github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Merge pull request #2182 from orlitzky/openrc-improvements 

OpenRC service script improvements
pull/3064/merge
Sergey G. Brester 3 years ago committed by GitHub
parent
3fb02527a4 78dddb75e6
commit
ea7bbb4757
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 111 additions and 88 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      MANIFEST
  2. 2
      files/fail2ban-openrc.conf
  3. 86
      files/fail2ban-openrc.init.in
  4. 8
      files/gentoo-confd
  5. 60
      files/gentoo-initd
  6. 11
      setup.py

4
MANIFEST
Unescape View File

@ -393,8 +393,8 @@ files/fail2ban.service.in
files/fail2ban-tmpfiles.conf files/fail2ban-tmpfiles.conf
files/fail2ban.upstart files/fail2ban.upstart
files/gen_badbots files/gen_badbots
files/gentoo-confd files/fail2ban-openrc.conf
files/gentoo-initd files/fail2ban-openrc.init.in
files/ipmasq-ZZZzzz_fail2ban.rul files/ipmasq-ZZZzzz_fail2ban.rul
files/logwatch/fail2ban files/logwatch/fail2ban
files/logwatch/fail2ban-0.8.log files/logwatch/fail2ban-0.8.log

2
files/fail2ban-openrc.conf
Unescape View File

@ -0,0 +1,2 @@
# For available options, plase run "fail2ban-server --help".
#FAIL2BAN_OPTIONS="-x"

86
files/fail2ban-openrc.init.in
Unescape View File

@ -0,0 +1,86 @@
#!/sbin/openrc-run
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Fail2Ban is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# Author: Sireyessire, Cyril Jaquier
#
description="Ban hosts that cause multiple authentication errors"
description_reload="reload configuration without dropping bans"
extra_started_commands="reload"
# Can't (and shouldn't) be changed by the end-user.
#
# Note that @BINDIR@ is already supplied by the build system. Some
# day, it might be nice to have @RUNDIR@ supplied by the build system
# as well, so that we don't have to hard-code /run here.
FAIL2BAN_RUNDIR="/run/${RC_SVCNAME}"
FAIL2BAN_SOCKET="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.sock"
# The fail2ban-client program is also capable of starting and stopping
# the server, but things are simpler if we let start-stop-daemon do it.
command="@BINDIR@/fail2ban-server"
pidfile="${FAIL2BAN_RUNDIR}/${RC_SVCNAME}.pid"
# We force the pidfile/socket location in this service script because
# we're taking responsibility for ensuring that their parent directory
# exists and has the correct permissions (which we can't do if the
# user is allowed to change them).
command_args="${FAIL2BAN_OPTIONS} -p ${pidfile} -s ${FAIL2BAN_SOCKET}"
retry="30"
depend() {
use logger
after iptables
}
checkconfig() {
"${command}" ${command_args} --test
}
start_pre() {
# If this isn't a restart, make sure that the user's config isn't
# busted before we try to start the daemon (this will produce
# better error messages than if we just try to start it blindly).
#
# If, on the other hand, this *is* a restart, then the stop_pre
# action will have ensured that the config is usable and we don't
# need to do that again.
if [ "${RC_CMD}" != "restart" ] ; then
checkconfig || return $?
fi
checkpath -d "${FAIL2BAN_RUNDIR}"
}
stop_pre() {
# If this is a restart, check to make sure the user's config
# isn't busted before we stop the running daemon.
if [ "${RC_CMD}" = "restart" ] ; then
checkconfig || return $?
fi
}
reload() {
# The fail2ban-client uses an undocumented protocol to tell
# the server to reload(), so we have to use it here rather
# than e.g. sending a signal to the server daemon. Note that
# the reload will fail (on the server side) if the new config
# is invalid; we therefore don't need to test it ourselves
# with checkconfig() before initiating the reload.
ebegin "Reloading ${RC_SVCNAME}"
"@BINDIR@/fail2ban-client" ${command_args} reload
eend $? "Failed to reload ${RC_SVCNAME}"
}

8
files/gentoo-confd
Unescape View File

@ -1,8 +0,0 @@
# Config file for /etc/init.d/fail2ban
#
# For information on options, see "/usr/bin/fail2ban-client -h".
FAIL2BAN_OPTIONS=""
# Force execution of the server even if the socket already exists:
#FAIL2BAN_OPTIONS="-x"

60
files/gentoo-initd
Unescape View File

@ -1,60 +0,0 @@
#!/sbin/openrc-run
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Fail2Ban is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# Author: Sireyessire, Cyril Jaquier
#
description="Daemon to ban hosts that cause multiple authentication errors"
description_reload="reload configuration"
description_showlog="show fail2ban logs"
extra_started_commands="reload showlog"
FAIL2BAN="/usr/bin/fail2ban-client ${FAIL2BAN_OPTIONS}"
depend() {
need net
need logger
after iptables
}
start() {
ebegin "Starting fail2ban"
mkdir -p /var/run/fail2ban || return 1
# remove stalled sock file after system crash
# bug 347477
rm -f /var/run/fail2ban/fail2ban.sock || return 1
start-stop-daemon --start --pidfile /var/run/fail2ban/fail2ban.pid \
-- ${FAIL2BAN} start
eend $? "Failed to start fail2ban"
}
stop() {
ebegin "Stopping fail2ban"
start-stop-daemon --stop --pidfile /var/run/fail2ban/fail2ban.pid --retry 30 \
-- ${FAIL2BAN} stop
eend $? "Failed to stop fail2ban"
}
reload() {
ebegin "Reloading fail2ban"
${FAIL2BAN} reload
eend $? "Failed to reload fail2ban"
}
showlog(){
less /var/log/fail2ban.log
}

11
setup.py
Unescape View File

@ -89,13 +89,16 @@ class install_scripts_f2b(install_scripts):
if install_dir.startswith(root): if install_dir.startswith(root):
install_dir = install_dir[len(root):] install_dir = install_dir[len(root):]
except: # pragma: no cover except: # pragma: no cover
print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service".') print('WARNING: Cannot find root-base option, check the bin-path to fail2ban-scripts in "fail2ban.service" and "fail2ban-openrc.init".')
print('Creating %s/fail2ban.service (from fail2ban.service.in): @BINDIR@ -> %s' % (buildroot, install_dir))
with open(os.path.join(source_dir, 'files/fail2ban.service.in'), 'r') as fn: scripts = ['fail2ban.service', 'fail2ban-openrc.init']
for script in scripts:
print('Creating %s/%s (from %s.in): @BINDIR@ -> %s' % (buildroot, script, script, install_dir))
with open(os.path.join(source_dir, 'files/%s.in' % script), 'r') as fn:
lines = fn.readlines() lines = fn.readlines()
fn = None fn = None
if not dry_run: if not dry_run:
fn = open(os.path.join(buildroot, 'fail2ban.service'), 'w') fn = open(os.path.join(buildroot, script), 'w')
try: try:
for ln in lines: for ln in lines:
ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln) ln = re.sub(r'@BINDIR@', lambda v: install_dir, ln)

Write Preview
Loading…
Cancel
Save