Commit Graph

142 Commits (9d3699f296f3fac37dd44786cf3e59a96a8dbe83)

Author SHA1 Message Date
sebres 932708de9e fixed --pidfile bug, introduced in gh-1322:
gentoo-initd fixed --pidfile bug: `--pidfile` is option of start-stop-daemon, not argument of fail2ban (see gh-1434)
closes gh-1434
2016-05-20 11:01:00 +02:00
Alexey Korepanov 5773eb71b8 ensure /var/run/fail2ban is created in systemd service file 2016-04-12 21:20:19 +01:00
Jack Suter fb779a78c5 gentoo-initd: Use start-stop-daemon in order to handle crashes better
Currently, if fail2ban is killed (or crashes), its status will be
reported by '/etc/init.d/fail2ban status' as 'running' even though it
is not. Attempting to restart the service also fails, because Gentoo
unsuccessfully tries to stop the service.

By using start-stop-daemon and providing a pidfile, Gentoo will
instead report the status as 'crashed' and allow the service to be
restarted as normal.
2016-02-16 01:46:27 -05:00
Yaroslav Halchenko 3dc57af19c Merge branch 'logrotate' of https://github.com/sbraz/fail2ban
* 'logrotate' of https://github.com/sbraz/fail2ban:
  Remove compression and count from logrotate
2016-02-10 18:41:01 -05:00
Louis Sautier 869d99dd37
Remove compression and count from logrotate
Initially reported at https://bugs.gentoo.org/show_bug.cgi?id=549856
2016-01-29 00:15:48 +01:00
Louis Sautier 294a7790a9
gentoo-initd: do not hide useful output
Gentoo applies a patch for this: https://bugs.gentoo.org/show_bug.cgi?id=536320
2016-01-28 23:40:36 +01:00
Yaroslav Halchenko 9f15d02910 Merge pull request #1251 from fastest963/master
Added PartOf to service file so f2b restarts when deps do
2015-12-18 09:21:43 -05:00
sarneaud 5b88a84fe8 Small fixes for Gentoo initd script
These fixes are pretty pedantic, but they do simplify the script a
little.

