This file is indexed.

/etc/init.d/ipsec is in openswan 1:2.6.37-1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
#!/bin/sh
# IPsec startup and shutdown script
#
### BEGIN INIT INFO
# Provides:          ipsec
# Required-Start:    $network $remote_fs $syslog $named
# Required-Stop:     $syslog $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start Openswan IPsec at boot time
# Description:       Enable automatic key management for IPsec (KLIPS and NETKEY)
### END INIT INFO
#
### see https://bugzilla.redhat.com/show_bug.cgi?id=636572
### Debian and Fedora interpret the LSB differently
### Default-Start:     2 3 4 5
#
# Copyright (C) 1998, 1999, 2001  Henry Spencer.
# Copyright (C) 2002              Michael Richardson <mcr@freeswan.org>
# Copyright (C) 2006              Michael Richardson <mcr@xelerance.com>
# Copyright (C) 2008              Michael Richardson <mcr@sandelman.ca>
# 
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
# 
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
#
# ipsec         init.d script for starting and stopping
#               the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
#
# The startup and shutdown times are a difficult compromise (in particular,
# it is almost impossible to reconcile them with the insanely early/late
# times of NFS filesystem startup/shutdown).  Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
# chkconfig: - 47 76
# description: IPsec provides encrypted and authenticated communications; \
# KLIPS is the kernel half of it, Pluto is the user-level management daemon.

test $IPSEC_INIT_SCRIPT_DEBUG && set -v -x

prog='ipsec setup'		# for messages

# where the private directory and the config files are
IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/lib/ipsec}"
IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
IPSEC_CONFS="${IPSEC_CONFS-/etc}"

if [ `id -u` -ne 0 ]
then
    echo "permission denied (must be superuser)" |
      logger -s -p daemon.error -t ipsec_setup 2>&1
    exit 4
fi

if test " $IPSEC_DIR" = " "	# if we were not called by the ipsec command
then
    # we must establish a suitable PATH ourselves
    PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
    export PATH

    IPSEC_DIR="$IPSEC_LIBDIR"
    export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
fi

# Does not make any sense at all to continue without the main binary
# But before we can quit we should check if we are on a Debian based
# system as their policy demands a graceful exit code
test -f /etc/debian_version && BINARY_ERROR=0 || BINARY_ERROR=5
test -x $IPSEC_SBINDIR/ipsec || exit $BINARY_ERROR

# misc setup
umask 022

mkdir -p /var/run/pluto
chmod 700 /var/run/pluto

RETVAL=0

verify_config() {
    test -f $IPSEC_CONFS/ipsec.conf || exit 6

    config_error=`ipsec addconn --checkconfig 2>&1`
    RETVAL=$?
    if [ $RETVAL != 0 ]
    then
        echo "failed to start openswan IKE daemon - the following error occured:"
        echo $config_error
        exit $RETVAL
    fi
}

start() {
    verify_config

    # Pick up IPsec configuration (until we have done this, successfully, we
    # do not know where errors should go, hence the explicit "daemon.error"s.)
    # Note the "--export", which exports the variables created.
    variables=`ipsec addconn $IPSEC_CONFS/ipsec.conf --varprefix IPSEC --configsetup`
    eval $variables
    
    IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
    export IPSEC_confreadsection

    IPSECsyslog=${IPSECsyslog:-daemon.error}
    export IPSECsyslog

    # remove for: @cygwin_END@
    (
    ipsec _realsetup start
    RETVAL=$? 
    ) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1  
    return $RETVAL
}


stop() {
    IPSECsyslog=${IPSECsyslog:-daemon.error}
    export IPSECsyslog
    (
    ipsec _realsetup stop
    RETVAL=$? 
    ) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1  
    return $RETVAL
}

restart() {
    verify_config
    stop
    start
}

condrestart() {
    verify_config
    ipsec _realsetup status || exit 0
    restart
}

status() {
    ipsec _realsetup status
    RETVAL=$?	
    return $RETVAL
}

version() {
    ipsec version
    RETVAL=$?
    return $RETVAL
}


# do it
case "$1" in
    start|--start)
         start
         ;;
    stop|--stop)
         stop
         ;;
    restart|--restart)
         restart
 	 ;;
    reload|force-reload)
         restart
 	 ;;
    condrestart|try-restart)
         condrestart
         ;;
    status|--status)
         status
         ;;
    version)
         version
         ;;
    *)
         echo "Usage: $prog {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}"
         RETVAL=2
esac
 	
exit $RETVAL