#!/bin/bash # # # pdumpq This script starts and stops pdumpq on Redhat compatible # systems. pdumpq takes packets over the netlink device which # have been sent by Netfilter's QUEUE target and dumps them in # Pcap format. This format is compatible with various packet # sniffers such as tcpdump, snort and ethereal. # # Configuration: This script first checks the environment for $PDUMPQ, and # will execute this value, if found. Secondly, it looks for a # config file, the default location is /etc/pdumpq/pdumpq.cfg, # and if found, will use the contents of this file as the # command line. If used, the config file should contain the # full command line with options all on one line. Lines # beginning with '#', are ignored. There is no config file # installed by default, so create it if desired. Thirdly, # the $DEFAULT variable can be set at the top of the file # to one's preference. # # Example: # $cat /etc/pdumpq/pdump.cfg # # My config for pdumpq # pdumpq -p D /var/log/pdumpq -e root@localhost # # chkconfig: 345 85 10 # description: pdumpq # # Hal Burgiss # ############################################################################ MYNAME=pdumpq # This used if no no $PDUMPQ variable is set, and no # config file is used. #DEFAULT="$MYNAME -A -m 666 -m 123,d -m 2,d -m1,a marked" DEFAULT="$MYNAME -p D /var/log/$MYNAME -e root@localhost" # where the optional config and other stuff is CONFIG_DIR=/etc/pdumpq CONFIG_FILE=$CONFIG_DIR/pdumpq.cfg # syslogging command we use. LOGGER="logger -t $MYNAME" # Source function library. . /etc/rc.d/init.d/functions # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 # Redhat functions alter PATH PATH=/usr/bin:/sbin:/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin if ! [ -c /dev/netlink ]; then echo "The netlink device was not found. Check your installation." $LOGGER "netlink device not found. Exit." exit 1 fi if ! which $MYNAME >/dev/null 2>&1; then echo "$MYNAME not found. Check your path and installation." $LOGGER "$MYNAME not found. Exit." exit 1 fi case "$1" in start) echo -n "Starting $MYNAME: " pidlist=`pidofproc $MYNAME` pid= for apid in $pidlist ; do [ -d /proc/$apid ] && pid="$pid $apid" done if [ -n "$pid" ] && ps h $pid >/dev/null 2>&1; then echo -n $MYNAME is already running. echo_failure echo exit 1 fi # First, check the environment for prefered command line. # Secondly, look for a proper command in the config file. if [ -n "$PDUMPQ" ]; then $PDUMPQ else PDUMPQ=`grep $MYNAME $CONFIG_FILE |grep -v "[[:space:]]*\#" |\ head -n1` >/dev/null 2>&1 if [ -n "$PDUMPQ" ]; then eval "$PDUMPQ" else # if neither, this is the default start up here ... $DEFAULT fi fi RETVAL=$? if [ $RETVAL -eq 0 ]; then success "$MYNAME startup" echo touch /var/lock/subsys/$MYNAME else echo_failure fi ;; stop) echo -n "Stopping $MYNAME: " killproc $MYNAME RETVAL=$? if [ $RETVAL -eq 0 ] ; then rm -f /var/lock/subsys/$MYNAME success "$MYNAME startup" echo else echo_failure echo fi ;; restart) $0 stop $0 start ;; status) status $MYNAME ;; *) echo "Usage: $0 {start|stop|restart|status}" exit 1 esac exit $RETVAL # eof -- pdumpq.init