/[smecontribs]/rpms/smeserver-fail2ban/contribs10/smeserver-fail2ban-0.1.18-bz11636-smanager.patch
ViewVC logotype

Contents of /rpms/smeserver-fail2ban/contribs10/smeserver-fail2ban-0.1.18-bz11636-smanager.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Thu Jul 8 17:34:44 2021 UTC (3 years, 3 months ago) by michel
Branch: MAIN
CVS Tags: smeserver-fail2ban-0_1_18-27_el7_sme, smeserver-fail2ban-0_1_18-31_el7_sme, smeserver-fail2ban-0_1_18-24_el7_sme, smeserver-fail2ban-0_1_18-30_el7_sme, smeserver-fail2ban-0_1_18-17_el7_sme, smeserver-fail2ban-0_1_18-25_el7_sme, smeserver-fail2ban-0_1_18-22_el7_sme, smeserver-fail2ban-0_1_18-16_el7_sme, smeserver-fail2ban-0_1_18-32_el7_sme, smeserver-fail2ban-0_1_18-20_el7_sme, smeserver-fail2ban-0_1_18-19_el7_sme, smeserver-fail2ban-0_1_18-14_el7_sme, smeserver-fail2ban-0_1_18-28_el7_sme, smeserver-fail2ban-0_1_18-15_el7_sme, smeserver-fail2ban-0_1_18-29_el7_sme, smeserver-fail2ban-0_1_18-21_el7_sme, smeserver-fail2ban-0_1_18-23_el7_sme, smeserver-fail2ban-0_1_18-26_el7_sme, HEAD
make: « clog » est à jour.

1 diff -urN smeserver-fail2ban-0.1.18.old/createlinks smeserver-fail2ban-0.1.18/createlinks
2 --- smeserver-fail2ban-0.1.18.old/createlinks 2021-07-04 23:05:32.000000000 +0400
3 +++ smeserver-fail2ban-0.1.18/createlinks 2021-07-04 23:14:09.805000000 +0400
4 @@ -51,3 +51,10 @@
5 #service_link_enhanced("fail2ban", "S99", "7");
6 #service_link_enhanced("fail2ban", "K08", "6");
7 #service_link_enhanced("fail2ban", "K08", "0");
8 +
9 +# for smeserver-manager
10 +my $event = "smeserver-fail2ban-update";
11 +safe_symlink('restart', "root/etc/e-smith/events/$event/services2adjust/smanager");
12 +event_link('navigation2-conf', "$event", '80');
13 +event_link('routes2-conf', "$event", '80');
14 +event_link('locales2-conf', "$event", '80');
15 diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager
16 --- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager 1970-01-01 04:00:00.000000000 +0400
17 +++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager 2021-07-08 19:57:02.208000000 +0400
18 @@ -0,0 +1,25 @@
19 +{
20 +my $port = (${'httpd-e-smith'}{'TCPPort'} || '80') .','.
21 + ($modSSL{'TCPPort'} || '443');
22 +my $status = $smanager{'status'} || 'disabled';
23 +my $f2b = $smanager{'Fail2Ban'} || 'enabled';
24 +return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
25 +
26 +$OUT .=<<"EOF";
27 +
28 +[smanager]
29 +enabled = true
30 +port = $port
31 +filter = smanager
32 +logpath = /usr/share/smanager/log/production.log
33 +maxretry = 3
34 +findtime = 300
35 +bantime = 1800
36 +action = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
37 +
38 +EOF
39 +
40 +$OUT .= " smeserver-sendmail[name=\"SManager\",dest=$maildest]\n"
41 + if ($mail eq 'enabled');
42 +
43 +}
44 diff -urN smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/smanager.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/smanager.conf
45 --- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/smanager.conf 1970-01-01 04:00:00.000000000 +0400
46 +++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/smanager.conf 2021-07-08 19:55:39.162000000 +0400
47 @@ -0,0 +1,12 @@
48 +# Fail2Ban filter for Smanager attempted bypasses
49 +
50 +[Definition]
51 +#[Mon Nov 9 20:33:34 2020] [info] Login FAILED: mab 192.168.0.11
52 +
53 +failregex = ^\[.*\] \[info\] Login FAILED: .*\t<HOST>$
54 +
55 +ignoreregex = ^\[.*\] \[debug\] .*$
56 +ignoreregex = ^\[.*\] \[info\] Login succeeded: .*$
57 +
58 +datepattern = {^LN-BEG}
59 +
60 diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm smeserver-fail2ban-0.1.18/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm
