Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:lrupp
portsentry
rc.portsentry
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File rc.portsentry of Package portsentry
#! /bin/sh # Copyright (c) 2012 Klaus Singvogel, Kaierberg, Dentlein a.F., Germany. # All rights reserved. # # Author: Klaus Singvogel <bugs@singvogel.com> # # /etc/init.d/portsentry # # Template system startup script for some example service/daemon portsentry # # ### BEGIN INIT INFO # Provides: portsentry # Required-Start: $local_fs $syslog $network $named # Should-Start: $time # Required-Stop: $local_fs $syslog $network $named # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: portsentry: port scan detection tool # Description: Portsentry - a program designed to detect and respond # to port scans against a target host in real-time. ### END INIT INFO IDENT=portsentry test -s /etc/sysconfig/$IDENT && \ . /etc/sysconfig/$IDENT # Check for missing binaries (stale symlinks should not happen) PORTSENTRY_BIN=@bindir@/$IDENT test -x $PORTSENTRY_BIN || exit 5 # Check for existence of needed config file and read it PORTSENTRY_CONFIG=@confdir@/portsentry.conf test -r $PORTSENTRY_CONFIG || exit 6 . $PORTSENTRY_CONFIG # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions # source shell functions rc_* from /etc/rc.status: . /etc/rc.status # Reset status of this service rc_reset # Return values acc. to LSB for all commands but status: # 0 - success # 1 - generic or unspecified error # 2 - invalid or excess argument(s) # 3 - unimplemented feature (e.g. "reload") # 4 - user had insufficient privileges # 5 - program is not installed # 6 - program is not configured # 7 - program is not running # 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) # # Note that starting an already running service, stopping # or restarting a not-running service as well as the restart # with force-reload (in case signaling is not supported) are # considered a success. case "$1" in start) echo -n "Starting portsentry " # Note: starts only, if exactly ONE option is present startproc -p /var/run/$IDENT-tcp.pid $PORTSENTRY_BIN ${PORTSENTRY_TCP_OPTION:--tcp} startproc -f -p /var/run/$IDENT-udp.pid $PORTSENTRY_BIN ${PORTSENTRY_UDP_OPTION:--udp} rc_status -v ;; stop) echo -n "Shutting down portsentry " killproc -TERM $PORTSENTRY_BIN hosts=`awk '/TCP Blocked/{gsub("[^/]*/", "", $6); print $6}' < @confdir@/portsentry.blocked.tcp` for host in $hosts; do regex_host=`echo $host | sed 's;\.;\\\\.;g'` /usr/sbin/iptables -D INPUT -s $host -j DROP perl -pi -e 's/^ALL: '$regex_host'\n//' /etc/hosts.deny perl -pi -e 's/^.*'$regex_host' Port: [0-9]+ TCP Blocked\n//' @confdir@/portsentry.blocked.tcp perl -pi -e 's/^.*'$regex_host' Port: [0-9]+ UDP Blocked\n//' @confdir@/portsentry.blocked.udp done hosts=`awk '/TCP Blocked/{gsub("[^/]*/", "", $6); print $6}' < @confdir@/portsentry.blocked.udp` for host in $hosts; do regex_host=`echo $host | sed 's;\.;\\\\.;g'` regex_host=`echo $host | sed 's;\.;\\\\.;g'` /usr/sbin/iptables -D INPUT -s $host -j DROP perl -pi -e 's/^ALL: '$regex_host'\n//' /etc/hosts.deny perl -pi -e 's/^.*'$regex_host' Port: [0-9]+ UDP Blocked\n//' @confdir@/portsentry.blocked.udp done rc_status -v ;; try-restart) ## Do a restart only if the service was active before. ## Note: try-restart is not (yet) part of LSB (as of 1.2) $0 status >/dev/null && $0 restart rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) echo -n "Reload service portsentry " $0 stop && $0 start rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) rc_failed 3 rc_status -v ;; status) echo -n "Checking for service portsentry " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) checkproc $PORTSENTRY_BIN rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}" exit 1 ;; esac rc_exit
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor