From 4115b62a01112576bdb22c18f1445103bdda3ebe Mon Sep 17 00:00:00 2001 From: Cameron Norman Date: Fri, 11 Apr 2014 16:49:56 -0700 Subject: [PATCH 1/5] Update fail2ban.upstart It was actually a little problematic :) --- files/fail2ban.upstart | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/files/fail2ban.upstart b/files/fail2ban.upstart index 1780a810..19349ebd 100644 --- a/files/fail2ban.upstart +++ b/files/fail2ban.upstart @@ -3,11 +3,9 @@ description "fail2ban - ban hosts that cause multiple authentication errors" start on filesystem and started networking stop on deconfiguring-networking -expect fork +expect daemon respawn -exec /usr/bin/fail2ban-client -x -b start - -pre-stop exec /usr/bin/fail2ban-client stop +exec /usr/bin/fail2ban-server -x -b post-stop exec rm -f /var/run/fail2ban/fail2ban.pid From 0c8e72f45266ef1ce44cbd8acda304fb3e1bc689 Mon Sep 17 00:00:00 2001 From: Cameron Norman Date: Fri, 11 Apr 2014 17:09:08 -0700 Subject: [PATCH 2/5] Update fail2ban.upstart No longer directly exec the server, do not remove the PID file because it is unnecessary to do so. No longer respawns because Upstart can not track the process with the starter command. --- files/fail2ban.upstart | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/files/fail2ban.upstart b/files/fail2ban.upstart index 19349ebd..ccf267f0 100644 --- a/files/fail2ban.upstart +++ b/files/fail2ban.upstart @@ -3,9 +3,5 @@ description "fail2ban - ban hosts that cause multiple authentication errors" start on filesystem and started networking stop on deconfiguring-networking -expect daemon -respawn - -exec /usr/bin/fail2ban-server -x -b - -post-stop exec rm -f /var/run/fail2ban/fail2ban.pid +pre-start exec /usr/bin/fail2ban-client -x start +post-stop exec /usr/bin/fail2ban-client stop From 0ef5027234fa6eaa9716abc9dd5ddcc5e67a3fe5 Mon Sep 17 00:00:00 2001 From: Cameron Norman Date: Sat, 19 Apr 2014 14:12:20 -0700 Subject: [PATCH 3/5] Change Upstart job to track PID of the server This only works correctly if the client does not fork itself when starting the server (which forks twice further). --- files/fail2ban.upstart | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/files/fail2ban.upstart b/files/fail2ban.upstart index ccf267f0..8a7ba10c 100644 --- a/files/fail2ban.upstart +++ b/files/fail2ban.upstart @@ -3,5 +3,13 @@ description "fail2ban - ban hosts that cause multiple authentication errors" start on filesystem and started networking stop on deconfiguring-networking -pre-start exec /usr/bin/fail2ban-client -x start +expect daemon +respawn + +pre-start script + [ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban +end script + +exec /usr/bin/fail2ban-client -x start + post-stop exec /usr/bin/fail2ban-client stop From 39ad5b7474158c6fdb4b94935fe97f53e59fe69e Mon Sep 17 00:00:00 2001 From: Cameron Norman Date: Sat, 19 Apr 2014 15:10:19 -0700 Subject: [PATCH 4/5] Update Upstart job: uses stop command in pre-stop, removes PID file in post-stop --- files/fail2ban.upstart | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/files/fail2ban.upstart b/files/fail2ban.upstart index 8a7ba10c..baabb22b 100644 --- a/files/fail2ban.upstart +++ b/files/fail2ban.upstart @@ -12,4 +12,6 @@ end script exec /usr/bin/fail2ban-client -x start -post-stop exec /usr/bin/fail2ban-client stop +pre-stop exec /usr/bin/fail2ban-client stop + +post-stop exec rm -f /var/run/fail2ban/fail2ban.pid From 2a14e48f0ba3a6c27af15af47e9c243ebb9373e1 Mon Sep 17 00:00:00 2001 From: Cameron Norman Date: Tue, 22 Apr 2014 21:55:51 -0700 Subject: [PATCH 5/5] A few final touches on the Upstart job (a) use static-network-up, since it is more generic than the started networking event (b) do not hook into network deconfiguration to speed up shutdown (c) expect fork, per the use of the "-f" option (d) use a variable for the run directory to make changing it simpler (e) handle the situation of a left over socket file (f) use the -f option to be able to track the PID --- files/fail2ban.upstart | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/files/fail2ban.upstart b/files/fail2ban.upstart index baabb22b..18fafebd 100644 --- a/files/fail2ban.upstart +++ b/files/fail2ban.upstart @@ -1,17 +1,20 @@ description "fail2ban - ban hosts that cause multiple authentication errors" -start on filesystem and started networking -stop on deconfiguring-networking +start on filesystem and static-network-up +stop on runlevel [016] -expect daemon +expect fork respawn +env RUNDIR=/var/run/fail2ban + pre-start script - [ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban + test -d $RUNDIR || mkdir -p $RUNDIR + test ! -e $RUNDIR/fail2ban.sock || rm -f $RUNDIR/fail2ban.sock end script -exec /usr/bin/fail2ban-client -x start +exec /usr/bin/fail2ban-client -f -x start pre-stop exec /usr/bin/fail2ban-client stop -post-stop exec rm -f /var/run/fail2ban/fail2ban.pid +post-stop exec rm -f $RUNDIR/fail2ban.pid