#!/bin/sh -e

test -f /usr/sbin/snort || exit 0

PATH=/bin:/usr/bin:/sbin:/usr/sbin

SYSLOG_LOGFILE=`syslogd-listfiles --auth 2>/dev/null | head -1`

SYSLOG_LOGFILE_CUSTOM=/var/log/auth.log

if [ -z "$SYSLOG_LOGFILE" ]; then
  SYSLOG_LOGFILE=$SYSLOG_LOGFILE_CUSTOM
fi

CONFIG=/etc/snort/snort.debian.conf
. $CONFIG
export DEBIAN_SNORT_STATS_RCPT DEBIAN_SNORT_STATS_TRESHOLD

# if snort is configured to only run at dialup connection starts
# the init.d script would not start it at the end of this script.
if [ "$DEBIAN_SNORT_STARTUP" = "boot" -a -n "`ps ax|grep snort|grep -v grep|grep -v $0`" ]; then
   SNORT_WAS_RUNNING=1
fi

test -f /var/log/snort/portscan.log && savelog -c 7 -p /var/log/snort/portscan.log >/dev/null
find /var/log/snort -name "snort-*@*.log" -mtime +15 \
  	| xargs --no-run-if-empty rm
test -n "$SNORT_WAS_RUNNING" && /etc/init.d/snort restart >/dev/null
for log in $SYSLOG_LOGFILE; do
    TEMPFILE=`tempfile`
    snort-stat -t $DEBIAN_SNORT_STATS_TRESHOLD < $log  > $TEMPFILE
    if test -s $TEMPFILE; then
	(echo "To: $DEBIAN_SNORT_STATS_RCPT"; echo; cat $TEMPFILE) | \
		sendmail $DEBIAN_SNORT_STATS_RCPT
    fi
    rm -f $TEMPFILE
done

exit 0