* Checking the existence of a file/directory before creating/deleting
  it adds complexity and raciness.  There are better options.
* mkdir -p does the job of making sure a directory exists.  (It only
  fails if there's a filesystem error or something.)
* Likewise, rm -f doesn't fail if the file doesn't exist.
* rm -r isn't neccessary because the socket shouldn't be a directory.
  (If it is for some reason, that should be an error.)
2015-11-28 15:03:09 +11:00
James Hartig 9905396eb8 Added PartOf to service file so f2b restarts when deps do 2015-11-11 23:10:35 -05:00
Paul Menzel 078e2048f2 files: Strip trailing whitespace from files
Run the command `StripWhitespace` from the [Vim Better Whitespace
Plugin](https://github.com/ntpeters/vim-better-whitespace).
2015-10-08 16:18:08 +02:00
Ville Skyttä 67a94733a9 logrotate: Do not rotate empty logs
As a useful side effect, prevents "Unable to contact server. Is it
running?" mails from cron when fail2ban hasn't been (intentionally)
running nor thus logging anything either.
2015-09-13 11:05:33 +03:00
Ville Skyttä 63c7ceb81d logrotate: Remove outdated Fedora comment 2015-09-13 10:57:51 +03:00
Edward Beckett 03460d5ed0 Update gen_badbots
Added plus char to the regex for escaping user-agent strings.
2015-09-06 01:05:52 -04:00
Yaroslav Halchenko c96415da27 added $named and ufw to debian-initd (Debian bug #776572) 2015-01-29 08:32:20 -05:00
Yaroslav Halchenko d65c4f8f5d moved debian's initd file to files/debian-initd from debian branch 2014-12-30 16:45:35 -05:00
Viktor Szépe 971c3d93fe Monit config
Copy it to `/etc/monit/monitrc.d/fail2ban`
More info: https://github.com/szepeviktor/debian-server-tools/blob/master/monitoring/monit/monit-debian-setup.sh#L113
2014-12-24 14:45:48 +01:00
Yaroslav Halchenko caa851e5c8 RF: moving logwatch setup/sample logs under files/logwatch 2014-09-14 09:48:14 -04:00
Yaroslav Halchenko 2a51a0176a BF: minor type for delignoreregex in bash completions 2014-06-10 03:42:07 -04:00
Cameron Norman 2a14e48f0b A few final touches on the Upstart job
(a) use static-network-up, since it is more generic than the started networking event
(b) do not hook into network deconfiguration to speed up shutdown
(c) expect fork, per the use of the "-f" option
(d) use a variable for the run directory to make changing it simpler
(e) handle the situation of a left over socket file
(f) use the -f option to be able to track the PID
2014-04-22 21:55:51 -07:00
Cameron Norman 39ad5b7474 Update Upstart job: uses stop command in pre-stop, removes PID file in post-stop 2014-04-19 15:10:19 -07:00
Cameron Norman 0ef5027234 Change Upstart job to track PID of the server
This only works correctly if the client does not fork itself when starting the server (which forks twice further).
2014-04-19 14:12:20 -07:00
Cameron Norman 0c8e72f452 Update fail2ban.upstart
No longer directly exec the server, do not remove the PID file because it is unnecessary to do so. No longer respawns because Upstart can not track the process with the starter command.
2014-04-11 17:09:08 -07:00
Cameron Norman 4115b62a01 Update fail2ban.upstart
It was actually a little problematic :)
2014-04-11 16:49:56 -07:00
Cameron Norman 5e3f5db8b7 Create fail2ban.upstart
Add Upstart job.
2014-04-11 08:50:55 -07:00
Ruben Kerkhof ebed0d23c9 Add documentation link to systemd service file
So systemctl help fail2ban.service works

Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
2014-03-24 14:20:49 +00:00
Steven Hiscocks c7c203964c ENH: Add iptables and firewalld to "After" for systemd service file.
Also remove no longer supported syslog.target.
Closes #658
2014-03-22 17:28:49 +00:00
Steven Hiscocks a9b9c6ea03 Merge branch 'logging' into 0.9
Conflicts:
	fail2ban/server/actions.py
                jail getName()->name
	fail2ban/server/filter.py
                jail getName()->name
2014-02-23 23:03:56 +00:00
Steven Hiscocks 212d05dc0b ENH: Add action elements to bash-completion 2014-02-22 16:57:21 +00:00
Steven Hiscocks 5630c56c75 ENH: Change logging levels and make info more verbose 2014-02-20 23:01:40 +00:00
Daniel Black 3ee6e993c6 MRG: merge ChangeLog for nagios fix 2014-01-06 22:09:10 +11:00
alasdairdc 5428f5bbc3 Update check_fail2ban
Removed unnecessary reference to as yet undeclared $jail_name when checking a specific jail.
2014-01-06 10:43:32 +00:00
Daniel Black b5b581555c BF: nagios fix 2014-01-03 19:56:49 +11:00
alasdairdc 2e5a2b26fb Updated check_fail2ban to return performance data for all jails and applied to specific jail code 2013-12-17 17:48:19 +00:00
alasdairdc 5f623596ee Updated check_fail2ban to return performance data for all jails
Allows perf data from all jails to enable pnp4nagios to display a chart per jail when run with the command:
check_fail2ban -p -w 1 -c 5 -P /usr/bin/fail2ban-client

