#!/bin/sh

# Add sudoers entries
#--------------------

/usr/sbin/addsudo /usr/bin/snortsam-state app-intrusion-prevention-core

# Implant Snortsam hook
#----------------------

if [ -e /etc/snort.conf ]; then
    CHECK=`grep "^output[[:space:]]*alert_fwsam:" /etc/snort.conf`
    if [ -z "$CHECK" ]; then 
        logger -p local6.notice -t installer "app-intrusion-prevention-core - adding hook to intrusion detection system"
        sed -i -e "s/^output[[:space:]]*\(.*\)/output \1\n\n\
# snortsam - intrusion prevention\n\
output alert_fwsam: 127.0.0.1/" /etc/snort.conf

        /sbin/service snort condrestart >/dev/null 2>&1
    fi
fi

# Remove iptables parameter, now using ipset
#-------------------------------------------

if [ -e /etc/snortsam.conf ]; then
    CHECK=`grep "^iptables[[:space:]]*" /etc/snortsam.conf`
    if [ -n "$CHECK" ]; then
        logger -p local6.notice -t installer "app-intrusion-prevention-core - removing iptables hook"
        sed -i -e "s/^iptables.*/# iptables eth0 syslog.info/" /etc/snortsam.conf
    fi

    CHECK=`grep "^ipset" /etc/snortsam.conf`
    if [ -z "$CHECK" ]; then
        logger -p local6.notice -t installer "app-intrusion-prevention-core - adding ipset hook"
        sed -i -e "s/^bindip[[:space:]]*\(.*\)/bindip \1\n\n\
# IPset plugin\n\
ipset/" /etc/snortsam.conf

        systemctl daemon-reload  >/dev/null 2>&1
        /sbin/service firewall restart >/dev/null 2>&1
        sleep 2
        /sbin/service snortsam condrestart >/dev/null 2>&1
    fi
fi

# Restart firewall due to ipset migration
#----------------------------------------

/sbin/service firewall restart >/dev/null 2>&1

exit 0
