#!/bin/bash
#
# description: Suricata IDS/IPS (NFQUEUE)
#

. /etc/init.d/functions

prog=suricata
prog_dir=/usr/sbin
conf=/etc/suricata/suricata.yaml
pidfile=/var/run/suricata/suricata.pid
lockfile=/var/lock/subsys/$prog
queue="100:101"

start() {
    mkdir -p /var/run/suricata
    if [ -f "$pidfile" ]; then
        PID=$(cat "$pidfile" 2>/dev/null)
        if [ -n "$PID" ] && kill -0 "$PID" 2>/dev/null; then
            echo "Suricata já está rodando com PID $PID"
            return 0
        fi
    fi

    echo -n "Iniciando Suricata IDS/IPS (NFQUEUE): "
    rm -f "$pidfile"

    daemon $prog_dir/$prog \
        -D \
        -c "$conf" \
        --pidfile "$pidfile" -q $queue

    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch "$lockfile"
    return $RETVAL
}

stop() {
    echo -n "Finalizando Suricata IDS/IPS: "
    killproc $prog_dir/$prog
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f "$lockfile" "$pidfile"
    return $RETVAL
}

reload() {
    if [ ! -f "$pidfile" ]; then
        echo "PID do Suricata não encontrado, Suricata não está rodando."
        return 1
    fi

    PID=$(cat "$pidfile")

    if kill -USR2 "$PID" 2>/dev/null; then
        echo -n "Reload de regras enviado para Suricata (PID: $PID)"
        echo
        return 0
    else
        echo "Falha ao enviar reload para Suricata"
        return 1
    fi
}

case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        stop
        start
        ;;
    reload)
        reload
        ;;
    status)
        status $prog
        ;;
    *)
        echo "Usage: $0 {start|stop|restart|status}"
        exit 2
esac

exit 0
