Dockerize using phusion/baseimage and runit services

2026-03-25 19:17:22 +01:00 · 2015-04-04 17:50:16 +02:00
parent 2b9ce85ba8
commit 1eb77c332b
30 changed files with 915 additions and 160 deletions
--- a/containers/docker/runit/fail2ban/run
+++ b/containers/docker/runit/fail2ban/run
@@ -0,0 +1,93 @@
+#!/bin/bash
+
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+DESC="authentication failure monitor"
+NAME=fail2ban
+
+# fail2ban-client is not a daemon itself but starts a daemon and
+# loads its with configuration
+#DAEMON=/usr/bin/$NAME-client
+DAEMON=/usr/bin/$NAME-server
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Ad-hoc way to parse out socket file name
+SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
+          | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
+[ -z "$SOCKFILE" ] && SOCKFILE='/tmp/fail2ban.sock'
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Run as root by default.
+FAIL2BAN_USER=root
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+DAEMON_ARGS="-f $FAIL2BAN_OPTS"
+
+# Load the VERBOSE setting and other rcS variables
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+
+# Predefine what can be missing from lsb source later on -- necessary to run
+# on sarge. Just present it in a bit more compact way from what was shipped
+log_daemon_msg () {
+	[ -z "$1" ] && return 1
+	echo -n "$1:"
+	[ -z "$2" ] || echo -n " $2"
+}
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined
+#  so we must be ok
+. /lib/lsb/init-functions
+
+#
+# Shortcut function for abnormal init script interruption
+#
+report_bug()
+{
+	echo $*
+	echo "Please submit a bug report to Debian BTS (reportbug fail2ban)"
+	exit 1
+}
+
+#
+# Helper function to check if socket is present, which is often left after
+# abnormal exit of fail2ban and needs to be removed
+#
+check_socket()
+{
+	# Return
+	#	0 if socket is present and readable
+	#	1 if socket file is not present
+	#	2 if socket file is present but not readable
+	#	3 if socket file is present but is not a socket
+	[ -e "$SOCKFILE" ] || return 1
+	[ -r "$SOCKFILE" ] || return 2
+	[ -S "$SOCKFILE" ] || return 3
+	return 0
+}
+
+if [ -e "$SOCKFILE" ]; then
+	log_failure_msg "Socket file $SOCKFILE is present"
+	[ "$1" = "force-start" ] \
+		&& log_success_msg "Starting anyway as requested" \
+		|| return 2
+	DAEMON_ARGS="$DAEMON_ARGS -x"
+fi
+
+# Assure that /var/run/fail2ban exists
+[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
+
+if [ "$FAIL2BAN_USER" != "root" ]; then
+	# Make the socket directory, IP lists and fail2ban log
+	# files writable by fail2ban
+	chown "$FAIL2BAN_USER" /var/run/fail2ban
+	# Create the logfile if it doesn't exist
+	touch /var/log/fail2ban.log
+	chown "$FAIL2BAN_USER" /var/log/fail2ban.log
+	find /proc/net/xt_recent -name 'fail2ban-*' -exec chown "$FAIL2BAN_USER" {} \;
+fi
+
+exec /sbin/setuser $FAIL2BAN_USER $DAEMON $DAEMON_ARGS