blob: a9d37ac5efd3a7c0d5103d15276ad86c9e0005b2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
#!/sbin/runscript
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
extra_commands="cleandisk"
LOG_DIR="${LOGDIR}/${HOSTNAME}/dailylogs"
start() {
ebegin "Starting Log_packest"
if [ ! -x /usr/bin/snort ]
then
eerror "No snort - cannot start"
eend 1
return 1
fi
if [ ! -d ${LOG_DIR} ]
then
mkdir -p ${LOG_DIR}
chmod 770 ${LOG_DIR}
fi
today=$(date '+%Y-%m-%d')
if [ ! -d "${LOG_DIR}/${today}" ]
then
mkdir "${LOG_DIR}/${today}"
chmod 770 "${LOG_DIR}/${today}"
chown root:sguil "${LOG_DIR}/${today}"
fi
start-stop-daemon --start --quiet -b -m --pidfile "${PIDFILE}" \
--exec /usr/bin/snort \
-- ${OPTIONS} -l "${LOG_DIR}/${today}" -b -i "${IFACE}" "${FILTER}"
real_cleandisk
eend $?
}
stop() {
ebegin "Stopping Sensor Agent"
start-stop-daemon --stop --quiet --pidfile "${PIDFILE}"
eend $?
}
cleandisk() {
ebegin "Cleaning Disk"
real_cleandisk
eend $?
}
# This func checks the current space being used by LOG_DIR
# and rm's data as necessary.
real_cleandisk() {
einfo "Checking disk space (limited to ${MAX_DISK_USE}%)..."
# grep, awk, tr...woohoo!
CUR_USE=$(df -P ${LOG_DIR} | grep -v -i filesystem | awk '{print $5}' | tr -d %)
einfo " Current Disk Use: ${CUR_USE}%"
if [ ${CUR_USE} -gt ${MAX_DISK_USE} ]
then
# If we are here then we passed our disk limit
# First find the oldest DIR
cd "${LOG_DIR}"
# Can't use -t on the ls since the mod time changes each time we
# delete a file. Good thing we use YYYY-MM-DD so we can sort.
OLDEST_DIR=$(ls | sort | head -n 1)
cd "${OLDEST_DIR}"
OLDEST_FILE=$(ls -t | tail -n 1)
if [ -f "${OLDEST_FILE}" ]
then
einfo " Removing file: ${OLDEST_DIR}/${OLDEST_FILE}"
rm -f "${OLDEST_FILE}"
else
einfo " Removing empty dir: ${OLDEST_DIR}"
cd ..
rm -rf "${OLDEST_DIR}"
fi
# Run cleandisk again as rm'ing one file might been enough
# but we wait 5 secs in hopes any open writes are done.
sync
einfo " Waiting 5 secs for disk to sync..."
sleep 5
real_cleandisk
else
einfo "Done."
fi
}
|