#!/bin/sh # # Template SUSE system startup script for example daemon fail2ban # Copyright (C) 2010 Klaus Sinvogel, SUSE / Novell Inc. # # This library is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or (at # your option) any later version. # # This library is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, # USA. # # ### BEGIN INIT INFO # Provides: fail2ban # Required-Start: $syslog $remote_fs $local_fs # Should-Start: $time $network iptables # Required-Stop: $syslog $remote_fs $local_fs # Should-Stop: $time $network iptables # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: Bans IPs with too many password failures # Description: Start fail2ban to scan logfiles and ban IP addresses # which make too many logfiles failures, and/or sent e-mails about ### END INIT INFO # Check for missing binaries (stale symlinks should not happen) FAIL2BAN_CLI=/usr/bin/fail2ban-client test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } FAIL2BAN_SRV=/usr/bin/fail2ban-server test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed"; if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; } # Check for existence of needed config file and read it FAIL2BAN_CONFIG=/etc/sysconfig/fail2ban test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing"; if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; } # Socket directory FAIL2BAN_SOCK_DIR="/var/run/fail2ban" # Read config . $FAIL2BAN_CONFIG . /etc/rc.status rc_reset case "$1" in start) echo -n "Starting fail2ban " if [ ! -d $FAIL2BAN_SOCK_DIR ]; then mkdir -p $FAIL2BAN_SOCK_DIR fi ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. startproc $FAIL2BAN_CLI -q start > /dev/null 2>&1 # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down fail2ban " ## Stop daemon with built-in functionality 'stop' startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1 # Remember status and be verbose rc_status -v ;; try-restart|condrestart) ## Do a restart only if the service was active before. ## Note: try-restart is now part of LSB (as of 1.9). ## RH has a similar command named condrestart. if test "$1" = "condrestart"; then echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" fi $0 status if test $? = 0; then $0 restart else rc_reset # Not running is not a failure. fi # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). ## If it does not support it, restart the service if it ## is running. echo -n "Reload service fail2ban " killproc -HUP $FAIL2BAN_SRV rc_status -v ## Otherwise: #$0 try-restart #rc_status ;; reload) ## Like force-reload, but if daemon does not support ## signaling, do nothing (!) # If it supports signaling: echo -n "Reload service fail2ban " startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1 rc_status -v ## Otherwise if it does not support reload: #rc_failed 3 #rc_status -v ;; status) echo -n "Checking for service fail2ban " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Return value is slightly different for the status command: # 0 - service up and running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running (unused) # 4 - service status unknown :-( # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) # NOTE: checkproc returns LSB compliant status values. checkproc $FAIL2BAN_SRV # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.9) test /etc/fail2ban/fail2ban.conf -nt /var/run/fail2ban/fail2ban.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit