#!/bin/sh # ### BEGIN INIT INFO # Provides: fail2ban # Required-Start: $syslog $remote_fs $local_fs # Should-Start: $time $network iptables # Required-Stop: $syslog $remote_fs $local_fs # Should-Stop: $time $network iptables # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Bans IPs with too many authentication failures # Description: Start fail2ban to scan logfiles and ban IP addresses # which make too many logfiles failures, and/or sent e-mails about ### END INIT INFO # Check for missing binaries (stale symlinks should not happen) FAIL2BAN_CLI=/usr/bin/fail2ban-client test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FAIL2BAN_SRV=/usr/bin/fail2ban-server test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FAIL2BAN_CONFIG="/etc/sysconfig/fail2ban" FAIL2BAN_SOCKET_DIR="/var/run/fail2ban" FAIL2BAN_SOCKET="$FAIL2BAN_SOCKET_DIR/fail2ban.sock" FAIL2BAN_PID="$FAIL2BAN_SOCKET_DIR/fail2ban.pid" if [ -e $FAIL2BAN_CONFIG ]; then . $FAIL2BAN_CONFIG fi . /etc/rc.status rc_reset case "$1" in start) echo -n "Starting fail2ban " if [ ! -d $FAIL2BAN_SOCKET_DIR ]; then mkdir -p $FAIL2BAN_SOCKET_DIR fi if [ -e $FAIL2BAN_SOCKET ]; then if ! lsof -n $FAIL2BAN_SOCKET &>/dev/null; then rm $FAIL2BAN_SOCKET fi fi /sbin/startproc $FAIL2BAN_CLI -q $FAIL2BAN_OPTIONS start &>/dev/null 2>&1 rc_status -v ;; stop) echo -n "Shutting down fail2ban " ## Stop daemon with built-in functionality 'stop' /sbin/startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1 if [ -f $FAIL2BAN_SOCKET ] then echo "$FAIL2BAN_SOCKET not removed .. removing .." rm $FAIL2BAN_SOCKET fi if [ -f $FAIL2BAN_PID ] then echo "$FAIL2BAN_PID not removed .. removing .." rm $FAIL2BAN_PID fi rc_status -v ;; try-restart|condrestart) $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi rc_status ;; restart) $0 stop i=60 while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 0 ]; do sleep 1 i=$[$i-1] echo -n "." done $0 start rc_status ;; reload|force-reload) echo -n "Reload service Fail2ban " /sbin/startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1 rc_status -v ;; status) echo -n "Checking for service fail2ban " /sbin/checkproc $FAIL2BAN_SRV rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit