#!/bin/sh
#
# p0f          This script starts and stops the p0f daemon
#
# chkconfig:   2345 78 31
# processname: p0f
# description: p0f is a tool that utilizes an array of sophisticated, \
#              purely passive traffic fingerprinting mechanisms to \
#              identify the players behind any incidental TCP/IP \
#              communications (often as little as a single normal SYN) \
#              without interfering in any way.

# Source function library.
. /etc/rc.d/init.d/functions

prog="p0f"

name="$0"
name="${name##*/}"
name="${name##S78}"

# Source networking configuration.
[ -r /etc/sysconfig/network ] && . /etc/sysconfig/network

# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 0

# Set default p0f configuration.
P0F_FINGERPRINT_DATABASE="/etc/p0f/p0f.fp"
P0F_SOCKET="/var/run/${prog}.sock"
#P0F_EXTRA_COMMAND_ARGS="-o /var/log/p0f.log"
P0F_EXTRA_COMMAND_ARGS=""

# Source p0f configuration.
[ -f /etc/sysconfig/${name} ] && . /etc/sysconfig/${name}

[ -f /usr/sbin/p0f ] || exit 0

# By default it's all good
RETVAL=0

# See how we were called.
case "$1" in
	start)
		if [ -z "${P0F_IFACE}" ] ; then
			echo "P0F_IFACE not found in /etc/sysconfig/${name}"
			RETVAL=1
		else
			PID=`/bin/ps axuw | /bin/grep ${prog} | /bin/grep -v grep | /bin/grep ${P0F_SOCKET} | /usr/bin/awk '{print $2}'`
			if [ -z "${PID}" ] ; then
				echo -n $"Starting ${name}: "
				daemon /usr/sbin/p0f -d -f ${P0F_FINGERPRINT_DATABASE} -s ${P0F_SOCKET} -i ${P0F_IFACE} ${P0F_EXTRA_COMMAND_ARGS}
				RETVAL=$?
				echo
				if [ $RETVAL = 0 ]; then
					touch /var/lock/subsys/${name}
				fi
			fi
		fi
		;;
	stop)
		PID=`/bin/ps axuw | /bin/grep ${prog} | /bin/grep -v grep | /bin/grep ${P0F_SOCKET} | /usr/bin/awk '{print $2}'`
		if [ -z "${PID}" ] ; then
			echo "${name} is not running."
			RETVAL=1
		else
			echo -n $"Stopping ${name}: "
			/bin/kill -TERM ${PID}
			RETVAL=$?
			echo
			if [ $RETVAL = 0 ]; then
				rm -f /var/lock/subsys/${name}
			fi
		fi
		;;
	restart)
		$0 stop
		sleep 3
		$0 start
		;;
	reload)
		PID=`/bin/ps axuw | /bin/grep ${prog} | /bin/grep -v grep | /bin/grep ${P0F_SOCKET} | /usr/bin/awk '{print $2}'`
		[ ! -z "${PID}" ] && /bin/kill -HUP ${PID}
		;;
	condrestart)
		[ -e /var/lock/subsys/${name} ] && $0 restart
		;;
	status)
		PID=`/bin/ps axuw | /bin/grep ${prog} | /bin/grep -v grep | /bin/grep ${P0F_SOCKET} | /usr/bin/awk '{print $2}'`
		if [ -z "${PID}" ] ; then
			echo "${name} is not running."
			RETVAL=$?
		else
			echo "${name} is running as pid ${PID}"
		fi
		;;
	*)
		echo "Usage: $0 {start|stop|restart|status|condrestart}"
		RETVAL=1
		;;
esac

exit $RETVAL