sample output:
CHECK FAIL2BAN ACTIVITY - CRITICAL - 9 detected jails with 5 current banned IP(s) | apache-noscript.currentBannedIP=0 sendmail.currentBannedIP=0 postfix.currentBannedIP=0 ssh-probe.currentBannedIP=3 ssh-ddos.currentBannedIP=0 apache-multiport.currentBannedIP=0 apache.currentBannedIP=0 ssh.currentBannedIP=2 apache-overflows.currentBannedIP=0
2013-12-17 17:45:50 +00:00
Daniel Black e30c80e468 Merge pull request #478 from grooverdan/fedora-initscript-fix
BF: files/redhat-initd from upstream
2013-12-08 15:00:43 -08:00
Daniel Black 008952035d BF: files/redhat-initd - as per http://pkgs.fedoraproject.org/cgit/fail2ban.git/tree/fail2ban-init.patch 2013-12-06 08:08:11 +11:00
Daniel Black b5d6310d28 BF: create flushlogs command to prevent logrotation clobbering logtarget. Closes gh-458 2013-12-04 20:51:30 +11:00
Yaroslav Halchenko 6f321068f1 NF: gen_badbots script to (re)generate/update config/filter.d/apache-badbots.conf 2013-11-07 14:25:57 -08:00
Yaroslav Halchenko f1487bfb74 Merge pull request #240 from jpmx/master
bug fixed on redhat-initd

per @opoplawski  blessing
2013-08-31 06:57:42 -07:00
Orion Poplawski 67497db6e5 Change /tmp/fail2ban.sock to /var/run/fail2ban/fail2ban.sock 2013-08-08 20:28:55 -06:00
JP Espinosa 32b271c36e Update redhat-initd
- Using `-x` to remove previous socket on start
- Using Should- to wait for iptables and wrappers
2013-06-03 12:34:47 -04:00
JP Espinosa 3736d7ddbf Rewrite to use native init.d functions
- There was a bug with the old "getpid" function, when running linux containers you can see multiple fail2ban instances on hardware node and could stop one on a random virtual environment
- Added reload and status options
2013-06-03 06:29:36 -05:00
Yaroslav Halchenko 374e7c6fc9 Merge pull request #208 from grooverdan/opensuse_init
Opensuse init -- from stock suse distribution
2013-05-29 06:54:25 -07:00
Yaroslav Halchenko 746c7d990e Merge pull request #217 from kwirk/bash-completion
NF: bash-completion
2013-05-08 07:03:09 -07:00
Steven Hiscocks 95726b3976 DOC: Drop sudo from bash-completion 2013-05-06 20:37:58 +01:00
Steven Hiscocks 92dff6d645 DOC: Added bash-completion script 2013-05-06 20:17:26 +01:00
Yaroslav Halchenko 2143cdff39 Merge: opensolaris docs/fixes, no 'sed -i' in hostsdeny, sshd regex tuneups
Origin: from https://github.com/jamesstout/fail2ban

* 'OpenSolaris' of https://github.com/jamesstout/fail2ban:
  ENH: Removed unused log line
  BF: fail2ban.local needs section headers
  ENH: Use .local config files for logtarget and jail
  ENH+TST: ssh failure messages for OpenSolaris and OS X
  ENH: fail message matching for OpenSolaris and OS X
  ENH: extra daemon info regex
  ENH: actionunban back to a sed command
  Readme for config on Solaris
  create socket/pid dir if needed
  Extra patterns for Solaris
  change sed to perl for Solaris

Conflicts:
	config/filter.d/sshd.conf
2013-05-06 11:11:12 -04:00
Yaroslav Halchenko b8777c033d Merge pull request #211 from grooverdan/logrotate
ENH: basic logrotate based on what distros are doing
2013-05-06 07:50:17 -07:00
Daniel Black 8b8c720d07 ENH: logrotate file 2013-05-03 17:16:42 +10:00
Daniel Black 13c154198f ENH: since it seems the default is to use file based logging, $syslog is in Should-{Start|Stop} like Debian https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.init 2013-05-03 16:56:30 +10:00
Daniel Black 28f5d7b980 ENH: opensuse script from opensuse: https://build.opensuse.org/package/view_file?expand=1&file=fail2ban.init&package=fail2ban&project=openSUSE%3AFactory 2013-05-03 16:53:03 +10:00
Daniel Black 495f2dd877 DOC: purge of svn tags 2013-05-03 16:03:38 +10:00
jamesstout 578a8998c6 create socket/pid dir if needed
Also remove any lingering sockets
2013-04-21 07:30:52 +08:00
Yaroslav Halchenko 82e2fc34eb Merge branch 'systemd' of https://github.com/opoplawski/fail2ban
Just two files to enable fail2ban within systemd:

