forked from pool/fail2ban
Marcus Meissner
5f47f96283
this fixes the start and restart problems (a start restart fail) if fail2ban was not stopped nice and if the sock and pid file were not removed. OBS-URL: https://build.opensuse.org/request/show/129475 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=19
113 lines
2.6 KiB
Bash
113 lines
2.6 KiB
Bash
#!/bin/sh
|
|
#
|
|
### BEGIN INIT INFO
|
|
# Provides: fail2ban
|
|
# Required-Start: $syslog $remote_fs $local_fs
|
|
# Should-Start: $time $network iptables
|
|
# Required-Stop: $syslog $remote_fs $local_fs
|
|
# Should-Stop: $time $network iptables
|
|
# Default-Start: 3 5
|
|
# Default-Stop: 0 1 2 6
|
|
# Short-Description: Bans IPs with too many authentication failures
|
|
# Description: Start fail2ban to scan logfiles and ban IP addresses
|
|
# which make too many logfiles failures, and/or sent e-mails about
|
|
### END INIT INFO
|
|
|
|
# Check for missing binaries (stale symlinks should not happen)
|
|
FAIL2BAN_CLI=/usr/bin/fail2ban-client
|
|
test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed";
|
|
if [ "$1" = "stop" ]; then exit 0;
|
|
else exit 5; fi; }
|
|
FAIL2BAN_SRV=/usr/bin/fail2ban-server
|
|
test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed";
|
|
if [ "$1" = "stop" ]; then exit 0;
|
|
else exit 5; fi; }
|
|
|
|
FAIL2BAN_CONFIG="/etc/sysconfig/fail2ban"
|
|
FAIL2BAN_SOCKET_DIR="/var/run/fail2ban"
|
|
FAIL2BAN_SOCKET="$FAIL2BAN_SOCKET_DIR/fail2ban.sock"
|
|
FAIL2BAN_PID="$FAIL2BAN_SOCKET_DIR/fail2ban.pid"
|
|
|
|
if [ -e $FAIL2BAN_CONFIG ]; then
|
|
. $FAIL2BAN_CONFIG
|
|
fi
|
|
|
|
. /etc/rc.status
|
|
rc_reset
|
|
|
|
case "$1" in
|
|
start)
|
|
echo -n "Starting fail2ban "
|
|
|
|
if [ ! -d $FAIL2BAN_SOCKET_DIR ]; then
|
|
mkdir -p $FAIL2BAN_SOCKET_DIR
|
|
fi
|
|
|
|
if [ -e $FAIL2BAN_SOCKET ]; then
|
|
if ! lsof -n $FAIL2BAN_SOCKET &>/dev/null; then
|
|
rm $FAIL2BAN_SOCKET
|
|
fi
|
|
fi
|
|
/sbin/startproc $FAIL2BAN_CLI -q $FAIL2BAN_OPTIONS start &>/dev/null 2>&1
|
|
|
|
rc_status -v
|
|
;;
|
|
stop)
|
|
echo -n "Shutting down fail2ban "
|
|
## Stop daemon with built-in functionality 'stop'
|
|
/sbin/startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1
|
|
|
|
if [ -f $FAIL2BAN_SOCKET ]
|
|
then
|
|
echo "$FAIL2BAN_SOCKET not removed .. removing .."
|
|
rm $FAIL2BAN_SOCKET
|
|
fi
|
|
if [ -f $FAIL2BAN_PID ]
|
|
then
|
|
echo "$FAIL2BAN_PID not removed .. removing .."
|
|
rm $FAIL2BAN_PID
|
|
fi
|
|
|
|
|
|
rc_status -v
|
|
;;
|
|
try-restart|condrestart)
|
|
$0 status
|
|
if test $? = 0; then
|
|
$0 restart
|
|
else
|
|
rc_reset # Not running is not a failure.
|
|
fi
|
|
rc_status
|
|
;;
|
|
restart)
|
|
$0 stop
|
|
i=60
|
|
while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 0 ]; do
|
|
sleep 1
|
|
i=$[$i-1]
|
|
echo -n "."
|
|
done
|
|
$0 start
|
|
|
|
rc_status
|
|
;;
|
|
reload|force-reload)
|
|
echo -n "Reload service Fail2ban "
|
|
/sbin/startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1
|
|
|
|
rc_status -v
|
|
;;
|
|
status)
|
|
echo -n "Checking for service fail2ban "
|
|
/sbin/checkproc $FAIL2BAN_SRV
|
|
|
|
rc_status -v
|
|
;;
|
|
*)
|
|
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
|
|
exit 1
|
|
;;
|
|
esac
|
|
rc_exit
|