61 --- smeserver-fail2ban-0.1.18.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm 2021-07-04 23:05:32.000000000 +0400
62 +++ smeserver-fail2ban-0.1.18/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm 2021-07-08 19:51:50.523000000 +0400
63 @@ -299,7 +299,7 @@
64 # those are stored in a different key dedicated to the service
65 my %services;
66 $services{'sshd'}= ($q->param ("sshd") ||'enabled');
67 - $services{'qpsmtp'}= ($q->param ("qpsmtpd") ||'enabled');
68 + $services{'qpsmtpd'}= ($q->param ("qpsmtpd") ||'enabled');
69 $services{'dovecot'}= ($q->param ("dovecot") ||'enabled');
70 $services{'httpd-e-smith'}= ($q->param ("httpd-e-smith") ||'enabled');
71 $services{'ftp'}= ($q->param ("ftp") ||'enabled');
72 diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm smeserver-fail2ban-0.1.18/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm
73 --- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm 1970-01-01 04:00:00.000000000 +0400
74 +++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm 2021-07-08 20:31:44.477000000 +0400
75 @@ -0,0 +1,455 @@
76 +package SrvMngr::Controller::Fail2ban;
77 +
78 +#----------------------------------------------------------------------
79 +# heading : Security
80 +# description : Fail2Ban
81 +# navigation : 5000 5250
82 +
83 +# name : fail2ban, method : get, url : /fail2ban, ctlact : fail2ban#main
84 +# name : fail2banu, method : post, url : /fail2ban, ctlact : fail2ban#do_action
85 +# name : fail2banr, method : get, url : /fail2ban2, ctlact : fail2ban#do_action_get
86 +#
87 +# routes : end
88 +#----------------------------------------------------------------------
89 +
90 +use strict;
91 +use warnings;
92 +use Mojo::Base 'Mojolicious::Controller';
93 +
94 +use Locale::gettext;
95 +use SrvMngr::I18N;
96 +
97 +use Data::Validate::IP;
98 +
99 +#use esmith::FormMagick::Panel::fail2ban;
100 +# qw( get_value get_prop change_settings RemoveIP );
101 +
102 +use SrvMngr qw( theme_list init_session ip_number );
103 +
104 +our $cdb = esmith::ConfigDB->open() or die "Couldn't open ConfigDB\n";
105 +
106 +my %defaultval=('FilterLocalNetworks'=> "enabled",
107 + 'FilterValidRemoteHosts'=> "enabled",
108 + "Mail" => "enabled",
109 + "BanTime" => '1800',
110 + "FindTime" => '900',
111 + "MaxRetry" => '3',
112 + "sshd" => 'enabled',
113 + "qpsmtpd" => 'enabled',
114 + "dovecot" => 'enabled',
115 + "httpd-e-smith" => 'enabled',
116 + "ftp" => 'enabled',
117 + "lemonldap" => 'enabled',
118 + "ejabberd" => 'enabled',
119 + "sogod" => 'disabled',
120 + "wordpress" => 'disabled',
121 + "smanager" => 'enabled',
122 +);
123 +
124 +
125 +sub main {
126 +
127 + my $c = shift;
128 + $c->app->log->info($c->log_req);
129 +
130 + my %f2b_datas = ();
131 + my $title = $c->l('f2b_FORM_TITLE');
132 +
133 + $f2b_datas{'status'} = get_prop('fail2ban', 'status');
134 + $f2b_datas{'filterlocalnetworks'} = get_prop('fail2ban', 'FilterLocalNetworks');
135 + $f2b_datas{'filtervalidremotehosts'} = get_prop('fail2ban', 'FilterValidRemoteHosts');
136 + $f2b_datas{'mail'} = get_prop('fail2ban', 'Mail');
137 + $f2b_datas{'bantime'} = get_prop('fail2ban', 'BanTime');
138 + $f2b_datas{'findtime'} = get_prop('fail2ban', 'FindTime');
139 + $f2b_datas{'maxretry'} = get_prop('fail2ban', 'MaxRetry');
140 + $f2b_datas{'wordpress'} = get_prop('fail2ban', 'wordpress');
141 +
142 + $f2b_datas{'sshd'} = get_prop('sshd', 'Fail2Ban');
143 + $f2b_datas{'qpsmtpd'} = get_prop('qpsmtpd', 'Fail2Ban');
144 + $f2b_datas{'dovecot'} = get_prop('dovecot', 'Fail2Ban');
145 + $f2b_datas{'httpd-e-smith'} = get_prop('httpd-e-smith', 'Fail2Ban');
146 + $f2b_datas{'ftp'} = get_prop('sshd', 'Fail2Ban');
147 + $f2b_datas{'lemonldap'} = get_prop('lemonldap', 'Fail2Ban');
