mirror of
https://github.com/swissmakers/fail2ban-ui.git
synced 2026-04-11 13:47:05 +02:00
Dedublicate banner stuff and add missing init-vars for banactions
This commit is contained in:
@@ -132,6 +132,24 @@ const (
|
||||
actionServerIDPlaceholder = "__SERVER_ID__"
|
||||
)
|
||||
|
||||
// jailLocalBanner is the standard banner for jail.local files
|
||||
const jailLocalBanner = `################################################################################
|
||||
# Fail2Ban-UI Managed Configuration
|
||||
#
|
||||
# WARNING: This file is automatically managed by Fail2Ban-UI.
|
||||
# DO NOT EDIT THIS FILE MANUALLY - your changes will be overwritten.
|
||||
#
|
||||
# This file overrides settings from /etc/fail2ban/jail.conf
|
||||
# Custom jail configurations should be placed in /etc/fail2ban/jail.d/
|
||||
################################################################################
|
||||
|
||||
`
|
||||
|
||||
// JailLocalBanner returns the standard banner for jail.local files
|
||||
func JailLocalBanner() string {
|
||||
return jailLocalBanner
|
||||
}
|
||||
|
||||
const fail2banActionTemplate = `[INCLUDES]
|
||||
|
||||
before = sendmail-common.conf
|
||||
@@ -771,18 +789,8 @@ func ensureJailLocalStructure() error {
|
||||
return updateJailLocalDefaultSection(settings)
|
||||
}
|
||||
|
||||
// Build the banner
|
||||
banner := `################################################################################
|
||||
# Fail2Ban-UI Managed Configuration
|
||||
#
|
||||
# WARNING: This file is automatically managed by Fail2Ban-UI.
|
||||
# DO NOT EDIT THIS FILE MANUALLY - your changes will be overwritten.
|
||||
#
|
||||
# This file overrides settings from /etc/fail2ban/jail.conf
|
||||
# Custom jail configurations should be placed in /etc/fail2ban/jail.d/
|
||||
################################################################################
|
||||
|
||||
`
|
||||
// Use the standard banner
|
||||
banner := jailLocalBanner
|
||||
|
||||
// Build [DEFAULT] section
|
||||
// Convert IgnoreIPs array to space-separated string
|
||||
@@ -846,7 +854,8 @@ func updateJailLocalDefaultSection(settings AppSettings) error {
|
||||
return fmt.Errorf("failed to read jail.local: %w", err)
|
||||
}
|
||||
|
||||
lines := strings.Split(string(content), "\n")
|
||||
contentStr := string(content)
|
||||
lines := strings.Split(contentStr, "\n")
|
||||
var outputLines []string
|
||||
inDefault := false
|
||||
defaultUpdated := false
|
||||
@@ -878,9 +887,23 @@ func updateJailLocalDefaultSection(settings AppSettings) error {
|
||||
}
|
||||
keysUpdated := make(map[string]bool)
|
||||
|
||||
// Always add the full banner at the start
|
||||
outputLines = append(outputLines, strings.Split(strings.TrimRight(jailLocalBanner, "\n"), "\n")...)
|
||||
|
||||
// Skip everything before [DEFAULT] section (old banner, comments, empty lines)
|
||||
foundSection := false
|
||||
for _, line := range lines {
|
||||
trimmed := strings.TrimSpace(line)
|
||||
if strings.HasPrefix(trimmed, "[") && strings.HasSuffix(trimmed, "]") {
|
||||
// Found a section - stop skipping and process this line
|
||||
foundSection = true
|
||||
}
|
||||
if !foundSection {
|
||||
// Skip lines before any section (old banner, comments, empty lines)
|
||||
continue
|
||||
}
|
||||
|
||||
// Process lines after we found a section
|
||||
if strings.HasPrefix(trimmed, "[") && strings.HasSuffix(trimmed, "]") {
|
||||
sectionName := strings.Trim(trimmed, "[]")
|
||||
if sectionName == "DEFAULT" {
|
||||
|
||||
@@ -782,6 +782,7 @@ jail_file = '%s'
|
||||
ignore_ip_str = '%s'
|
||||
banaction_val = '%s'
|
||||
banaction_allports_val = '%s'
|
||||
banner_content = """%s"""
|
||||
settings = {
|
||||
'bantime_increment': %t,
|
||||
'ignoreip': ignore_ip_str,
|
||||
@@ -816,13 +817,23 @@ if has_full_banner and has_action_mwlg and has_action_override:
|
||||
except FileNotFoundError:
|
||||
lines = []
|
||||
|
||||
# Always add the full banner at the start
|
||||
output_lines = []
|
||||
in_default = False
|
||||
keys_updated = set()
|
||||
output_lines.extend(banner_content.splitlines())
|
||||
output_lines.append('')
|
||||
|
||||
# Skip everything before [DEFAULT] section (old banner, comments, empty lines)
|
||||
found_section = False
|
||||
for line in lines:
|
||||
stripped = line.strip()
|
||||
if stripped.startswith('[') and stripped.endswith(']'):
|
||||
# Found a section - stop skipping and process this line
|
||||
found_section = True
|
||||
if not found_section:
|
||||
# Skip lines before any section (old banner, comments, empty lines)
|
||||
continue
|
||||
|
||||
# Process lines after we found a section
|
||||
if stripped.startswith('[') and stripped.endswith(']'):
|
||||
section_name = stripped.strip('[]')
|
||||
if section_name == "DEFAULT":
|
||||
@@ -876,17 +887,7 @@ if has_full_banner and has_action_mwlg and has_action_override:
|
||||
f.writelines(output_lines)
|
||||
else:
|
||||
# Create new structure
|
||||
banner = """################################################################################
