Rewrite to use native init.d functions

- There was a bug with the old "getpid" function, when running linux containers you can see multiple fail2ban instances on hardware node and could stop one on a random virtual environment - Added reload and status options
2013-06-03 06:29:36 -05:00 · 2013-06-03 06:29:36 -05:00 · 3736d7ddbf
parent b53612cb10
commit 3736d7ddbf
1 changed files with 46 additions and 45 deletions
--- a/files/redhat-initd
+++ b/files/redhat-initd
@ -1,38 +1,40 @@
 #!/bin/bash
 #
 # chkconfig: 345 92 08
-# description: Fail2ban daemon
-#              http://fail2ban.sourceforge.net/wiki/index.php/Main_Page
-# process name: fail2ban-server
-#
-#
-# Author: Tyler Owen
+# processname: fail2ban-server
+# config: /etc/fail2ban/fail2ban.conf
+# pidfile: /var/run/fail2ban/fail2ban.pid
+# description: fail2ban is a daemon to ban hosts that cause multiple authentication errors
 #
+### BEGIN INIT INFO
+# Provides: fail2ban
+# Required-Start: $local_fs $remote_fs $network
+# Required-Stop: $local_fs $remote_fs $network
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: start and stop fail2ban
+### END INIT INFO

 # Source function library.
-. /etc/init.d/functions
+. /etc/rc.d/init.d/functions

 # Check that the config file exists
 [ -f /etc/fail2ban/fail2ban.conf ] || exit 0

 FAIL2BAN="/usr/bin/fail2ban-client"
-
+prog=fail2ban-server
+lockfile=${LOCKFILE-/var/lock/subsys/fail2ban}
+socket=${SOCKET-/var/run/fail2ban/fail2ban.sock}
+pidfile=${PIDFILE-/var/run/fail2ban/fail2ban.pid}
 RETVAL=0

-getpid() {
-    pid=`ps -eo pid,comm | grep fail2ban- | awk '{ print $1 }'`
-}
-
 start() {
    echo -n $"Starting fail2ban: "
-    getpid
-    if [ -z "$pid" ]; then
-	rm -rf /var/run/fail2ban/fail2ban.sock # in case of unclean shutdown
-        $FAIL2BAN start > /dev/null
-        RETVAL=$?
-    fi
-    if [ $RETVAL -eq 0 ]; then
-        touch /var/lock/subsys/fail2ban
+    rm -f ${socket} # in case of unclean shutdown
+    ${FAIL2BAN} start > /dev/null
+    RETVAL=$?
+    if [ $RETVAL = 0 ]; then
+        touch ${lockfile}
        echo_success
    else
        echo_failure
@ -43,51 +45,50 @@ start() {

 stop() {
    echo -n $"Stopping fail2ban: "
-    getpid
+    ${FAIL2BAN} stop > /dev/null
    RETVAL=$?
-    if [ -n "$pid" ]; then
-        $FAIL2BAN stop > /dev/null
-    sleep 1
-    getpid
-    if [ -z "$pid" ]; then
-        rm -f /var/lock/subsys/fail2ban
+    if [ $RETVAL = 0 ]; then
+        rm -f ${lockfile} ${pidfile}
        echo_success
    else
        echo_failure
    fi
-    else
-        echo_failure
-    fi
+    echo
+    return $RETVAL
+}
+
+reload() {
+    echo "Reloading fail2ban: "
+    ${FAIL2BAN} reload
+    RETVAL=$?
    echo
    return $RETVAL
 }

 # See how we were called.
 case "$1" in
-  start)
+    start)
+        status -p ${pidfile} ${prog} >/dev/null 2>&1 && exit 0
        start
        ;;
-  stop)
+    stop)
        stop
        ;;
-  status)
-        getpid
-        if [ -n "$pid" ]; then
-                echo "Fail2ban (pid $pid) is running..."
-                $FAIL2BAN status
-        else
-                RETVAL=1
-                echo "Fail2ban is stopped"
-        fi
+    reload)
+        reload
        ;;
-  restart)
+    restart)
        stop
        start
        ;;
-  *)
-        echo $"Usage: $0 {start|stop|status|restart}"
-        exit 1
+    status)
+        status -p ${pidfile} ${prog}
+        RETVAL=$?
+        [ $RETVAL = 0 ] && ${FAIL2BAN} status
        ;;
+    *)
+        echo $"Usage: fail2ban {start|stop|restart|reload|status}"
+        RETVAL=2
 esac

 exit $RETVAL