148 + $f2b_datas{'ejabberd'} = get_prop('ejabberd', 'Fail2Ban');
149 + $f2b_datas{'sogod'} = get_prop('sogod', 'Fail2Ban');
150 + $f2b_datas{'smanager'} = get_prop('smanager', 'Fail2Ban');
151 +
152 + $c->stash( title => $title, f2b_datas => \%f2b_datas);
153 + $c->render('fail2ban');
154 +};
155 +
156 +
157 +sub do_action {
158 +
159 + my $c = shift;
160 + $c->app->log->info($c->log_req);
161 +
162 + my $rt = $c->current_route;
163 +
164 + my %f2b_datas = ();
165 + my $title = $c->l('f2b_FORM_TITLE');
166 +
167 + my ($res, $result) = '';
168 +
169 + $f2b_datas{status} = $c->param('Status');
170 + my $action = ( $c->param('action') || '' );
171 + $f2b_datas{ip} = $c->param('Ip');
172 + $f2b_datas{bits} = $c->param('Bits');
173 +
174 + # controls
175 + $res = ip_number_or_blank( $c, $f2b_datas{ip} );
176 + $result .= $res . " <br>" if ( $res ne 'OK' );
177 +
178 + $res = subnet_mask_bit( $c, $f2b_datas{bit} );
179 + $result .= $res . " <br>" if ( $res ne 'OK' );
180 +
181 + $res = validate_network_and_mask( $c, $f2b_datas{ip}, $f2b_datas{bits} );
182 + $result .= $res . " <br>" if ( $res ne 'OK' );
183 +
184 + #$result .= 'Blocked for testing d_a ! No updates for now '; # if $action;
185 +
186 + $res = '';
187 + if ( ! $result ) {
188 + $res = $c->do_changes();
189 + $result .= $res unless $res eq 'OK';
190 + if ( ! $result ) {
191 + $result = $c->l('f2b_SUCCESS');
192 + }
193 + }
194 +
195 + $c->stash( title => $title, f2b_datas => \%f2b_datas );
196 + if ($res ne 'OK') {
197 + $c->stash( error => $result );
198 + return $c->render('fail2ban');
199 + }
200 +
201 + my $message = 'fail2ban updates DONE';
202 + $c->app->log->info($message);
203 + $c->flash( success => $result );
204 + #$c->flash( error => " No changes applied !!" );
205 +
206 + #return to 'fail2ban' route !!!
207 + $c->redirect_to('/fail2ban');
208 +
209 +};
210 +
211 +
212 +sub do_action_get {
213 +
214 + my $c = shift;
215 + $c->app->log->info($c->log_req);
216 +
217 + my ($res, $result) = '';
218 +
219 + # controls
220 +
221 + my $action = ($c->param('action') || '');
222 + $result .= $c->l('f2b_ERROR_UPDATING') . " action: $action <br>"
223 + unless ($action eq 'RemoveIP');
224 +
225 + my $ip = ($c->param('IP') || '');
226 + my $whitelist = ($c->param('Whitelist'))? 'true' : 'false';
227 +
228 + #check ip
229 + my $validator=Data::Validate::IP->new;
230 + $result .= $c->l('f2b_ERROR_STOPPING') . " IP: $ip <br>"
231 + unless ($validator->is_ipv4($ip));
232 + $ip = $validator->is_ipv4($ip);
233 +
234 + # validate and untaint jail
235 + my $jail = ($c->param('Jail') || '');
236 + # could be [a-zA-Z0-9_\-]
237 + $jail = $jail =~ /([a-zA-Z0-9_\-]+)/ ? $1 : undef;
238 + $result .= $c->l('f2b_ERROR_UPDATING') . " jail: $jail <br>"
239 + unless $jail;
240 +
241 + #$result .= 'Blocked for testing d_a_g ! No updates for now '; # if $action;
242 +
243 + $res = '';
244 + if ( ! $result ) {
245 + $res = $c->RemoveIP( $ip, $whitelist, $jail );
246 + $result .= $res unless $res eq 'OK';
247 + if ( ! $result ) {
248 + if ($whitelist eq "true" ) {
249 + $result = $c->l('f2b_SUCCESS_IP_WHITE')." : $ip";
250 + } else {
251 + $result = $c->l('f2b_SUCCESS_IP')." : $ip";
252 + }
253 + }
254 + }
255 +
256 + if ($res ne 'OK') {
257 + $c->flash( error => $result );
258 + } else {
259 + my $message = "fail2ban removeip $ip DONE";
260 + $c->app->log->info($message);
261 + $c->flash( success => $result );
262 + }
263 +
264 + $c->redirect_to('/fail2ban');
265 +
266 +};
267 +
268 +
269 +sub do_changes {
270 +
271 + my $c = shift;
272 + my %conf;
273 +
274 + # Don't process the form unless we clicked the Save button. The event is
275 + # called even if we chose the Remove link or the Add link.
