#!/bin/sh
# 
# PROVIDE: ossechids
# REQUIRE: DAEMON
# BEFORE:  LOGIN
# KEYWORD: shutdown

. /etc/rc.subr

name="ossechids"
rcvar=ossechids_enable

load_rc_config $name

: ${ossechids_enable="NO"}
: ${ossechids_user="ossec"}
: ${ossechids_group="ossec"}

start_precmd=ossechids_start_precmd
start_cmd="ossechids_command start"
stop_cmd="ossechids_command stop"
restart_cmd="ossechids_command restart"
status_cmd="ossechids_command status"
reload_cmd="ossechids_command reload"

command="/usr/local/ossec-hids/bin/ossec-control"
required_files="/usr/local/ossec-hids/etc/ossec.conf"
extra_commands="reload"

fts_queue=/usr/local/ossec-hids/queue/fts/fts-queue
ig_queue=/usr/local/ossec-hids/queue/fts/ig-queue
ossec_log=/usr/local/ossec-hids/logs/ossec.log
active_responses_log=/usr/local/ossec-hids/logs/active-responses.log

ossechids_start_precmd() {
    # These files are not created by the daemons with the correct
    # ownership, so create them here before starting up the system,
    # if they don't already exist. This is only done for the "local" and
    # "server" installation types.
    if [ ! -e ${fts_queue} ]; then
        touch ${fts_queue}
        chown ${ossechids_user}:${ossechids_group} ${fts_queue}
        chmod 640 ${fts_queue}
    fi
    if [ ! -e ${ig_queue} ]; then
        touch ${ig_queue}
        chown ${ossechids_user}:${ossechids_group} ${ig_queue}
        chmod 640 ${ig_queue}
    fi

    # Ensure logfiles are created with the correct ownership and mode
    for log in ${ossec_log} ${active_responses_log}; do
	if [ ! -e ${log} ]; then
	    touch ${log}
	    chown ${ossechids_user}:${ossechids_group} ${log}
	    chmod 660 ${log}
	fi
    done
}

ossechids_command() {
	${command} ${rc_arg}
}

run_rc_command "$1"
