diff options
| author | Michael Orlitzky <michael@orlitzky.com> | 2018-07-15 17:02:25 -0400 |
|---|---|---|
| committer | Michael Orlitzky <michael@orlitzky.com> | 2021-05-14 07:50:34 -0400 |
| commit | 4d2841832cc3b38175bd0f0c3e6b8e143b5a0426 (patch) | |
| tree | c7ba21ccd7553fdd400fcf70c1b579cc81e09f33 /files | |
| parent | 87e9cff065c9add436e4a9488239a89835b1bc48 (diff) | |
| download | fail2ban-4d2841832cc3b38175bd0f0c3e6b8e143b5a0426.tar.gz | |
files/fail2ban-openrc.init.in: don't restart() with a broken config.
This commit adds a new function checkconfig() to the OpenRC service
script. All it does is run the server with the "--test" flag in
addition to the usual command-line arguments.
The new command is not user-facing, but lets us avoid restarting the
daemon with a broken config. That helps when the user changes his
configuration while the daemon is running, and then tries to restart()
not knowing that the new config is broken. A priori, we would stop the
daemon and then the error would only become visible when the subsequent
start() command failed. Refusing to stop() with a broken configuration
is a nicer thing to do.
Diffstat (limited to 'files')
| -rwxr-xr-x | files/fail2ban-openrc.init.in | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/files/fail2ban-openrc.init.in b/files/fail2ban-openrc.init.in index ad977274..20465254 100755 --- a/files/fail2ban-openrc.init.in +++ b/files/fail2ban-openrc.init.in @@ -43,14 +43,39 @@ depend() { after iptables } +checkconfig() { + "${command}" ${command_args} --test +} + start_pre() { + # If this isn't a restart, make sure that the user's config isn't + # busted before we try to start the daemon (this will produce + # better error messages than if we just try to start it blindly). + # + # If, on the other hand, this *is* a restart, then the stop_pre + # action will have ensured that the config is usable and we don't + # need to do that again. + if [ "${RC_CMD}" != "restart" ] ; then + checkconfig || return $? + fi checkpath -d "${FAIL2BAN_RUNDIR}" } +stop_pre() { + # If this is a restart, check to make sure the user's config + # isn't busted before we stop the running daemon. + if [ "${RC_CMD}" = "restart" ] ; then + checkconfig || return $? + fi +} + reload() { # The fail2ban-client uses an undocumented protocol to tell # the server to reload(), so we have to use it here rather - # than e.g. sending a signal to the server daemon. + # than e.g. sending a signal to the server daemon. Note that + # the reload will fail (on the server side) if the new config + # is invalid; we therefore don't need to test it ourselves + # with checkconfig() before initiating the reload. ebegin "Reloading ${RC_SVCNAME}" "@BINDIR@/fail2ban-client" ${command_args} reload eend $? "Failed to reload ${RC_SVCNAME}" |