#!/bin/sh
#
# sshguard - Protects hosts from brute-force attacks against SSH and other services
#
# chkconfig:   - 20 80
# description: Sshguard protects hosts from brute-force attacks against SSH \
#              and other services. It aggregates system logs and blocks     \
#              repeat offenders using one of several firewall backends.     \
#                                                                           \
#              Sshguard can read log messages from standard input or        \
#              monitor one or more log files. Log messages are parsed,      \
#              line-by-line, for recognized patterns. If an attack, such as \
#              several login failures within a few seconds, is detected,    \
#              the offending IP is blocked. Offenders are unblocked after a \
#              set interval, but can be semi-permanently banned using the   \
#              blacklist option.

### BEGIN INIT INFO
# Provides: sshguard
# Required-Start: $local_fs $syslog
# Required-Stop: $local_fs $syslog
# Default-Stop: 0 1 6
# Short-Description: Protects hosts from brute-force attacks against SSH and other services
# Description: Sshguard protects hosts from brute-force attacks against SSH and other
#              services. It aggregates system logs and blocks repeat offenders using one of
#              several firewall backends.
#              
#              Sshguard can read log messages from standard input or monitor one or more
#              log files. Log messages are parsed, line-by-line, for recognized patterns.
#              If an attack, such as several login failures within a few seconds, is
#              detected, the offending IP is blocked. Offenders are unblocked after a set
#              interval, but can be semi-permanently banned using the blacklist option.
### END INIT INFO

# Source function library.
. /etc/rc.d/init.d/functions

executable="/usr/sbin/sshguard"
progname="sshguard"
config="/etc/sshguard.conf"
pidfile="/var/run/$progname.pid"
logfile="/var/log/$progname.log"
lockfile="/var/lock/subsys/$progname"

[ -e /etc/sysconfig/$progname ] && . /etc/sysconfig/$progname

start() {
    [ -x $executable ] || exit 5
    [ -f $config ] || exit 6
    echo -n $"Starting $progname: "
    daemon --pidfile $pidfile "$executable -i $pidfile &>> $logfile &"
    retval=$?
    echo
    [ $retval -eq 0 ] && touch $lockfile
    return $retval
}

stop() {
    echo -n $"Stopping $progname: "
    killproc $executable
    retval=$?
    echo
    [ $retval -eq 0 ] && rm -f $lockfile
    return $retval
}

restart() {
    stop
    start
}

reload() {
    restart
}

force_reload() {
    restart
}

rh_status() {
    # run checks to determine if the service is running or use generic status
    status $progname
}

rh_status_q() {
    rh_status >/dev/null 2>&1
}


case "$1" in
    start)
        rh_status_q && exit 0
        $1
        ;;
    stop)
        rh_status_q || exit 0
        $1
        ;;
    restart)
        $1
        ;;
    reload)
        rh_status_q || exit 7
        $1
        ;;
    force-reload)
        force_reload
        ;;
    status)
        rh_status
        ;;
    condrestart|try-restart)
        rh_status_q || exit 0
        restart
        ;;
    *)
        echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
        exit 2
esac
exit $?
