then
got_instance=1
export PPPD_PID PPP_IFACE PPP_LOCAL
# Because the stop of this particular environment could
# fail, we guard it
set +e
$0 "$@"
ret=$?
set -e
case "$ret" in
0)
;;
*)
myret=$(expr "$myret" + 1)
;;
esac
else
rm -f "$env"
fi
done
# If we found no saved environments, we don't need to stop anything
if [ "$got_instance" = 0 ]; then
echo "No snort instance found to be stopped!" >&2
fi
exit $myret
|