#!/bin/sh
# Initscript template from https://fedoraproject.org/wiki/Packaging:SysVInitScript?rd=Packaging/SysVInitScript#Initscript_template
#
# sshblack Startup script for the sshblack daemon
#
# chkconfig: 2345 84 16
# description: sshblack daemon
### BEGIN INIT INFO
# Provides: sshblack
# Required-Start: $local_fs $network $syslog $time firewalld
# Required-Stop: $local_fs $network $syslog $time
# Short-Description: start and stop sshblack daemon
# Description: sshblack daemon
### END INIT INFO
# Daemon parameter default
OPTIONS=""
# Source function library.
. /etc/rc.d/init.d/functions
# Private sshblack state directory
# In sshblack.pl the CACHE variable should refer to this directory:
# my($CACHE) = '/var/lib/sshblack/ssh-blacklist-pending';
SSHBLACK_HOME=/var/lib/sshblack
if test ! -d $SSHBLACK_HOME
then
echo Creating SSHBLACK_HOME directory $SSHBLACK_HOME
mkdir -v -p $SSHBLACK_HOME
fi
# Restart script restoring BLACKLIST DROP rules
SSHBLACK_RESTART=$SSHBLACK_HOME/restart.sh
exec="/usr/local/sbin/sshblack.pl"
prog="sshblack.pl"
lockfile=/var/lock/subsys/$prog
start() {
[ -x $exec ] || exit 5
# Make sure that BLACKLIST chain has been created before adding rules
firewall-cmd --permanent --direct --add-chain ipv4 filter BLACKLIST
# Make new SSH connections jump to the BLACKLIST chain first
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT_direct 7 -p tcp --dport 22 -m state --state NEW -j BLACKLIST
if test -x $SSHBLACK_RESTART
then
echo Restoring SSHBLACK BLACKLIST rules
cat $SSHBLACK_RESTART
. $SSHBLACK_RESTART
echo List the BLACKLIST rules
iptables -S BLACKLIST
else
echo No SSHBLACK BLACKLIST rules to restore
fi
echo -n $"Starting $prog: "
daemon $exec $OPTIONS
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
stop
sleep 1
start
}
case "$1" in
start)
$1
;;
stop)
$1
;;
restart)
$1
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 2
esac
exit $?