276 +
277 + my $ip = ($c->param ('Ip') || '');
278 + my $status = ($c->param ('Status') || 'status');
279 + my $FilterLocalNetworks = ($c->param ('FilterLocalNetworks') || "enabled");
280 + my $FilterValidRemoteHosts= ($c->param ('FilterValidRemoteHosts') || "enabled");
281 + my $Mail= ($c->param ("Mail") || "enabled");
282 + my $BanTime= ($c->param ("BanTime") || '1800');
283 + my $FindTime= ($c->param ("FindTime") || '900');
284 + my $MaxRetry= ($c->param ("MaxRetry") || '3');
285 +
286 + # those are stored in a different key dedicated to the service
287 + my %services;
288 + $services{'sshd'}= ($c->param ("Sshd") ||'enabled');
289 + $services{'qpsmtpd'}= ($c->param ("Qpsmtpd") ||'enabled');
290 + $services{'dovecot'}= ($c->param ("Dovecot") ||'enabled');
291 + $services{'httpd-e-smith'}= ($c->param ("Httpd-e-smith") ||'enabled');
292 + $services{'ftp'}= ($c->param ("Ftp") ||'enabled');
293 + $services{'lemonldap'}= ($c->param ("Lemonldap") ||'enabled');
294 + $services{'ejabberd'}= ($c->param ("Ejabberd" ) ||'enabled');
295 + $services{'sogod'}= ($c->param ("Sogod" ) ||'enabled');
296 + $services{'wordpress'}= ($c->param ("Wordpress") ||'enabled');
297 + $services{'smanager'}= ($c->param ("Smanager") ||'enabled');
298 +
299 +
300 + #------------------------------------------------------------
301 + # Looks good; go ahead and change the access.
302 + #------------------------------------------------------------
303 +
304 + my $rec = $cdb->get('fail2ban');
305 + if ($rec) {
306 + $rec->set_prop('status', $status);
307 + # unless prop empty and value eq default
308 + $rec->set_prop('FilterLocalNetworks', $FilterLocalNetworks)
309 + unless ( ! $cdb->get_prop('fail2ban','FilterLocalNetworks')
310 + && $FilterLocalNetworks eq $defaultval{'FilterLocalNetworks'} );
311 + $rec->set_prop('FilterValidRemoteHosts', $FilterValidRemoteHosts)
312 + unless ( ! $cdb->get_prop('fail2ban','FilterValidRemoteHosts')
313 + && $FilterValidRemoteHosts eq $defaultval{'FilterValidRemoteHosts'} );
314 + $rec->set_prop('Mail', $Mail)
315 + unless ( ! $cdb->get_prop('fail2ban','Mail') && $Mail eq $defaultval{'Mail'} );
316 + $rec->set_prop('BanTime', $BanTime)
317 + unless ( ! $cdb->get_prop('fail2ban','BanTime') && $BanTime eq $defaultval{'BanTime'} );
318 + $rec->set_prop('FindTime', $FindTime)
319 + unless ( ! $cdb->get_prop('fail2ban','FindTime') && $FindTime eq $defaultval{'FindTime'} );
320 + $rec->set_prop('MaxRetry', $MaxRetry)
321 + unless ( ! $cdb->get_prop('fail2ban','MaxRetry') && $MaxRetry eq $defaultval{'MaxRetry'} );
322 + }
323 + # for the 9 services update unless key does not exist and property does not exist and value eq default
324 + foreach my $key (keys %services) {
325 + if ($key eq "wordpress") {
326 + $rec = $cdb->get('fail2ban');
327 + my $getprop = $cdb->get_prop('fail2ban',$key) || "";
328 + $rec->set_prop($key, $services{$key} )
329 + unless ( ! $rec || (! $cdb->get_prop('fail2ban', $key) && $services{$key} eq $defaultval{$key} ) );
330 + } else {
331 + $rec = $cdb->get($key);
332 + my $getprop = $cdb->get_prop($key,'Fail2Ban') || "";
333 + $rec->set_prop('Fail2Ban', $services{$key} )
334 + unless ( ! $rec || (! $cdb->get_prop($key,'Fail2Ban') && $services{$key} eq $defaultval{$key} ) );
335 + }
336 + }
337 +
338 +# ?? this seems to prevent reload of service if we update something and remove or add an ip... ??
