From b17db298e2fa13d53be0214864b9087d7103511d Mon Sep 17 00:00:00 2001
From: doug <doug.burks@gmail.com>
Date: Tue, 10 May 2016 15:56:22 -0400
Subject: [PATCH] Issue 909: securityonion-rule-update: ensure barnyard/IDS are
 running before restarting

---
 debian/changelog                              |  6 +++
 ...-barnyardIDS-are-running-before-restarting | 48 +++++++++++++++++++
 debian/patches/series                         |  1 +
 usr/bin/rule-update                           | 12 +++--
 4 files changed, 63 insertions(+), 4 deletions(-)
 create mode 100644 debian/patches/-Issue-909:-securityonion-rule-update:-ensure-barnyardIDS-are-running-before-restarting

diff --git a/debian/changelog b/debian/changelog
index c34b402..50dfb13 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+securityonion-rule-update (20151201-1ubuntu1securityonion3) trusty; urgency=medium
+
+  * Issue 909: securityonion-rule-update: ensure barnyard/IDS are running before restarting 
+
+ -- Doug Burks <doug.burks@gmail.com>  Tue, 10 May 2016 15:55:39 -0400
+
 securityonion-rule-update (20151201-1ubuntu1securityonion2) trusty; urgency=medium
 
   * securityonion-rule-update: avoid su error #892
diff --git a/debian/patches/-Issue-909:-securityonion-rule-update:-ensure-barnyardIDS-are-running-before-restarting b/debian/patches/-Issue-909:-securityonion-rule-update:-ensure-barnyardIDS-are-running-before-restarting
new file mode 100644
index 0000000..368739e
--- /dev/null
+++ b/debian/patches/-Issue-909:-securityonion-rule-update:-ensure-barnyardIDS-are-running-before-restarting
@@ -0,0 +1,48 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-rule-update (20151201-1ubuntu1securityonion3) trusty; urgency=medium
+ .
+   * Issue 909: securityonion-rule-update: ensure barnyard/IDS are running before restarting
+Author: Doug Burks <doug.burks@gmail.com>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-rule-update-20151201.orig/usr/bin/rule-update
++++ securityonion-rule-update-20151201/usr/bin/rule-update
+@@ -291,12 +291,16 @@ fi
+ 
+ # If Barnyard is enabled, restart it
+ if grep -i 'BARNYARD2_ENABLED="yes"' /etc/nsm/*/sensor.conf >/dev/null 2>&1; then
+-	echo "Restarting Barnyard2."
+-	/usr/sbin/nsm_sensor_ps-restart --only-barnyard2
++	if pgrep barnyard2 >/dev/null 2>&1; then
++		echo "Restarting Barnyard2."
++		/usr/sbin/nsm_sensor_ps-restart --only-barnyard2
++	fi
+ fi
+ 
+ # If the IDS Engine is enabled, restart it
+ if grep -i 'IDS_ENGINE_ENABLED="yes"' /etc/nsm/*/sensor.conf >/dev/null 2>&1; then
+-	echo "Restarting IDS Engine."
+-	/usr/sbin/nsm_sensor_ps-restart --only-snort-alert
++	if pgrep $ENGINE >/dev/null 2>&1; then
++		echo "Restarting IDS Engine."
++		/usr/sbin/nsm_sensor_ps-restart --only-snort-alert
++	fi
+ fi
diff --git a/debian/patches/series b/debian/patches/series
index f4bf5a9..e03ea54 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 securityonion-rule-update:-avoid-su-error-#892
+-Issue-909:-securityonion-rule-update:-ensure-barnyardIDS-are-running-before-restarting
diff --git a/usr/bin/rule-update b/usr/bin/rule-update
index 338aec0..08fcc1a 100755
--- a/usr/bin/rule-update
+++ b/usr/bin/rule-update
@@ -291,12 +291,16 @@ fi
 
 # If Barnyard is enabled, restart it
 if grep -i 'BARNYARD2_ENABLED="yes"' /etc/nsm/*/sensor.conf >/dev/null 2>&1; then
-	echo "Restarting Barnyard2."
-	/usr/sbin/nsm_sensor_ps-restart --only-barnyard2
+	if pgrep barnyard2 >/dev/null 2>&1; then
+		echo "Restarting Barnyard2."
+		/usr/sbin/nsm_sensor_ps-restart --only-barnyard2
+	fi
 fi
 
 # If the IDS Engine is enabled, restart it
 if grep -i 'IDS_ENGINE_ENABLED="yes"' /etc/nsm/*/sensor.conf >/dev/null 2>&1; then
-	echo "Restarting IDS Engine."
-	/usr/sbin/nsm_sensor_ps-restart --only-snort-alert
+	if pgrep $ENGINE >/dev/null 2>&1; then
+		echo "Restarting IDS Engine."
+		/usr/sbin/nsm_sensor_ps-restart --only-snort-alert
+	fi
 fi