fixed action_ shortcuts

adjusted initd script to be verbose on start if socketfile exists

debian/changelog

@@ -4,16 +4,16 @@ fail2ban (0.7.6-1~pre1) UNRELEASED; urgency=low
     non-released versions (which were suggested to the users to overcome
     problems reported in bug reports). In particular attention should be paid
     to upstream changelog entries
-  
+
     - Several "failregex" and "ignoreregex" are now accepted.
       Creation of rules should be easier now.
-    
+
       This is an alternative solution to 'multiple <HOST>' entries fix,
       which is not applied to this shipped version - pay cautios if upgrading
       from 0.7.5-3~pre?
-   
+
     - Allow comma in action options. The value of the option must
-      be escaped with " or '. 
+      be escaped with " or '.
 
       That allowed to implement requested ability to ban multiple ports
       at once (See 373592). README.Debian and jail.conf adjusted to reflect
@@ -28,10 +28,13 @@ fail2ban (0.7.6-1~pre1) UNRELEASED; urgency=low
     - Added option banaction which is to incorporate banning agent
       (usually some flavor of iptables rule), which can then be easily
       overriden globally or per section
-    
+
     - Multiple actions are defined as action_* to serve as shortcuts
-   
+
- -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  4 Jan 2007 12:21:30 -0500
+  * Initd script was modified to inform about present socket file which
+    would forbid fail2ban-server from starting.
+
+  -- Yaroslav Halchenko <debian@onerussian.com>  Thu,  4 Jan 2007 12:21:30 -0500
 
 fail2ban (0.7.5-3~pre6) unstable; urgency=low
 

debian/fail2ban.init

@@ -23,9 +23,13 @@ NAME=fail2ban
 # fail2ban-client is not a daemon itself but starts a daemon and
 # loads its with configuration
 DAEMON=/usr/bin/$NAME-client
-SOCKFILE=/tmp/$NAME.sock
 SCRIPTNAME=/etc/init.d/$NAME
 
+# Ad-hoc way to parse out socket file name
+SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
+          | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
+[ -z "$SOCKFILE" ] && SOCKFILE='/tmp/fail2ban.sock'
+
 # Exit if the package is not installed
 [ -x "$DAEMON" ] || exit 0
 
@@ -50,21 +54,6 @@ log_daemon_msg () {
 #  so we must be ok
 . /lib/lsb/init-functions
 
-#
-# Function that starts the daemon/service
-#
-do_start()
-{
-	# Return
-	#	0 if daemon has been started
-	#	1 if daemon was already running
-	#	2 if daemon could not be started
-	do_status && return 1
-	start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
-		$DAEMON_ARGS start > /dev/null\
-		|| return 2
-}
-
 #
 # Shortcut function for abnormal init script interruption
 #
@@ -75,6 +64,47 @@ report_bug()
 	exit 1
 }
 
+#
+# Helper function to check if socket is present, which is often left after
+# abnormal exit of fail2ban and needs to be removed
+#
+check_socket()
+{
+	# Return
+	#	0 if socket is present and readable
+	#	1 if socket file is not present
+	#	2 if socket file is present but not readable
+	#	3 if socket file is present but is not a socket
+	[ -e "$SOCKFILE" ] || return 1
+	[ -r "$SOCKFILE" ] || return 2
+	[ -S "$SOCKFILE" ] || return 3
+	return 0
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+	# Return
+	#	0 if daemon has been started
+	#	1 if daemon was already running
+	#	2 if daemon could not be started
+	do_status && return 1
+
+	if [ -e "$SOCKFILE" ]; then
+		log_failure_msg "Socket file $SOCKFILE is present"
+		return 2
+	fi
+
+	start-stop-daemon --start --quiet --chuid root --exec $DAEMON -- \
+		$DAEMON_ARGS start > /dev/null\
+		|| return 2
+
+	return 0
+}
+
+
 #
 # Function that checks the status of fail2ban and returns
 # corresponding code
@@ -82,23 +112,7 @@ report_bug()
 do_status()
 {
 	$DAEMON ping > /dev/null
-	case $? in
+	return $?
-		0) return 0
-			;;
-		255)
-			if [ -S $SOCKFILE ]; then
-				if [ -r $SOCKFILE ]; then
-					return 1
-				else
-					return 4
-				fi
-			else
-				return 3
-			fi
-			;;
-		*)
-			report_bug "Unknown return code from fail2ban."
-	esac
 }
 
 #
@@ -182,10 +196,17 @@ case "$1" in
 		do_status
 		case $? in
 			0)  log_success_msg " $NAME is running" ;;
-			1)  log_failure_msg " $NAME is not running but $SOCKFILE exists" ;;
+			255)
-			3)  log_warning_msg " $NAME is not running" ;;
+				check_socket
-			4)  log_failure_msg " $SOCKFILE not readable, status of $NAME unknown";;
+				case $? in
-			*)  report_bug "Unknown status code"
+					1)  log_warning_msg " $NAME is not running" ;;
+					0)  log_failure_msg " $NAME is not running but $SOCKFILE exists" ;;
+					2)  log_failure_msg " $SOCKFILE not readable, status of $NAME is unknown";;
+					3)  log_failure_msg " $SOCKFILE exists but not a socket, status of $NAME is unknown";;
+					*)  report_bug "Unknown return code from $NAME:check_socket.";;
+				esac
+				;;
+			*)  report_bug "Unknown $NAME status code"
 		esac
 		;;
 	*)

debian/jail.conf

@@ -38,28 +38,31 @@ destemail = root@localhost
 #
 
 # Default banning action (e.g. iptables, iptables-new,
-# iptables-multiport, etc) It is used to define action_* variables. Can
+# iptables-multiport, shorewall, etc) It is used to define 
-# be overriden globally or per section within jail.local file
+# action_* variables. Can be overriden globally or per 
+# section within jail.local file
 banaction = iptables
 
+
+#
+# Action shortcuts. To be used to define action parameter
+
 # The simplest action to take: ban only
-action_i = %(banaction)s[name=%(__name__)s, port="%(port)s"]
+action_ = %(banaction)s[name=%(__name__)s, port="%(port)s"]
 
-# Following actions can be chosen as an alternatives to the above action.
+# ban & send an e-mail with whois report to the destemail.
-
+action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s"]
-# Action to take: ban & send an e-mail with whois report to the destemail.
-action_i_mw = %(banaction)s[name=%(__name__)s, port="%(port)s"]
               mail-whois[name=%(__name__)s, dest="%(destemail)s"]
 
-# Action to take: ban & send an e-mail with whois report 
+# ban & send an e-mail with whois report and relevant log lines
-# and relevant log lines to the destemail.
+# to the destemail.
-action_i_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s"]
+action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s"]
                mail-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s]
  
 # Choose default action.  To change, just override value of 'action' with the
-# chosen action (e.g.  action_i_mw, action_i_mwl, etc) in jail.local
+# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
-# globally (section [DEFAULT]) or per specific section (e.g. ssh)
+# globally (section [DEFAULT]) or per specific section 
-action = action_i
+action = %(action_)s
 
 #
 # JAILS