From 0f2a3a1e328120a273393254d3c2948358a466e1 Mon Sep 17 00:00:00 2001 From: Michael Reber Date: Thu, 4 Dec 2025 19:57:58 +0100 Subject: [PATCH] Add missing banaction_allports setting to update settings function --- internal/config/settings.go | 37 ++++++++++++++++++++++-------- internal/fail2ban/connector_ssh.go | 11 +++++---- 2 files changed, 35 insertions(+), 13 deletions(-) diff --git a/internal/config/settings.go b/internal/config/settings.go index d459c4d..a008d85 100644 --- a/internal/config/settings.go +++ b/internal/config/settings.go @@ -756,13 +756,16 @@ func ensureJailLocalStructure() error { existingContent = string(content) } - // Check if file already has our banner (indicating it's already structured) - hasBanner := strings.Contains(existingContent, "Fail2Ban-UI") || strings.Contains(existingContent, "fail2ban-ui") + // Check if file already has our full banner (indicating it's already properly structured) + // Check for the complete banner pattern with hash line separators + hasFullBanner := strings.Contains(existingContent, "################################################################################") && + strings.Contains(existingContent, "Fail2Ban-UI Managed Configuration") && + strings.Contains(existingContent, "DO NOT EDIT THIS FILE MANUALLY") hasActionMwlg := strings.Contains(existingContent, "action_mwlg") && strings.Contains(existingContent, "ui-custom-action") hasActionOverride := strings.Contains(existingContent, "action = %(action_mwlg)s") // If file is already properly structured, just ensure DEFAULT section is up to date - if hasBanner && hasActionMwlg && hasActionOverride { + if hasFullBanner && hasActionMwlg && hasActionOverride { DebugLog("jail.local already has proper structure, updating DEFAULT section if needed") // Update DEFAULT section values without changing structure return updateJailLocalDefaultSection(settings) @@ -848,14 +851,30 @@ func updateJailLocalDefaultSection(settings AppSettings) error { inDefault := false defaultUpdated := false + // Convert IgnoreIPs array to space-separated string + ignoreIPStr := strings.Join(settings.IgnoreIPs, " ") + if ignoreIPStr == "" { + ignoreIPStr = "127.0.0.1/8 ::1" + } + // Set default banaction values if not set + banaction := settings.Banaction + if banaction == "" { + banaction = "iptables-multiport" + } + banactionAllports := settings.BanactionAllports + if banactionAllports == "" { + banactionAllports = "iptables-allports" + } // Keys to update keysToUpdate := map[string]string{ - "bantime.increment": fmt.Sprintf("bantime.increment = %t", settings.BantimeIncrement), - "ignoreip": fmt.Sprintf("ignoreip = %s", strings.Join(settings.IgnoreIPs, " ")), - "bantime": fmt.Sprintf("bantime = %s", settings.Bantime), - "findtime": fmt.Sprintf("findtime = %s", settings.Findtime), - "maxretry": fmt.Sprintf("maxretry = %d", settings.Maxretry), - "destemail": fmt.Sprintf("destemail = %s", settings.Destemail), + "bantime.increment": fmt.Sprintf("bantime.increment = %t", settings.BantimeIncrement), + "ignoreip": fmt.Sprintf("ignoreip = %s", ignoreIPStr), + "bantime": fmt.Sprintf("bantime = %s", settings.Bantime), + "findtime": fmt.Sprintf("findtime = %s", settings.Findtime), + "maxretry": fmt.Sprintf("maxretry = %d", settings.Maxretry), + "destemail": fmt.Sprintf("destemail = %s", settings.Destemail), + "banaction": fmt.Sprintf("banaction = %s", banaction), + "banaction_allports": fmt.Sprintf("banaction_allports = %s", banactionAllports), } keysUpdated := make(map[string]bool) diff --git a/internal/fail2ban/connector_ssh.go b/internal/fail2ban/connector_ssh.go index d42b132..e813369 100644 --- a/internal/fail2ban/connector_ssh.go +++ b/internal/fail2ban/connector_ssh.go @@ -793,22 +793,23 @@ settings = { 'banaction_allports': banaction_allports_val } -# Check if file already has our banner -has_banner = False +# Check if file already has our full banner (indicating it's already properly structured) +has_full_banner = False has_action_mwlg = False has_action_override = False try: with open(jail_file, 'r') as f: content = f.read() - has_banner = 'Fail2Ban-UI' in content or 'fail2ban-ui' in content + # Check for the complete banner pattern with hash line separators + has_full_banner = '################################################################################' in content and 'Fail2Ban-UI Managed Configuration' in content and 'DO NOT EDIT THIS FILE MANUALLY' in content has_action_mwlg = 'action_mwlg' in content and 'ui-custom-action' in content has_action_override = 'action = %%(action_mwlg)s' in content except FileNotFoundError: pass # If already properly structured, just update DEFAULT section -if has_banner and has_action_mwlg and has_action_override: +if has_full_banner and has_action_mwlg and has_action_override: try: with open(jail_file, 'r') as f: lines = f.readlines() @@ -862,6 +863,8 @@ if has_banner and has_action_mwlg and has_action_override: ('findtime', 'findtime = ' + settings['findtime']), ('maxretry', 'maxretry = ' + str(settings['maxretry'])), ('destemail', 'destemail = ' + settings['destemail']), + ('banaction', 'banaction = ' + settings['banaction']), + ('banaction_allports', 'banaction_allports = ' + settings['banaction_allports']), ]: if key not in keys_updated: for i, output_line in enumerate(output_lines):