* Corrected init.d script to properly perform restart due to server delay to

react to client command to stop. Handling of status was adjusted as well * Added apache-noscript to jail.conf * Default action does not send emails to be inline with previous (0.6.x) behavior
2006-10-30 03:32:29 +00:00 · 2006-10-30 03:32:29 +00:00 · 4bbea5b41b
parent 668ef068cf
commit 4bbea5b41b
3 changed files with 81 additions and 23 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,18 @@
+fail2ban (0.7.4~pre20061023.2-3) experimental; urgency=low
+
+  * Corrected init.d script to properly perform restart due to server delay to
+    react to client command to stop. Handling of status was adjusted as well
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Sun, 29 Oct 2006 22:29:27 -0500
+
+fail2ban (0.7.4~pre20061023.2-2) experimental; urgency=low
+
+  * Added apache-noscript to jail.conf
+  * Default action does not send emails to be inline with previous (0.6.x)
+    behavior
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 26 Oct 2006 13:27:20 -0400
+
 fail2ban (0.7.4~pre20061023.2-1) experimental; urgency=low

  * Fresh upstream: fixed a bug with not handling error producing
--- a/debian/fail2ban.init
+++ b/debian/fail2ban.init
@ -59,14 +59,48 @@ do_start()
 	#	0 if daemon has been started
 	#	1 if daemon was already running
 	#	2 if daemon could not be started
-	start-stop-daemon --start --quiet --user root --exec $DAEMON --test -- \
-		$DAEMON_ARGS start > /dev/null \
-		|| return 1
+	do_status && return 1
 	start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
 		$DAEMON_ARGS start > /dev/null\
 		|| return 2
 }

+#
+# Shortcut function for abnormal init script interruption
+#
+report_bug()
+{
+	echo $*
+	echo "Please submit a bug report to Debian BTS (reportbug fail2ban)"
+	exit 1
+}
+
+#
+# Function that checks the status of fail2ban and returns
+# corresponding code
+#
+do_status()
+{
+	$DAEMON status > /dev/null
+	case $? in
+		0) return 0
+			;;
+		255)
+			if [ -S $SOCKFILE ]; then
+				if [ -r $SOCKFILE ]; then
+					return 1
+				else
+					return 4
+				fi
+			else
+				return 3
+			fi
+			;;
+		*)
+			report_bug "Unknown return code from fail2ban."
+	esac
+}
+
 #
 # Function that stops the daemon/service
 #
@ -109,6 +143,16 @@ case "$1" in
 		do_stop
 		case "$?" in
 			0|1)
+                # now we need actually to wait a bit since it might take time
+   		        # for server to react on client's stop request
+				count=1
+				while do_status && [ $count -lt 10 ]; do
+					sleep 1
+					count=$(($count+1))
+				done
+
+				[ $count -lt 10 ] || log_end_msg 1 # failed to stop
+
 				do_start
 				log_end_msg_wrapper $? 1
 				;;
@ -120,25 +164,13 @@ case "$1" in
 		;;
 	status)
 		log_daemon_msg "Status of $DESC"
-		$DAEMON status > /dev/null
+		do_status
 		case $? in
-			0)  log_success_msg " $NAME is running"
-				exit 0
-				;;
-			255)
-				if [ -S $SOCKFILE ]; then
-					if [ -r $SOCKFILE ]; then
-						log_failure_msg " $NAME is not running but $SOCKFILE exists"
-						exit 1
-					else
-						log_failure_msg " $SOCKFILE not readable, status of $NAME unknown"
-						exit 4
-					fi
-				else
-					log_warning_msg " $NAME is not running"
-					exit 3
-				fi
-				;;
+			0)  log_success_msg " $NAME is running" ;;
+			1)  log_failure_msg " $NAME is not running but $SOCKFILE exists" ;;
+			3)  log_warning_msg " $NAME is not running" ;;
+			4)  log_failure_msg " $SOCKFILE not readable, status of $NAME unknown";;
+			*)  report_bug "Unknown status code"
 		esac
 		;;
 	*)
--- a/debian/jail.conf
+++ b/debian/jail.conf
@ -26,10 +26,13 @@ maxretry = 3
 # jail.{conf,local} configuration files.
 destemail = root@localhost

+# Default action to take: ban only
+action = iptables[name=%(__name__)s, port=%(port)s]
+
 # Default action to take: ban & send an e-mail with whois report
 # to the destemail
-action = iptables[name=%(__name__)s, port=%(port)s]
-		 mail-whois[name=%(__name__)s, dest=%(destemail)s]
+#action = iptables[name=%(__name__)s, port=%(port)s]
+# 	  mail-whois[name=%(__name__)s, dest=%(destemail)s]

 #
 # Next jails corresponds to the standard configuration in Fail2ban 0.6.
@ -62,6 +65,14 @@ logpath = /var/log/apache*/*access.log
 maxretry = 6


+[apache-noscript]
+
+enabled = false
+port    = http
+filter  = apache-noscript
+logpath = /var/log/apache*/*error.log
+maxretry = 6
+
 #
 # FTP servers
 #