diff --git a/config/action.d/abuseipdb.conf b/config/action.d/abuseipdb.conf index 279c299e..c53ed489 100644 --- a/config/action.d/abuseipdb.conf +++ b/config/action.d/abuseipdb.conf @@ -48,13 +48,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/blocklist_de.conf b/config/action.d/blocklist_de.conf index 3859c637..ba6d427b 100644 --- a/config/action.d/blocklist_de.conf +++ b/config/action.d/blocklist_de.conf @@ -31,13 +31,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/bsd-ipfw.conf b/config/action.d/bsd-ipfw.conf index 4fbe9195..5116b0d8 100644 --- a/config/action.d/bsd-ipfw.conf +++ b/config/action.d/bsd-ipfw.conf @@ -11,14 +11,14 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = ipfw show | fgrep -c -m 1 -s 'table()' > /dev/null 2>&1 || ( ipfw show | awk 'BEGIN { b = } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e
else exit b }'; num=$?; ipfw -q add $num from table\(
\) to me ; echo $num > "" ) # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = [ ! -f ] || ( read num < ""
ipfw -q delete $num
rm "" ) diff --git a/config/action.d/cloudflare.conf b/config/action.d/cloudflare.conf index 89df5b9e..1c48a37f 100644 --- a/config/action.d/cloudflare.conf +++ b/config/action.d/cloudflare.conf @@ -15,13 +15,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf index 1f74d635..3a5f882c 100644 --- a/config/action.d/complain.conf +++ b/config/action.d/complain.conf @@ -41,13 +41,13 @@ debug = 0 norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf index 4f2e09ca..c128bef3 100644 --- a/config/action.d/dshield.conf +++ b/config/action.d/dshield.conf @@ -32,13 +32,13 @@ norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = if [ -f .buffer ]; then diff --git a/config/action.d/dummy.conf b/config/action.d/dummy.conf index 41250c27..eb07e320 100644 --- a/config/action.d/dummy.conf +++ b/config/action.d/dummy.conf @@ -7,7 +7,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = if [ ! -z '' ]; then touch ; fi; @@ -22,7 +22,7 @@ actionflush = printf %%b "-*\n" echo "%(debug)s clear all" # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = if [ ! -z '' ]; then rm -f ; fi; diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf index 2a93c82b..8eebbaff 100644 --- a/config/action.d/hostsdeny.conf +++ b/config/action.d/hostsdeny.conf @@ -8,13 +8,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/ipfilter.conf b/config/action.d/ipfilter.conf index 61420e38..02091d60 100644 --- a/config/action.d/ipfilter.conf +++ b/config/action.d/ipfilter.conf @@ -9,7 +9,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # # enable IPF if not already enabled @@ -17,7 +17,7 @@ actionstart = /sbin/ipf -E # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # # don't disable IPF with "/sbin/ipf -D", there may be other filters in use diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf index 37625209..956b154b 100644 --- a/config/action.d/ipfw.conf +++ b/config/action.d/ipfw.conf @@ -8,14 +8,14 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/iptables-allports.conf b/config/action.d/iptables-allports.conf index dbea5984..caf9ab81 100644 --- a/config/action.d/iptables-allports.conf +++ b/config/action.d/iptables-allports.conf @@ -14,7 +14,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = -N f2b- @@ -22,7 +22,7 @@ actionstart = -N f2b- -I -p -j f2b- # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = -D -p -j f2b- diff --git a/config/action.d/iptables-ipset-proto4.conf b/config/action.d/iptables-ipset-proto4.conf index 30353f36..99ebbf8c 100644 --- a/config/action.d/iptables-ipset-proto4.conf +++ b/config/action.d/iptables-ipset-proto4.conf @@ -24,7 +24,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = ipset --create f2b- iphash @@ -38,7 +38,7 @@ actionstart = ipset --create f2b- iphash actionflush = ipset --flush f2b- # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = -D -p -m multiport --dports -m set --match-set f2b- src -j diff --git a/config/action.d/iptables-ipset-proto6-allports.conf b/config/action.d/iptables-ipset-proto6-allports.conf index 25fa930f..c851233c 100644 --- a/config/action.d/iptables-ipset-proto6-allports.conf +++ b/config/action.d/iptables-ipset-proto6-allports.conf @@ -23,7 +23,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = ipset create hash:ip timeout @@ -36,7 +36,7 @@ actionstart = ipset create hash:ip timeout actionflush = ipset flush # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = -D -m set --match-set src -j diff --git a/config/action.d/iptables-ipset-proto6.conf b/config/action.d/iptables-ipset-proto6.conf index 7cd8e195..12c3ddd6 100644 --- a/config/action.d/iptables-ipset-proto6.conf +++ b/config/action.d/iptables-ipset-proto6.conf @@ -23,7 +23,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = ipset create hash:ip timeout @@ -36,7 +36,7 @@ actionstart = ipset create hash:ip timeout actionflush = ipset flush # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = -D -p -m multiport --dports -m set --match-set src -j diff --git a/config/action.d/iptables-multiport-log.conf b/config/action.d/iptables-multiport-log.conf index 62c2b4b1..df126dbf 100644 --- a/config/action.d/iptables-multiport-log.conf +++ b/config/action.d/iptables-multiport-log.conf @@ -16,7 +16,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = -N f2b- @@ -34,7 +34,7 @@ actionflush = -F f2b- -F f2b--log # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = -D -p -m multiport --dports -j f2b- diff --git a/config/action.d/iptables-multiport.conf b/config/action.d/iptables-multiport.conf index c05f6ffc..41b00c54 100644 --- a/config/action.d/iptables-multiport.conf +++ b/config/action.d/iptables-multiport.conf @@ -11,7 +11,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = -N f2b- @@ -19,7 +19,7 @@ actionstart = -N f2b- -I -p -m multiport --dports -j f2b- # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = -D -p -m multiport --dports -j f2b- diff --git a/config/action.d/iptables-new.conf b/config/action.d/iptables-new.conf index 5b316807..39a17099 100644 --- a/config/action.d/iptables-new.conf +++ b/config/action.d/iptables-new.conf @@ -13,7 +13,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = -N f2b- @@ -21,7 +21,7 @@ actionstart = -N f2b- -I -m state --state NEW -p --dport -j f2b- # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = -D -m state --state NEW -p --dport -j f2b- diff --git a/config/action.d/iptables-xt_recent-echo.conf b/config/action.d/iptables-xt_recent-echo.conf index 1970de14..97449222 100644 --- a/config/action.d/iptables-xt_recent-echo.conf +++ b/config/action.d/iptables-xt_recent-echo.conf @@ -12,7 +12,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # # Changing iptables rules requires root privileges. If fail2ban is @@ -42,7 +42,7 @@ actionstart = if [ `id -u` -eq 0 ];then -I -m recent --update actionflush = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = echo / > /proc/net/xt_recent/ diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf index bf83e24a..8ed5fdad 100644 --- a/config/action.d/iptables.conf +++ b/config/action.d/iptables.conf @@ -11,7 +11,7 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = -N f2b- @@ -19,7 +19,7 @@ actionstart = -N f2b- -I -p --dport -j f2b- # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = -D -p --dport -j f2b- diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf index 88cd623f..325f185b 100644 --- a/config/action.d/mail-buffered.conf +++ b/config/action.d/mail-buffered.conf @@ -10,7 +10,7 @@ norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Hi,\n @@ -20,7 +20,7 @@ actionstart = printf %%b "Hi,\n Fail2Ban"|mail -s "[Fail2Ban] : started on " # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = if [ -f ]; then diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf index 37e2d9b0..3a3e56b2 100644 --- a/config/action.d/mail-whois-lines.conf +++ b/config/action.d/mail-whois-lines.conf @@ -15,7 +15,7 @@ before = mail-whois-common.conf norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Hi,\n @@ -24,7 +24,7 @@ actionstart = printf %%b "Hi,\n Fail2Ban" | "[Fail2Ban] : started on " # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = printf %%b "Hi,\n diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf index 1f69f4c6..7fea34c4 100644 --- a/config/action.d/mail-whois.conf +++ b/config/action.d/mail-whois.conf @@ -14,7 +14,7 @@ before = mail-whois-common.conf norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Hi,\n @@ -23,7 +23,7 @@ actionstart = printf %%b "Hi,\n Fail2Ban"|mail -s "[Fail2Ban] : started on " # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = printf %%b "Hi,\n diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf index cfc1cf65..5d8c0e15 100644 --- a/config/action.d/mail.conf +++ b/config/action.d/mail.conf @@ -10,7 +10,7 @@ norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Hi,\n @@ -19,7 +19,7 @@ actionstart = printf %%b "Hi,\n Fail2Ban"|mail -s "[Fail2Ban] : started on " # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = printf %%b "Hi,\n diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf index 8f3edf9e..b0ab2cc3 100644 --- a/config/action.d/mynetwatchman.conf +++ b/config/action.d/mynetwatchman.conf @@ -28,13 +28,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/nftables-common.conf b/config/action.d/nftables-common.conf index 83311087..37045712 100644 --- a/config/action.d/nftables-common.conf +++ b/config/action.d/nftables-common.conf @@ -25,7 +25,7 @@ after = nftables-common.local nftables_mode = dport \{ \} # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = add set \{ type \; \} @@ -35,7 +35,7 @@ _nft_list = --handle --numeric list chain saddr @ # handle' | grep -oe ' handle [0-9]*' # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = HANDLE_ID=$(%(_nft_list)s | %(_nft_get_handle_id)s) diff --git a/config/action.d/npf.conf b/config/action.d/npf.conf index 8b00d177..3bbb2f51 100644 --- a/config/action.d/npf.conf +++ b/config/action.d/npf.conf @@ -9,7 +9,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # # we don't enable NPF automatically, as it will be enabled elsewhere @@ -17,7 +17,7 @@ actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # # we don't disable NPF automatically either diff --git a/config/action.d/nsupdate.conf b/config/action.d/nsupdate.conf index 7886825c..ef56c6bd 100644 --- a/config/action.d/nsupdate.conf +++ b/config/action.d/nsupdate.conf @@ -42,14 +42,14 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/osx-ipfw.conf b/config/action.d/osx-ipfw.conf index abe4009c..6ff6afdf 100644 --- a/config/action.d/osx-ipfw.conf +++ b/config/action.d/osx-ipfw.conf @@ -9,14 +9,14 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf index 905312c3..933b4de0 100644 --- a/config/action.d/pf.conf +++ b/config/action.d/pf.conf @@ -10,7 +10,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # # we don't enable PF automatically; to enable run pfctl -e @@ -35,7 +35,7 @@ actionstart = echo "table <-> persist counters" | -f- actionstart_on_demand = false # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # # we only disable PF rules we've installed prior diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf index 37bc642d..199c6ce5 100644 --- a/config/action.d/sendmail-buffered.conf +++ b/config/action.d/sendmail-buffered.conf @@ -14,7 +14,7 @@ before = sendmail-common.conf norestored = 1 # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Subject: [Fail2Ban] : started on @@ -27,7 +27,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] : started on Fail2Ban" | /usr/sbin/sendmail -f # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = if [ -f ]; then diff --git a/config/action.d/sendmail-common.conf b/config/action.d/sendmail-common.conf index 46eca9ca..9bf15054 100644 --- a/config/action.d/sendmail-common.conf +++ b/config/action.d/sendmail-common.conf @@ -11,7 +11,7 @@ after = sendmail-common.local [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = printf %%b "Subject: [Fail2Ban] : started on @@ -24,7 +24,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] : started on Fail2Ban" | /usr/sbin/sendmail -f # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = printf %%b "Subject: [Fail2Ban] : stopped on diff --git a/config/action.d/shorewall-ipset-proto6.conf b/config/action.d/shorewall-ipset-proto6.conf index 4485d422..45be0c0a 100644 --- a/config/action.d/shorewall-ipset-proto6.conf +++ b/config/action.d/shorewall-ipset-proto6.conf @@ -47,7 +47,7 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = if ! ipset -quiet -name list f2b- >/dev/null; @@ -55,7 +55,7 @@ actionstart = if ! ipset -quiet -name list f2b- >/dev/null; fi # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = ipset flush f2b- diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf index 282b95af..dcef8829 100644 --- a/config/action.d/shorewall.conf +++ b/config/action.d/shorewall.conf @@ -17,13 +17,13 @@ [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/config/action.d/symbiosis-blacklist-allports.conf b/config/action.d/symbiosis-blacklist-allports.conf index c24a8e0a..6fb7d0af 100644 --- a/config/action.d/symbiosis-blacklist-allports.conf +++ b/config/action.d/symbiosis-blacklist-allports.conf @@ -10,13 +10,13 @@ before = iptables-common.conf [Definition] # Option: actionstart -# Notes.: command executed once at the start of Fail2Ban. +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop -# Notes.: command executed once at the end of Fail2Ban +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = diff --git a/fail2ban/client/fail2banclient.py b/fail2ban/client/fail2banclient.py index f80193ee..73abacb2 100755 --- a/fail2ban/client/fail2banclient.py +++ b/fail2ban/client/fail2banclient.py @@ -69,7 +69,7 @@ class Fail2banClient(Fail2banCmdLine, Thread): # Print a new line because we probably come from wait output("") logSys.warning("Caught signal %d. Exiting" % signum) - exit(-1) + exit(255) def __ping(self, timeout=0.1): return self.