#! /bin/sh
#
###########################################################################
#                                                                         #
# /etc/init.d/sshsentry   v4.1.0   LSB compliant Initscript               #
#                                                                         #
# This file is part of the sshsentry software package.                    #
#                                                                         #
# Copyright (C) 2006 - 2012 Andreas Stempfhuber <andi@afulinux.de>        #
#                                                                         #
# This program is free software: you can redistribute it and/or modify    #
# it under the terms of the GNU General Public License as published by    #
# the Free Software Foundation, either version 3 of the License, or       #
# (at your option) any later version.                                     #
#                                                                         #
# This program is distributed in the hope that it will be useful,         #
# but WITHOUT ANY WARRANTY; without even the implied warranty of          #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the           #
# GNU General Public License for more details.                            #
#                                                                         #
# You should have received a copy of the GNU General Public License       #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.   #
#                                                                         #
###########################################################################

### BEGIN INIT INFO
# Provides:          sshsentry
# Required-Start:    $remote_fs $network $syslog
# Required-Stop:     $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Blacklist hosts on repeated failed SSH login attempts
# Description:       The purpose of sshsentry is to monitor the authentication
#                    log, detect repeated failed SSH login attempts and
#                    blacklist the hosts whence such attempts originate.
### END INIT INFO

# DO NOT modify the settings below. Use /etc/default/sshsentry for
# customization.
DESC="SSH Sentry Daemon"
NAME=sshsentry
DAEMON=(DESTDIR)/$NAME
DAEMON_ARGS=""
DAEMON_NICE=0
DAEMON_TIMEOUT=20
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# PATH restrictions
PATH=/sbin:/usr/sbin:/bin:/usr/bin

# Exit if daemon is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load LSB functions
# (on Debian depend on lsb-base (>= 3.0-6) to ensure that this file is present)
if [ -r /lib/lsb/init-functions ]; then
	. /lib/lsb/init-functions
else
	echo "LSB init functions '/lib/lsb/init-functions' missing!"
	exit 1
fi

#
# Helper log functions (for non-Debian based systems)
#
if ! type log_daemon_msg >/dev/null 2>&1 ||
   ! type log_end_msg >/dev/null 2>&1; then

	# int log_daemon_msg (char *message char *daemon_name)
	log_daemon_msg ()
	{
		[ -z "${1:-}" ] && return 1
		echo -n "$1:"
		[ "${2:-}" ] && echo -n " $2"
	}

	# int log_end_msg (int lsb_exitstatus)
	log_end_msg ()
	{
		[ -z "${1:-}" ] && return 1

		case "$1" in
		    0)
			log_success_msg "."
			;;
		    255)
			log_warning_msg
			;;
		    *)
			log_failure_msg
			;;
		esac

		return $1
	}
fi

#
# Function that starts the daemon
#
do_start()
{
	# Return
	#   0 if daemon has been started
	#   1 if daemon was already running
	#   2 if daemon could not be started

	# Check if daemon is already running
	pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null && return 1

	# Remove old PID file if still exist
	rm -f "$PIDFILE"

	# CD to / directory
	cd /

	# Start daemon
	start_daemon -n ${DAEMON_NICE:-0} -p "$PIDFILE" "$DAEMON" -p \
		"$PIDFILE" $DAEMON_ARGS

	# Check if daemon is running
	if ! pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
		rm -f "$PIDFILE"
		return 2
	fi
}

#
# Function that stops the daemon
#
do_stop()
{
	# Return
	#   0 if daemon has been stopped
	#   1 if daemon was already stopped
	#   2 if daemon could not be stopped
	#   other if a failure occurred

	# Check if daemon is running
	if ! pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
		# Daemon not running
		rm -f "$PIDFILE"
		return 1
	fi

	# Stop daemon
	if killproc -p "$PIDFILE" "$DAEMON" -TERM; then
		# Wait still daemon has been stopped or timeout is reached
		local seconds=${DAEMON_TIMEOUT:-20}
		while pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null &&
		      [ $seconds -gt 0 ]; do
			sleep 1
			seconds=$(($seconds-1))
		done
	fi

	if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
		# Daemon is sill running, send SIGKILL
		killproc -p "$PIDFILE" "$DAEMON" -KILL
		# Wait still daemon has been stopped or timeout is reached
		local seconds=$((${DAEMON_TIMEOUT:-20}/5))
		while pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null &&
		      [ $seconds -gt 0 ]; do
			sleep 1
			seconds=$(($seconds-1))
		done

		if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
			# Daemon could not be stopped
			return 2
		fi
	fi

	# Daemon has been stopped, delete old PID file
	rm -f "$PIDFILE"
}

case "$1" in
    start)
	log_daemon_msg "Starting $DESC" "$NAME"
	do_start
	case "$?" in
	    0) log_end_msg 0 ;;
	    1) log_warning_msg ", already running" ;;
	    2) log_end_msg 1 ;;
	esac
	;;
    stop)
	log_daemon_msg "Stopping $DESC" "$NAME"
	do_stop
	case "$?" in
	    0) log_end_msg 0 ;;
	    1) log_warning_msg ", not running" ;;
	    2) log_end_msg 1 ;;
	esac
	;;
    restart|force-reload)
	log_daemon_msg "Restarting $DESC" "$NAME"
	do_stop
	case "$?" in
	    0|1)
		do_start
		case "$?" in
		    0) log_end_msg 0 ;;
		    1) log_end_msg 1 ;; # Old process is still running
		    *) log_end_msg 1 ;; # Failed to start
		esac
		;;
	    *)
		log_end_msg 1	# Failed to stop
		;;
	esac
	;;
    status)
	if pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
		log_success_msg "$NAME is running"
		exit 0
	elif [ -e "$PIDFILE" ]; then
		log_failure_msg "$NAME is not running but PID file exists"
		exit 1
	else
		log_failure_msg "$NAME is not running"
		exit 3
	fi
	;;
    audit)
	if [ -e "$PIDFILE" ] && \
	   ! pidofproc -p "$PIDFILE" "$DAEMON" >/dev/null; then
		log_failure_msg "$DESC terminated unintentionally"
		log_daemon_msg "Starting $DESC" "$NAME"
		do_start
		case "$?" in
		    0) log_end_msg 0 ;;
		    1) log_warning_msg ", already running" ;;
		    2) log_end_msg 1 ;;
		esac
	fi
	;;

    *)
	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status|audit}" >&2
	exit 3
	;;
esac
