#!/bin/bash
#
# denyhosts     This shell script starts the denyhosts daemon OR enables the
#               denyhosts cron job depending upon whether DAEMON = yes in 
#               /etc/sysconfig/denyhosts
#
# Author:       Seth Vidal <skvidal@phy.duke.edu> (original script)
#               Jason Tibbitts <tibbs@math.uh.edu> (denyhost changes)
#
# chkconfig:    - 85 35
#
# description:  Enable execution of denyhosts, an SSH log watcher
# processname:  denyhosts
# config:       /etc/denyhosts.cfg
#
### BEGIN INIT INFO
# Provides:          denyhosts
# Required-Start:    $syslog smtpdaemon
# Short-Description: Enable execution of denyhosts, an SSH log watcher
# Description:       DenyHosts is a Python script that analyzes the sshd server
#                    log messages to determine which hosts are attempting to
#                    hack into your system. It also determines what user
#                    accounts are being targeted. It keeps track of the
#                    frequency of attempts from each host and, upon discovering
#                    a repeated attack host, updates the /etc/hosts.deny file
#                    to prevent future break-in attempts from that host.  Email
#                    reports can be sent to a system admin.
### END INIT INFO

# source function library
. /etc/rc.d/init.d/functions

# Make sure HOSTNAME is in the environment so denyhosts can
# use it in report subjects
HOSTNAME=$(hostname)
export HOSTNAME

CRONLOCK=/var/lock/subsys/denyhosts.init
LOCKFILE=/var/lock/subsys/denyhosts

DHOSTS=/usr/bin/denyhosts.py
DOPTS="--daemon --config=/etc/denyhosts.conf"

RETVAL=0

# Determine whether or not denyhosts is to be run as a daemon or periodically
# by cron
[ -f /etc/sysconfig/denyhosts ] && . /etc/sysconfig/denyhosts


# cron service functions
c_start() {
    echo -n $"Enabling denyhosts cron service: "
    touch "$CRONLOCK" && success || failure
    RETVAL=$?
    echo
}

c_stop() {
    echo -n $"Disabling denyhosts cron service: "
    rm -f "$CRONLOCK" && success || failure
    RETVAL=$?
    echo
}

c_restart() {
    c_stop
    c_start
}

c_condrestart() {
    [ -f "$CRONLOCK" ] && c_restart
}

c_status() {
    if [ -f $CRONLOCK ]; then
        echo $"denyhosts cron service is enabled."
        RETVAL=0
    else
        echo $"denyhosts cron service is disabled."
        RETVAL=3
    fi
}

# daemon service functions
d_start() { 
    echo -n $"Starting denyhosts: "

    # There may be a stray lockfile; clean it up.
    status -p $LOCKFILE $DHOSTS &> /dev/null
    STATUS=$?
    if [ $STATUS -eq 0 ]; then
        echo -n $"Denyhosts already running."
        failure
        RETVAL=0
    else
        if [ $STATUS -eq 1 ]; then
            echo -n $"Stray lockfile present; removing it."
            rm -f $LOCKFILE
        fi
        daemon $DHOSTS $DOPTS $EXTRA_OPTIONS
        RETVAL=$?
    fi
    echo
}

d_stop() {
    echo -n $"Stopping denyhosts: "

    if [ -f $LOCKFILE ]; then
        killproc -p $LOCKFILE $DHOSTS
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && rm -f $LOCKFILE
    fi
}

# Upstream's control script sleeps here; copy that behavior just in case.
d_restart() {
    d_stop
    sleep 1;
    d_start
}

d_condrestart() {
    [ -f $LOCKFILE ] && d_restart
}

d_status() {
    status -p $LOCKFILE $DHOSTS
    RETVAL=$?
}

case "$1" in
    start)
	if [ $DAEMON = "yes" ]; then 
	    d_start;       
	else 
	    c_start;   
	fi 
	;;
    stop) 
	if [ $DAEMON = "yes" ]; then 
	    d_stop;        
	else 
	    c_stop;    
	fi 
	;;
    restart|force-reload)
	if [ $DAEMON = "yes" ]; then 
	    d_restart;     
	else 
	    c_restart; 
	fi 
	;;
    reload)
	;;
    condrestart)
	if [ $DAEMON = "yes" ]; then 
	    d_condrestart; 
	else 
	    c_restart; 
	fi 
	;;
    status)
	if [ $DAEMON = "yes" ]; then 
	    d_status;      
	else 
	    c_status;  
	fi 
	;;
    *)
	echo $"Usage: $0 {start|stop|status|restart|reload|force-reload|condrestart}"
	exit 1
esac

exit $RETVAL