#!/bin/sh
#                      /usr/local/bin/undenyhosts
# http://crystalfaeries.net/posix/bin/undenyhosts
# 2010-11-22 22:14:09+00:00 downloaded from usenet
# 2010-11-23 01:48:35+00:00 configured for DebIan
# 2014-06-07 20:16:17+00:00 added e-mail notification equivalent to denyhosts
VERSION='1.1+'	# usenet version + hacks by celeste:crystalfaery

# Unlist an IP address from denyhosts

case $1 in

'')
  echo "undenyhosts $VERSION"
  echo "Usage: undenyhosts <ipaddress>"
;;

*)

  # Set to path to startup script
  # Commonly /etc/init.d/denyhosts
  #RCDENY='/usr/local/etc/rc.d/denyhosts'
  RCDENY='/etc/init.d/denyhosts'

  # Set to path to data dir
  # Commonly /var/lib/denyhosts
  #BEDENY='/usr/local/share/denyhosts/data'
  BEDENY='/var/lib/denyhosts'

  # Set to the full path to the hosts.deny file
  # Commonly /etc/hosts.deny
  #DENY='/etc/hosts.deniedssh'
  DENY='/etc/hosts.deny'

  # Is the IP address actually listed in denyhosts?

  ISDENY=`grep $1 $DENY`
  if [ "$ISDENY" ]; then
     # Stop denyhosts, redirect errors and output to /dev/null
     $RCDENY stop > /dev/null 2>&1
     # Comment out echos for silent output (crontab)
     echo "Purging $1 from $BEDENY, leaving .bak file"
     sed -i.bak "/$1/d" $BEDENY/*
     echo "Purging $1 from $DENY, leaving .bak file"
     sed -i.bak "/$1/d" $DENY

     # Restart denyhosts. Don't redirect output so that
     # any problems restarting it will cause an alert
     $RCDENY start

     mail -s "DenyHosts Report" root@localhost <<- EOF

	Removed the following hosts from /etc/hosts.deny:

	$1

	----------------------------------------------------------------------
	EOF


  else
     # Uncomment if only running from shell
     # Comment for silent output from crontab
     echo "$1 is not listed in $DENY"
  fi

esac

exit