#!/bin/sh # $FreeBSD: head/security/suricata/files/suricata.in 454649 2017-11-21 18:55:28Z zeising $ # PROVIDE: suricata # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown # Add the following lines to /etc/rc.conf to enable suricata: # suricata_enable (bool): Set to YES to enable suricata # Default: NO # suricata_flags (str): Extra flags passed to suricata # Default: -D # suricata_interface (str): Network interface(s) to sniff # Default: "" # suricata_conf (str): Suricata configuration file # Default: ${PREFIX}/etc/suricata/suricata.yaml # suricata_divertport (int): Port to create divert socket (Inline Mode) # Default: 8000 # suricata_netmap (str): Set to YES to enable netmap (Inline Mode) # Default: NO # suricata_user (str): Set the user to run suricata as # Default: root # suricata_pidfile (str): Pidfile to store pid of suricata process # Default: /var/run/suricata.pid . /etc/rc.subr name="suricata" rcvar=suricata_enable start_precmd="suricata_prestart" command="%%PREFIX%%/bin/suricata" load_rc_config $name [ -z "$suricata_enable" ] && suricata_enable="NO" [ -z "$suricata_conf" ] && suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml" [ -z "$suricata_flags" ] && suricata_flags="-D" [ -z "$suricata_divertport" ] && suricata_divertport="8000" [ -z "$suricata_netmap" ] && suricata_netmap="NO" [ -z "$suricata_user" ] && suricata_user="root" [ -z "$suricata_pidfile" ] && suricata_pidfile="/var/run/suricata.pid" if [ -n "$suricata_interface" ]; then for interface in $suricata_interface; do suricata_flags="$suricata_flags --pcap=$interface" done elif [ "$suricata_netmap" != "NO" ]; then suricata_flags="$suricata_flags --netmap" else suricata_flags="$suricata_flags -d $suricata_divertport" info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)" fi pidfile=$suricata_pidfile suricata_flags="$suricata_flags --pidfile $pidfile" [ -n "$suricata_conf" ] && suricata_flags="$suricata_flags -c $suricata_conf" suricata_prestart() { if ! run_rc_command status > /dev/null; then rm -f "$pidfile" fi } run_rc_command "$1"