Dedublicate banner stuff and add missing init-vars for banactions

2026-04-17 05:53:15 +02:00 · 2025-12-04 20:36:23 +01:00
parent 0f2a3a1e32
commit def440611a
3 changed files with 75 additions and 35 deletions
--- a/internal/fail2ban/connector_ssh.go
+++ b/internal/fail2ban/connector_ssh.go
@@ -782,6 +782,7 @@ jail_file = '%s'
 ignore_ip_str = '%s'
 banaction_val = '%s'
 banaction_allports_val = '%s'
+banner_content = """%s"""
 settings = {
    'bantime_increment': %t,
    'ignoreip': ignore_ip_str,
@@ -816,13 +817,23 @@ if has_full_banner and has_action_mwlg and has_action_override:
    except FileNotFoundError:
        lines = []
    
+    # Always add the full banner at the start
    output_lines = []
-    in_default = False
-    keys_updated = set()
+    output_lines.extend(banner_content.splitlines())
+    output_lines.append('')
    
+    # Skip everything before [DEFAULT] section (old banner, comments, empty lines)
+    found_section = False
    for line in lines:
        stripped = line.strip()
+        if stripped.startswith('[') and stripped.endswith(']'):
+            # Found a section - stop skipping and process this line
+            found_section = True
+        if not found_section:
+            # Skip lines before any section (old banner, comments, empty lines)
+            continue
        
+        # Process lines after we found a section
        if stripped.startswith('[') and stripped.endswith(']'):
            section_name = stripped.strip('[]')
            if section_name == "DEFAULT":
@@ -876,17 +887,7 @@ if has_full_banner and has_action_mwlg and has_action_override:
        f.writelines(output_lines)
 else:
    # Create new structure
-    banner = """################################################################################
-# Fail2Ban-UI Managed Configuration
-# 
-# WARNING: This file is automatically managed by Fail2Ban-UI.
-# DO NOT EDIT THIS FILE MANUALLY - your changes will be overwritten.
-#
-# This file overrides settings from /etc/fail2ban/jail.conf
-# Custom jail configurations should be placed in /etc/fail2ban/jail.d/
-################################################################################
-
-"""
+    banner = banner_content
    
    default_section = """[DEFAULT]
 bantime.increment = """ + str(settings['bantime_increment']) + """
@@ -914,7 +915,7 @@ action = %%(action_mwlg)s
    
    with open(jail_file, 'w') as f:
        f.write(new_content)
-PY`, escapeForShell(jailLocalPath), escapeForShell(ignoreIPStr), escapeForShell(banactionVal), escapeForShell(banactionAllportsVal), settings.BantimeIncrement,
+PY`, escapeForShell(jailLocalPath), escapeForShell(ignoreIPStr), escapeForShell(banactionVal), escapeForShell(banactionAllportsVal), escapeForShell(config.JailLocalBanner()), settings.BantimeIncrement,
 		escapeForShell(settings.Bantime), escapeForShell(settings.Findtime), settings.Maxretry, escapeForShell(settings.Destemail))

 	_, err := sc.runRemoteCommand(ctx, []string{"bash", "-lc", ensureScript})