|
||||
# Fail2Ban-UI Managed Configuration
|
||||
#
|
||||
# WARNING: This file is automatically managed by Fail2Ban-UI.
|
||||
# DO NOT EDIT THIS FILE MANUALLY - your changes will be overwritten.
|
||||
#
|
||||
# This file overrides settings from /etc/fail2ban/jail.conf
|
||||
# Custom jail configurations should be placed in /etc/fail2ban/jail.d/
|
||||
################################################################################
|
||||
|
||||
"""
|
||||
banner = banner_content
|
||||
|
||||
default_section = """[DEFAULT]
|
||||
bantime.increment = """ + str(settings['bantime_increment']) + """
|
||||
@@ -914,7 +915,7 @@ action = %%(action_mwlg)s
|
||||
|
||||
with open(jail_file, 'w') as f:
|
||||
f.write(new_content)
|
||||
PY`, escapeForShell(jailLocalPath), escapeForShell(ignoreIPStr), escapeForShell(banactionVal), escapeForShell(banactionAllportsVal), settings.BantimeIncrement,
|
||||
PY`, escapeForShell(jailLocalPath), escapeForShell(ignoreIPStr), escapeForShell(banactionVal), escapeForShell(banactionAllportsVal), escapeForShell(config.JailLocalBanner()), settings.BantimeIncrement,
|
||||
escapeForShell(settings.Bantime), escapeForShell(settings.Findtime), settings.Maxretry, escapeForShell(settings.Destemail))
|
||||
|
||||
_, err := sc.runRemoteCommand(ctx, []string{"bash", "-lc", ensureScript})
|
||||
|
||||
@@ -627,17 +627,19 @@ func UpdateDefaultSettingsLocal(settings config.AppSettings) error {
|
||||
|
||||
// Parse existing content and update only specific keys in DEFAULT section
|
||||
if existingContent == "" {
|
||||
// File doesn't exist, create new one with DEFAULT section
|
||||
defaultLines := []string{"[DEFAULT]"}
|
||||
for _, key := range []string{"bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail"} {
|
||||
defaultLines = append(defaultLines, keysToUpdate[key])
|
||||
// File doesn't exist, create new one with banner and DEFAULT section
|
||||
var newLines []string
|
||||
newLines = append(newLines, strings.Split(strings.TrimRight(config.JailLocalBanner(), "\n"), "\n")...)
|
||||
newLines = append(newLines, "[DEFAULT]")
|
||||
for _, key := range []string{"bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail", "banaction", "banaction_allports"} {
|
||||
newLines = append(newLines, keysToUpdate[key])
|
||||
}
|
||||
defaultLines = append(defaultLines, "")
|
||||
newContent := strings.Join(defaultLines, "\n")
|
||||
newLines = append(newLines, "")
|
||||
newContent := strings.Join(newLines, "\n")
|
||||
if err := os.WriteFile(localPath, []byte(newContent), 0644); err != nil {
|
||||
return fmt.Errorf("failed to write jail.local: %w", err)
|
||||
}
|
||||
config.DebugLog("Created new jail.local with DEFAULT section")
|
||||
config.DebugLog("Created new jail.local with banner and DEFAULT section")
|
||||
return nil
|
||||
}
|
||||
|
||||
@@ -647,9 +649,23 @@ func UpdateDefaultSettingsLocal(settings config.AppSettings) error {
|
||||
inDefault := false
|
||||
defaultSectionFound := false
|
||||
|
||||
// Always add the full banner at the start
|
||||
outputLines = append(outputLines, strings.Split(strings.TrimRight(config.JailLocalBanner(), "\n"), "\n")...)
|
||||
|
||||
// Skip everything before [DEFAULT] section (old banner, comments, empty lines)
|
||||
foundSection := false
|
||||
for _, line := range lines {
|
||||
trimmed := strings.TrimSpace(line)
|
||||
if strings.HasPrefix(trimmed, "[") && strings.HasSuffix(trimmed, "]") {
|
||||
// Found a section - stop skipping and process this line
|
||||
foundSection = true
|
||||
}
|
||||
if !foundSection {
|
||||
// Skip lines before any section (old banner, comments, empty lines)
|
||||
continue
|
||||
}
|
||||
|
||||
// Process lines after we found a section
|
||||
if strings.HasPrefix(trimmed, "[") && strings.HasSuffix(trimmed, "]") {
|
||||
sectionName := strings.Trim(trimmed, "[]")
|
||||
if sectionName == "DEFAULT" {
|
||||
@@ -695,7 +711,7 @@ func UpdateDefaultSettingsLocal(settings config.AppSettings) error {
|
||||
outputLines = append(defaultLines, outputLines...)
|
||||
} else {
|
||||
// Add any missing keys to the DEFAULT section
|
||||
for _, key := range []string{"bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail"} {
|
||||
for _, key := range []string{"bantime.increment", "ignoreip", "bantime", "findtime", "maxretry", "destemail", "banaction", "banaction_allports"} {
|
||||
if !keysUpdated[key] {
|
||||
// Find the DEFAULT section and insert after it
|
||||
for i, line := range outputLines {
|
||||
|
||||
Reference in New Issue
Block a user