File fail2ban.init of Package fail2ban

#!/bin/sh
#
#     Template SUSE system startup script for example daemon fail2ban
#     Copyright (C) 2010  Klaus Sinvogel, SUSE / Novell Inc.
#          
#     This library is free software; you can redistribute it and/or modify it
#     under the terms of the GNU Lesser General Public License as published by
#     the Free Software Foundation; either version 2.1 of the License, or (at
#     your option) any later version.
#			      
#     This library is distributed in the hope that it will be useful, but
#     WITHOUT ANY WARRANTY; without even the implied warranty of
#     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
#     Lesser General Public License for more details.
#      
#     You should have received a copy of the GNU Lesser General Public
#     License along with this library; if not, write to the Free Software
#     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
#     USA.
#
#
### BEGIN INIT INFO
# Provides:          fail2ban
# Required-Start:    $syslog $remote_fs $local_fs
# Should-Start:      $time $network iptables
# Required-Stop:     $syslog $remote_fs $local_fs
# Should-Stop:       $time $network iptables
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: Bans IPs with too many password failures 
# Description:       Start fail2ban to scan logfiles and ban IP addresses
#	which make too many logfiles failures, and/or sent e-mails about
### END INIT INFO

# Check for missing binaries (stale symlinks should not happen)
FAIL2BAN_CLI=/usr/bin/fail2ban-client
test -x $FAIL2BAN_CLI || { echo "$FAIL2BAN_CLI not installed"; 
	if [ "$1" = "stop" ]; then exit 0;
	else exit 5; fi; }
FAIL2BAN_SRV=/usr/bin/fail2ban-server
test -x $FAIL2BAN_SRV || { echo "$FAIL2BAN_SRV not installed"; 
	if [ "$1" = "stop" ]; then exit 0;
	else exit 5; fi; }

# Check for existence of needed config file and read it
FAIL2BAN_CONFIG=/etc/sysconfig/fail2ban
test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing";
	if [ "$1" = "stop" ]; then exit 0;
	else exit 6; fi; }

# Socket directory
FAIL2BAN_SOCK_DIR="/var/run/fail2ban"

# Read config	
. $FAIL2BAN_CONFIG

. /etc/rc.status
rc_reset

case "$1" in
    start)
	echo -n "Starting fail2ban "

	if [ ! -d $FAIL2BAN_SOCK_DIR ]; then
		mkdir -p $FAIL2BAN_SOCK_DIR
	fi
	## Start daemon with startproc(8). If this fails
	## the return value is set appropriately by startproc.
	startproc $FAIL2BAN_CLI -q $FAIL2BAN_OPTIONS start > /dev/null 2>&1

	# Remember status and be verbose
	rc_status -v
	;;
    stop)
	echo -n "Shutting down fail2ban "
	## Stop daemon with built-in functionality 'stop'
	startproc -w $FAIL2BAN_CLI -q stop > /dev/null 2>&1

	# Remember status and be verbose
	rc_status -v
	;;
    try-restart|condrestart)
	## Do a restart only if the service was active before.
	## Note: try-restart is now part of LSB (as of 1.9).
	## RH has a similar command named condrestart.
	if test "$1" = "condrestart"; then
		echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
	fi
	$0 status
	if test $? = 0; then
		$0 restart
	else
		rc_reset	# Not running is not a failure.
	fi
	# Remember status and be quiet
	rc_status
	;;
    restart)
	## Stop the service and regardless of whether it was
	## running or not, start it again.
	$0 stop
	$0 start

	# Remember status and be quiet
	rc_status
	;;
    force-reload)
	## Signal the daemon to reload its config. Most daemons
	## do this on signal 1 (SIGHUP).
	## If it does not support it, restart the service if it
	## is running.

	echo -n "Reload service fail2ban "
	killproc -HUP $FAIL2BAN_SRV
	rc_status -v

	## Otherwise:
	#$0 try-restart
	#rc_status
	;;
    reload)
	## Like force-reload, but if daemon does not support
	## signaling, do nothing (!)

	# If it supports signaling:
	echo -n "Reload service fail2ban "
	startproc $FAIL2BAN_CLI -q reload > /dev/null 2>&1

	rc_status -v
	
	## Otherwise if it does not support reload:
	#rc_failed 3
	#rc_status -v
	;;
    status)
	echo -n "Checking for service fail2ban "
	## Check status with checkproc(8), if process is running
	## checkproc will return with exit status 0.

	# Return value is slightly different for the status command:
	# 0 - service up and running
	# 1 - service dead, but /var/run/  pid  file exists
	# 2 - service dead, but /var/lock/ lock file exists
	# 3 - service not running (unused)
	# 4 - service status unknown :-(
	# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
	
	# NOTE: checkproc returns LSB compliant status values.
	checkproc $FAIL2BAN_SRV
	# NOTE: rc_status knows that we called this init script with
	# "status" option and adapts its messages accordingly.
	rc_status -v
	;;
    probe)
	## Optional: Probe for the necessity of a reload, print out the
	## argument to this init script which is required for a reload.
	## Note: probe is not (yet) part of LSB (as of 1.9)

	test /etc/fail2ban/fail2ban.conf -nt /var/run/fail2ban/fail2ban.pid && echo reload
	;;
    *)
	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
	exit 1
	;;
esac
rc_exit