#! /bin/sh ### BEGIN INIT INFO # Provides: fwknop-server # Required-Start: $local_fs $remote_fs $syslog $network # Required-Stop: $local_fs $remote_fs $syslog $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: start and stop fwknopd # Description: Fwknop implements an authorization scheme known as \ # Single Packet Authorization (SPA) for Linux systems \ # running iptables. ### END INIT INFO # Author: Franck Joncourt PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="FireWall KNock OPerator" NAME=fwknopd DAEMON=/usr/sbin/$NAME PIDDIR=/var/run/fwknop SCRIPTNAME=/etc/init.d/fwknop-server # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Load user options to pass to fwknopd daemon START_DAEMON="no" DAEMON_ARGS="" [ -r /etc/default/fwknop-server ] && . /etc/default/fwknop-server # Exit if the dameon must not be started [ "$START_DAEMON" = "yes" ] || exit 0 # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions ## # Function that checks if all of the configuration files exist # # @return status # 0 : all of the configuration files exist # 6 : at least one file is missing ## check_config() { local retval local file_list retval=0 file_list="/etc/fwknop/access.conf /etc/fwknop/fwknopd.conf" for ConfFile in $file_list; do if [ ! -f "$ConfFile" ]; then retval=6 break fi done return $retval } ## # Function that starts the daemon/service # # @return status # 0 : daemon has been started or was already running # 1 : generic or unspecified errors (could not be started) # 6 : program is not configured (missing configuration files) ## do_start() { local retval mkdir -p $PIDDIR chmod 755 $PIDDIR # Check fwknopd configuration check_config retval=$? # Try to start fwknopd if [ "$retval" = "0" ]; then start-stop-daemon --start --quiet --pidfile $PIDDIR/$NAME --exec $DAEMON -- $DAEMON_ARGS retval="$?" fi # Handle return status codes case "$retval" in 0) ;; 6) log_action_msg "You are missing the configuration file $ConfFile." || true ;; 9) retval=0 ;; *) retval=1 log_action_msg "Unable to start the daemon." || true ;; esac log_daemon_msg "Starting $DESC" "$NAME" || true log_end_msg $retval || true return $retval } ## # Function that stops the daemon/service # # @return status # 0 : daemon has been stopped or was already stopped # 1 : daemon could not be stopped ## do_stop() { local retval="0" local status kill_status local pid pidfile local process_list="fwknopd" # For each process for process in $process_list; do pidfile="$PIDDIR/$process.pid" status="0" kill_status="1" # Try to kill the process associated to the pid if [ -r "$pidfile" ]; then pid=`cat "$pidfile" 2>/dev/null` kill -0 "${pid:-}" 2>/dev/null kill_status="$?" fi # Stop the process if [ "$kill_status" = "0" ]; then start-stop-daemon --stop --oknodo --quiet --pidfile "$pidfile" status="$?" fi # Remove its pid file if [ -r "$pidfile" ] && [ "$status" = "0" ]; then rm -f "$pidfile" 2>/dev/null status="$?" fi [ "$status" = "0" ] || retval="1" done if [ "$retval" != "0" ]; then log_action_msg "The process could not be stopped" || true fi log_daemon_msg "Stopping $DESC" "$NAME" || true log_end_msg $retval || true return $retval } ## # Function that returns the daemon status ## do_status() { echo "Status of $DESC:" $DAEMON -S } case "$1" in start) do_start ;; stop) do_stop ;; restart|force-reload) do_stop sleep 1 do_start ;; status) do_status exit $? ;; *) log_success_msg "Usage: $0 {start|stop|restart|status}" >&2 exit 1 ;; esac exit