339 + $c->add_new_valid_from;
340 + $c->remove_valid_from;
341 +
342 + unless ( system( "/sbin/e-smith/signal-event", "fail2ban-update" ) == 0 ) {
343 + return $c->l('f2b_ERROR_UPDATING');
344 + }
345 +
346 + unless ( system( "/sbin/e-smith/signal-event", "fail2ban-conf" ) == 0 ) {
347 + return $c->l('f2b_ERROR_UPDATING');
348 + }
349 +
350 + if ( $rec->prop('status') eq 'disabled' ) {
351 + unless ( `/etc/init.d/fail2ban stop` ) {
352 + return $c->l('f2b_ERROR_STOPPING');
353 + }
354 + }
355 +
356 + return 'OK';
357 +}
358 +
359 +
360 +# RemoveIP after validation
361 +sub RemoveIP {
362 +
363 + my ( $c, $ip, $whitelist, $jail ) = @_;
364 +
365 + unless ( system( "/usr/bin/fail2ban-client set $jail unbanip $ip ".' >/dev/null 2>&1' ) == 0 ) {
366 + return $c->l('f2b_ERROR_UPDATING');
367 + }
368 +
369 + if ($whitelist eq 'true' ) {
370 + # add $ip to whitelist for the current $jail
371 + warn "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32";
372 + unless ( system( "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32 ".' >/dev/null 2>&1' ) == 0
373 + && system( "/usr/bin/fail2ban-client reload ".' >/dev/null 2>&1' ) == 0
374 + ) {
375 + return $c->l('f2b_ERROR_UPDATING_WHITE');
376 + }
377 + }
378 +
379 + return 'OK';
380 +
381 +}
382 +
383 +
384 +sub add_new_valid_from {
385 +
386 + my $c = shift;
387 +
388 + my $ip = $c->param('Ip');
389 + my $bits = $c->param('Bits');
390 +
391 + # do nothing if no ip was added
392 + return 1 unless ($ip);
393 +
394 + my $rec = $cdb->get('fail2ban');
395 + return $c->l('f2b_ERR_NO_RECORD') unless $rec;
396 +
397 + my $prop = $rec->prop('IgnoreIP') || '';
398 +
399 + my @vals = split /,/, $prop;
400 + return '' if (grep /^$ip\/$bits$/, @vals); # already have this entry
401 +
402 + if ($prop ne '') {
403 + $prop .= ",$ip/$bits";
404 + } else {
405 + $prop = "$ip/$bits";
406 + }
407 +
408 + $rec->set_prop('IgnoreIP', $prop);
409 +
410 + return 1;
411 +}
412 +
413 +
414 +sub remove_valid_from {
415 +
416 + my $c = shift;
417 +
418 + my @remove = @{$c->every_param('ValidFromRemove')};
419 + return 1 unless @remove;
420 +
421 + my @vals = @{$c->get_valid_from()};
422 + unless (@vals) {
423 + print STDERR "ERROR: unable to load IgnoreIP property from conf db\n";
424 + return undef;
425 + }
426 +
427 + #$c->app->log->debug("remo: " . $c->dumper(\@remove) .' vals: '. $c->dumper(\@vals));
428 +
429 + foreach my $entry (@remove) {
430 + @vals = (grep { $entry ne $_ } @vals);
431 + }
432 +
433 + my $prop = '';
434 + $prop = join(',', @vals) if @vals;
435 +
436 + $cdb->get('fail2ban')->set_prop('IgnoreIP', $prop);
437 +
438 + return 1;
439 +}
440 +
441 +
442 +sub ip_number_or_blank {
443 +
444 + my $c = shift;
445 + my $ip = shift;
446 +
447 + if (!defined($ip) || $ip eq "") {
448 + return 'OK';
449 + }
450 + $c->ip_number( $ip );
451 +}
452 +
453 +
454 +sub subnet_mask_bit {
455 +
456 + my ($c, $mask) = @_;
457 +
458 + my @allowed = (8,9,12,14,16,17,20,22,24,25,28,30,32);
