Overview

File sshguard.init of Package sshguard

#!/bin/sh
#
### BEGIN INIT INFO
# Provides:          sshguard
# Required-Start:    $syslog $remote_fs
# Should-Start:      
# Required-Stop:     $syslog $remote_fs
# Should-Stop:       
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: SSHGUARD provides automatic attack blocking
# Description:       Start SSHGUARD to protect certain services
#	from brute force attacks noticed in system logging
### END INIT INFO

SSHGUARD_BIN=/usr/sbin/sshguard
test -x $SSHGUARD_BIN || { echo "$SSHGUARD_BIN not installed"; 
	if [ "$1" = "stop" ]; then exit 0;
	else exit 5; fi; }
test -x /usr/sbin/iptables || { echo "iptables not installed";
        if [ "$1" = "stop" ]; then exit 0;
	else exit 5; fi; }

# Check for existence of needed config file and read it
SSHGUARD_CONFIG=/etc/sysconfig/sshguard
test -r $SSHGUARD_CONFIG || { echo "$SSHGUARD_CONFIG not existing";
	if [ "$1" = "stop" ]; then exit 0;
	else exit 6; fi; }

# Read config
. $SSHGUARD_CONFIG

# setup commandline as required
setup_cmdline() {
  cmdline=""
  if [ "$1" != "stop" ]; then
    test -n $MONITORED_LOGS || \
      { echo "At least one logfile must be defined in MONITORED_LOGS";
        exit 6; }
  fi
  for _logs in $MONITORED_LOGS; do
    cmdline="$cmdline -l $_logs"
  done
  # set defaults
  test -z $PORTS && PORTS=22

  test -n $ATTACK_ATTEMPTS && cmdline="$cmdline -a $ATTACK_ATTEMPTS"
  test -n $RELEASE_TIMEOUT && cmdline="$cmdline -p $RELEASE_TIMEOUT"
  test -n $FORGET_TIMEOUT  && cmdline="$cmdline -s $FORGET_TIMEOUT"
  test -n "$WHITELIST"     && cmdline="$cmdline -w $WHITELIST"
  test -n "$BLACKLIST"     && cmdline="$cmdline -b $BLACKLIST"
}

iptables_start() {
  /usr/sbin/iptables -N sshguard
  /usr/sbin/ip6tables -N sshguard
  /usr/sbin/iptables -I INPUT 1 -p tcp --dport $PORTS -j sshguard
  /usr/sbin/ip6tables -I INPUT 1 -p tcp --dport $PORTS -j sshguard
}

iptables_stop() {
  /usr/sbin/iptables -F sshguard
  /usr/sbin/ip6tables -F sshguard
  /usr/sbin/iptables -D INPUT -p tcp --dport $PORTS -j sshguard
  /usr/sbin/ip6tables -D INPUT -p tcp --dport $PORTS -j sshguard
  /usr/sbin/iptables -X sshguard
  /usr/sbin/ip6tables -X sshguard
}

. /etc/rc.status

# Reset status of this service
rc_reset
case "$1" in
    start)
	echo -n "Starting SSHGUARD "
	iptables_start
	setup_cmdline
	/sbin/startproc -q $SSHGUARD_BIN $cmdline
	rc_status -v
	;;
    stop)
	echo -n "Shutting down SSHGUARD "
	/sbin/killproc -q -TERM $SSHGUARD_BIN
	iptables_stop
	rc_status -v
	;;
    try-restart|condrestart)
	if test "$1" = "condrestart"; then
		echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
	fi
	$0 status
	if test $? = 0; then
		$0 restart
	else
		rc_reset	# Not running is not a failure.
	fi
	rc_status
	;;
    restart)
	$0 stop
	$0 start
	rc_status
	;;
    force-reload)
	echo -n "Reload service SSHGUARD "
	$0 try-restart
	rc_status
	;;
    reload)
	echo -n "Reload service SSHGUARD "
	rc_failed 3
	rc_status -v
	;;
    status)
	echo -n "Checking for service SSHGUARD "
	/sbin/checkproc $SSHGUARD_BIN
	rc_status -v
	;;
    probe)
	test $SSHGUARD_CONFIG -nt /var/run/sshguard.pid && echo reload
	;;
    *)
	echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
	exit 1
	;;
esac
rc_exit
openSUSE Build Service is sponsored by
Places