94 lines
2.6 KiB
Bash
Executable File
94 lines
2.6 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
|
DESC="authentication failure monitor"
|
|
NAME=fail2ban
|
|
|
|
# fail2ban-client is not a daemon itself but starts a daemon and
|
|
# loads its with configuration
|
|
#DAEMON=/usr/bin/$NAME-client
|
|
DAEMON=/usr/bin/$NAME-server
|
|
SCRIPTNAME=/etc/init.d/$NAME
|
|
|
|
# Ad-hoc way to parse out socket file name
|
|
SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
|
|
| tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
|
|
[ -z "$SOCKFILE" ] && SOCKFILE='/tmp/fail2ban.sock'
|
|
|
|
# Exit if the package is not installed
|
|
[ -x "$DAEMON" ] || exit 0
|
|
|
|
# Run as root by default.
|
|
FAIL2BAN_USER=root
|
|
|
|
# Read configuration variable file if it is present
|
|
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
|
DAEMON_ARGS="-f $FAIL2BAN_OPTS"
|
|
|
|
# Load the VERBOSE setting and other rcS variables
|
|
[ -f /etc/default/rcS ] && . /etc/default/rcS
|
|
|
|
# Predefine what can be missing from lsb source later on -- necessary to run
|
|
# on sarge. Just present it in a bit more compact way from what was shipped
|
|
log_daemon_msg () {
|
|
[ -z "$1" ] && return 1
|
|
echo -n "$1:"
|
|
[ -z "$2" ] || echo -n " $2"
|
|
}
|
|
|
|
# Define LSB log_* functions.
|
|
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
|
# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined
|
|
# so we must be ok
|
|
. /lib/lsb/init-functions
|
|
|
|
#
|
|
# Shortcut function for abnormal init script interruption
|
|
#
|
|
report_bug()
|
|
{
|
|
echo $*
|
|
echo "Please submit a bug report to Debian BTS (reportbug fail2ban)"
|
|
exit 1
|
|
}
|
|
|
|
#
|
|
# Helper function to check if socket is present, which is often left after
|
|
# abnormal exit of fail2ban and needs to be removed
|
|
#
|
|
check_socket()
|
|
{
|
|
# Return
|
|
# 0 if socket is present and readable
|
|
# 1 if socket file is not present
|
|
# 2 if socket file is present but not readable
|
|
# 3 if socket file is present but is not a socket
|
|
[ -e "$SOCKFILE" ] || return 1
|
|
[ -r "$SOCKFILE" ] || return 2
|
|
[ -S "$SOCKFILE" ] || return 3
|
|
return 0
|
|
}
|
|
|
|
if [ -e "$SOCKFILE" ]; then
|
|
log_failure_msg "Socket file $SOCKFILE is present"
|
|
[ "$1" = "force-start" ] \
|
|
&& log_success_msg "Starting anyway as requested" \
|
|
|| return 2
|
|
DAEMON_ARGS="$DAEMON_ARGS -x"
|
|
fi
|
|
|
|
# Assure that /var/run/fail2ban exists
|
|
[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
|
|
|
|
if [ "$FAIL2BAN_USER" != "root" ]; then
|
|
# Make the socket directory, IP lists and fail2ban log
|
|
# files writable by fail2ban
|
|
chown "$FAIL2BAN_USER" /var/run/fail2ban
|
|
# Create the logfile if it doesn't exist
|
|
touch /var/log/fail2ban.log
|
|
chown "$FAIL2BAN_USER" /var/log/fail2ban.log
|
|
find /proc/net/xt_recent -name 'fail2ban-*' -exec chown "$FAIL2BAN_USER" {} \;
|
|
fi
|
|
|
|
exec /sbin/setuser $FAIL2BAN_USER $DAEMON $DAEMON_ARGS
|