__processCmd([["ping"] + ([timeout] if timeout != -1 else [])], @@ -500,5 +500,5 @@ def exec_command_line(argv): if client.start(argv): exit(0) else: - exit(-1) + exit(255) diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py index 68b7b7c3..29723dfb 100644 --- a/fail2ban/client/fail2banregex.py +++ b/fail2ban/client/fail2banregex.py @@ -668,7 +668,7 @@ def exec_command_line(*args): if errors: sys.stderr.write("\n".join(errors) + "\n\n") parser.print_help() - sys.exit(-1) + sys.exit(255) output( "" ) output( "Running tests" ) @@ -696,4 +696,4 @@ def exec_command_line(*args): fail2banRegex = Fail2banRegex(opts) if not fail2banRegex.start(args): - sys.exit(-1) + sys.exit(255) diff --git a/fail2ban/client/fail2banserver.py b/fail2ban/client/fail2banserver.py index afe36cf4..d94d13ff 100644 --- a/fail2ban/client/fail2banserver.py +++ b/fail2ban/client/fail2banserver.py @@ -212,7 +212,7 @@ class Fail2banServer(Fail2banCmdLine): if not phase.get('done', False): if server: # pragma: no cover server.quit() - exit(-1) + exit(255) if background: logSys.debug('Starting server done') @@ -223,7 +223,7 @@ class Fail2banServer(Fail2banCmdLine): logSys.error(e) if server: # pragma: no cover server.quit() - exit(-1) + exit(255) return True @@ -238,4 +238,4 @@ def exec_command_line(argv): if server.start(argv): exit(0) else: - exit(-1) + exit(255) diff --git a/fail2ban/server/transmitter.py b/fail2ban/server/transmitter.py index ba9b914d..c24408c4 100644 --- a/fail2ban/server/transmitter.py +++ b/fail2ban/server/transmitter.py @@ -116,7 +116,7 @@ class Transmitter: elif command[0] == "echo": return command[1:] elif command[0] == "server-status": - logSys.debug("Server ready") + logSys.debug("Status: ready") return "Server ready" elif command[0] == "sleep": value = command[1] diff --git a/fail2ban/tests/fail2banclienttestcase.py b/fail2ban/tests/fail2banclienttestcase.py index 074a2179..c120128b 100644 --- a/fail2ban/tests/fail2banclienttestcase.py +++ b/fail2ban/tests/fail2banclienttestcase.py @@ -612,7 +612,7 @@ class Fail2banClientTest(Fail2banClientServerBase): # test reload missing jail (direct): self.execCmd(FAILED, startparams, "reload", "~~unknown~jail~fail~~") self.assertLogged("Failed during configuration: No section: '~~unknown~jail~fail~~'") - self.assertLogged("Exit with code -1") + self.assertLogged("Exit with code 255") self.pruneLog() finally: self.pruneLog() @@ -836,7 +836,7 @@ class Fail2banServerTest(Fail2banClientServerBase): "norestored = %(_exec_once)s", "restore = ", "info = ", - "_use_flush_ = echo [] : -- flushing IPs", + "_use_flush_ = echo '[%(name)s] %(actname)s: -- flushing IPs'", "actionstart = echo '[%(name)s] %(actname)s: ** start'", start, "actionreload = echo '[%(name)s] %(actname)s: .. reload'", reload, "actionban = echo '[%(name)s] %(actname)s: ++ ban %(restore)s%(info)s'", ban, diff --git a/files/debian-initd b/files/debian-initd index d6660215..3b1745c1 100755 --- a/files/debian-initd +++ b/files/debian-initd @@ -180,10 +180,17 @@ do_reload() { # log_end_msg_wrapper() { + if [ $1 != 0 ] && [ $1 != $2 ]; then + value=1 + else + value=0 + fi if [ "$3" != "no" ]; then - [ $1 -lt $2 ] && value=0 || value=1 log_end_msg $value fi + if [ $value != "0" ]; then + exit $1 + fi } command="$1" @@ -191,13 +198,13 @@ case "$command" in start|force-start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" do_start "$command" - log_end_msg_wrapper $? 2 "$VERBOSE" + log_end_msg_wrapper $? 255 "$VERBOSE" ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop - log_end_msg_wrapper $? 2 "$VERBOSE" + log_end_msg_wrapper $? 255 "$VERBOSE" ;; restart|force-reload) @@ -206,7 +213,7 @@ case "$command" in case "$?" in 0|1) do_start - log_end_msg_wrapper $? 1 "always" + log_end_msg_wrapper $? 0 "always" ;; *) # Failed to stop