#!/bin/bash

# hlbrw - assistant to help make new rules to HLBR
# Copyright 2009-2010 Joao Eriberto Mota Filho <eriberto@eriberto.pro.br>

#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Get, test and define variables

VERSION=0.2.4

if [ ! -e "/etc/hlbrw.conf" ]; then
    echo "File /etc/hlbrw.conf doesn't exist.";
    exit 1;
fi

source /etc/hlbrw.conf

[ "$HLBRLOG" ] || exit 1
[ "$TIME" ] || exit 1

ADDR=$(tail -n 1 $HLBRLOG | cut -d" " -f4 | cut -d: -f1)
DATE=$(date '+%Y%m%d-%T.%N')
DIRDATE=$(date '+%Y-%m-%d')
LOG=hlbrw'_'$ADDR'_'$DATE.dump
LOGPATH=/var/log/hlbrw
TCPDUMPPID=/var/run/tcpdump.$DATE.pid

# HLBRW engine...

function hlbrw
{
    # verify if hlbr.log was rotated and if true, restart iwatch daemon
    if [ $(cat /tmp/iwatch.event) == "IN_DELETE_SELF" ]
    then
	echo $(date '+%b %e %T') "LOG: hlbr.log being rotated." >> $LOGPATH/hlbrw.log;
	$(iwatch_restart);
	exit 0;
    fi

    # starting and killing tcpdump
    tcpdump -n -s0 host $ADDR and '(tcp[13] == 24 or tcp[13] == 25 or ! tcp)' -w $LOGPATH/$LOG &
    echo $! > $TCPDUMPPID
    echo $(date '+%b %e %T') "ADD: $LOG created." >> $LOGPATH/hlbrw.log
    sleep $TIME
    kill $(cat $TCPDUMPPID)
    rm -f $TCPDUMPPID

    # removing empty dump files
    LOGSIZE=$(ls -l $LOGPATH/$LOG | tr -s " " | cut -d" " -f5)
    if [ $LOGSIZE -lt 25 ]
    then
	rm -f $LOGPATH/$LOG;
	echo $(date '+%b %e %T') "DEL: $LOG empty. Removed." >> $LOGPATH/hlbrw.log;
    else
	# moving dump
	if [ ! -d $LOGPATH/$DIRDATE ]
	then
	    mkdir $LOGPATH/$DIRDATE;
	    chmod 0755 $LOGPATH/$DIRDATE;
	    echo $(date '+%b %e %T') "DIR: Created directory $LOGPATH/$DIRDATE." >> $LOGPATH/hlbrw.log;
	fi
	mv $LOGPATH/$LOG $LOGPATH/$DIRDATE;
	echo $(date '+%b %e %T') "MOV: $LOG moved to $DIRDATE directory." >> $LOGPATH/hlbrw.log;
    fi
}


# iwatch restart

function iwatch_restart
{
    # There are a hlbrw?
    if [ ! -x "/usr/bin/hlbrw" ]; then
	exit 0;
    fi

    # Get variables
    source /etc/hlbrw.conf
    [ "$HLBRLOG" ] || exit 1

    # Waiting for new log creation...
    while [ ! -f $HLBRLOG ]; do sleep 1; done

    # Restart iwatch
    /etc/init.d/iwatch restart > /dev/null
    echo $(date '+%b %e %T') "LOG: hlbr.log rotated. iwatch restarted." >> $LOGPATH/hlbrw.log
}


# HLBRW run manager

case "$1" in
-v|--version)
    echo -e "\nHLBRW $VERSION\n"
    exit 0
    ;;

-h|--help)
    echo -e "Usage: hlbrw [OPTION]\n"
    echo -e " -h, --help\tShows this help."
    echo -e " -v, --version\tShows the HLBRW version."
    echo -e "\nIf called without any option, runs HLBRW program."
    exit 0
    ;;

"")
    $(hlbrw)
    exit 0
    ;;

*)
    echo -e "\nSyntax error. Please, run $ hlbrw -h.\n"
    exit 0
    ;;
esac