 files/fail2ban-tmpfiles.conf |  1 +
 files/fail2ban.service       | 14 ++++++++++++++

* 'systemd' of https://github.com/opoplawski/fail2ban:
  Add After, PIDFile, and change WantedBy to multi-user.target in fail2ban.server
  Add systemd unit file and tmpfiles.d configuration files
2013-04-17 11:40:03 -04:00
Orion Poplawski ddebcab9aa Add After, PIDFile, and change WantedBy to multi-user.target in fail2ban.server 2013-04-17 09:27:06 -06:00
Erwan Ben Souiden 44736035bd change the license to GPLv2 + adapat text 2013-04-02 09:49:44 +02:00
Erwan Ben Souiden c4d92fba71 fix the script name to check_fail2ban everywhere 2013-03-26 16:08:05 +01:00
Erwan Ben Souiden d7d5228964 Replace the check_fail2ban script by a new one which respects the Nagios specs (like status, output, perfdata, help...).
Also add a README which includes the content of f2ban.txt (which is now removed)
2013-03-26 15:55:26 +01:00
Orion Poplawski ed386dfe07 Add systemd unit file and tmpfiles.d configuration files 2013-03-15 14:37:11 -06:00
Daniel Black 00ad4d56a7 FSF address changes missing from previous 2013-03-10 15:18:09 +11:00
Yaroslav Halchenko 47e956bc8e Replace "|" with "_" in ipmasq-ZZZzzz|fail2ban.rul (Closes gh-66)
Surprise -- that is for Windows compatibility
2012-07-18 10:29:59 -04:00
Jeremy Olexa 444e4ac3ed Fix Gentoo initd script (drop extra_commands) 2012-04-21 22:24:51 -04:00
Tom Hendrikx 0eaa4c2750 gentoo init scipt: $opts variable is deprecated
See http://forums.gentoo.org/viewtopic-t-899018.html
2012-01-26 23:41:55 +01:00
Leonardo Chiquitto a7d47e8b36 Update Free Software Foundation's address
The address has changed from "59 Temple Place, Suite 330, Boston,
MA  02111-1307  USA" to "51 Franklin Street, Fifth Floor, Boston,
MA  02110-1301, USA" some time ago.
2011-12-30 12:41:46 -05:00
Lee Clemens 47c03a2c13 files/nagios - spelling/grammar fixes 2011-12-26 12:49:47 -05:00
Michael Lorant c48c2b19a0 BF: gentoo-initd assure /var/run dir + remove stale sock file
Gentoo  Bug #347477
Picked up from

http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/gentoo-initd_create_run_dir.patch?view=markup
2011-11-18 14:51:08 -05:00
Robert Trace 5812abb987 ENH: Remove obsolete code from gentoo init script. Bug gentoo#367819.
Picked up from
http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-0.8.4-gentoo-init.patch\?view\=markup
2011-11-18 14:28:23 -05:00
Yaroslav Halchenko fceff2d5b9 moving log samples under testcases/files 2011-11-18 11:57:20 -05:00
Yaroslav Halchenko b9a6b622cc Adding log samples accumulated in Debian branch 2011-11-18 11:55:46 -05:00
Yaroslav Halchenko aa0024db00 BF: removing minor bashism in ipmasq example file (closes: #530078). Thanks Raphael Geissert 2011-11-18 11:51:59 -05:00
Yaroslav Halchenko 713fea6371 Added ipmasq rule file to restart fail2ban when iptables are wiped out (closes: #461417). Thanks Guido Bozzetto 2011-11-18 11:51:59 -05:00
Yaroslav Halchenko 02be7d03b2 BF: use standard/reserved example.com instead of mail.com
Adapted from fail2ban-0.8.4-examplemail.patch in Fedora:
http://sophie.zarb.org/sources/fail2ban/fail2ban-0.8.4-examplemail.patch

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@777 a942ae1a-1317-0410-a47c-b1dcaea8d605
2011-05-07 03:16:40 +00:00
Cyril Jaquier 756cfcda5f - Added nagios script. Thanks to Sebastian Mueller.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@721 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-27 22:58:29 +00:00
Cyril Jaquier 97f48991a2 - Remove socket file on startup is fail2ban crashed. Thanks to Detlef Reichelt.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@718 a942ae1a-1317-0410-a47c-b1dcaea8d605
2009-01-20 21:24:33 +00:00
Cyril Jaquier 19d251d785 - Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@679 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-10 22:39:40 +00:00
Cyril Jaquier 402cdeab5e - Updated e-mail
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@672 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-05 23:18:06 +00:00
Cyril Jaquier c79e9ecec5 - Added Mac OS/X startup script. Thanks to Bill Heaton.
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@654 a942ae1a-1317-0410-a47c-b1dcaea8d605
2008-03-04 00:10:30 +00:00
Cyril Jaquier 2816bca55b - Tightening up the pid check in redhat-initd. Thanks to David Nutter
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@599 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-11 22:12:45 +00:00
Cyril Jaquier 568264d6c7 - Updated suse-initd and added it to MANIFEST. Thanks to Christian Rauch
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@597 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-07-10 20:04:57 +00:00
Cyril Jaquier a4c9798b18 - Added Solaris 10 files. Thanks to Hanno 'Rince' Wagner
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@575 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-05-03 20:03:13 +00:00
Cyril Jaquier 1e767cd8e3 - Fixed RedHat init script. Thanks to Jonathan Underwood
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@574 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-05-01 22:42:10 +00:00
Cyril Jaquier a85f562855 - Updated Gentoo script. Thanks to Raphaël Marichez
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@559 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-03-13 23:18:54 +00:00
Cyril Jaquier 3803150e6e - Added Suse init script and modified gentoo-initd. Thanks to Christian Rauch
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@550 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-20 20:44:47 +00:00
Cyril Jaquier 13967efa0f - Added y-label
- Changed per second with per 5 minutes

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@541 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-08 19:26:00 +00:00
Cyril Jaquier 51f57506d4 - Added cacti template and partial README
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@539 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-02-07 23:10:47 +00:00
Cyril Jaquier 54ef4ef33b - Added initial cacti script. Still needs testing, template, etc
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@527 a942ae1a-1317-0410-a47c-b1dcaea8d605
2007-01-29 20:25:50 +00:00
Cyril Jaquier b02394fd23 - Fixed restart. Wait for the server to shutdown
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@491 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-17 22:32:40 +00:00
Cyril Jaquier 9539012e13 - Added a "sleep 1". Thanks to Jim Wight
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@482 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-10 16:37:22 +00:00
Cyril Jaquier 159ecbc567 - Fixed RedHat init script. Thanks to Justin Shore
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@476 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-12-03 21:58:48 +00:00
Cyril Jaquier e8c656b5ff - Added svn:executable
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@445 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-11-01 22:08:03 +00:00
Cyril Jaquier e28fec6d5d - Added Fedora/RedHat initd script. Thanks to Tyler
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@408 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-10-14 14:35:46 +00:00
Cyril Jaquier 2ff4d50d97 - Added Gentoo init.d script
git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@303 a942ae1a-1317-0410-a47c-b1dcaea8d605
2006-08-23 20:56:07 +00:00