459 +
460 + if ( !defined($mask) || $mask eq "" || grep( /^$mask$/, @allowed ) ) {
461 + return "OK";
462 + }
463 + return $c->l('f2b_INVALID_SUBNET_MASK');
464 +}
465 +
466 +
467 +sub validate_network_and_mask {
468 +
469 + my $c = shift;
470 + my $net = shift || "";
471 + my $mask = shift || "";
472 +
473 +# my $net = $c->param('Ip') || "";
474 + if ($net xor $mask) {
475 + return $c->l('f2b_ERR_INVALID_PARAMS');
476 + }
477 +
478 + return 'OK';
479 +}
480 +
481 +
482 +sub get_prop {
483 +
484 +# my $c = shift;
485 + my $item = shift;
486 + my $prop = shift;
487 + my $value = $cdb->get_prop($item, $prop) || '';
488 + if ( $value eq "" && exists($defaultval{$prop}) && $item eq "fail2ban") {
489 + $value=$defaultval{$prop};
490 + } elsif ( $value eq "" && exists($defaultval{$item}) && $prop eq "Fail2Ban" && $item ne "fail2ban" ) {
491 + $value=$defaultval{$item};
492 + }
493 +
494 + return $value;
495 +}
496 +
497 +
498 +sub get_valid_from {
499 +
500 + my $c = shift;
501 + my @vals_sorted = ();
502 +
503 + my $rec = $cdb->get('fail2ban');
504 + if ( $rec ) {
505 + my @vals = (split ',', $rec->prop('IgnoreIP'));
506 + @vals_sorted = sort ip_sort @vals if @vals;
507 +# @vals_sorted = @vals;
508 + }
509 +
510 + return \@vals_sorted;
511 +}
512 +
513 +
514 +sub get_current_deny {
515 +
516 + my $c = shift;
517 +
518 + my @cdeny = `/usr/bin/sfail2ban`;
519 +
520 + return \@cdeny
521 +}
522 +
523 +
524 +sub ip_sort(@) {
525 + return esmith::util::IPquadToAddr($a) <=> esmith::util::IPquadToAddr($b);
526 +}
527 +
528 +
529 +1;
530 +
531 diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex smeserver-fail2ban-0.1.18/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex
532 --- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex 1970-01-01 04:00:00.000000000 +0400
533 +++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex 2021-07-08 20:58:49.795000000 +0400
534 @@ -0,0 +1,56 @@
535 +'f2b_FORM_TITLE' => 'Fail2ban service',
536 +'f2b_SERVICE_STATUS' => 'Fail2ban service status.',
537 +'f2b_STATUS' => 'Status',
538 +'f2b_FilterLocalNetworks_STATUS' => 'Whitelist all the local network defined.',
539 +'f2b_FilterLocalNetworks' => 'FilterLocalNetworks status',
540 +'f2b_FilterValidRemoteHosts_STATUS' => 'Whitelist all the authorized remote hosts allowed to acces server-manager.',
541 +'f2b_FilterValidRemoteHosts' => 'FilterValidRemoteHosts status',
542 +'f2b_SEND_MAIL_STATUS' => 'Status of qmail jail',
543 +'f2b_MAIL' => 'Mail',
544 +'f2b_BANTIME' => 'Set the default ban time for jails (Initial default is 1800 seconds).',
545 +'f2b_DEFAULT_BANTIME' => 'Bantime',
546 +'f2b_FINDTIME' => '>Set the default find time for jails (Initial default is 900 seconds).',
547 +'f2b_DEFAULT_FINDTIME' => 'Findtime',
548 +'f2b_MAXRETRY' => 'Set the default max retry allowed before being ban (Initial default is 3).',
549 +'f2b_DEFAULT_MAXRETRY' => 'Maxretry',
550 +'f2b_SSHD_STATUS' => 'Status of sshd jail.',
551 +'f2b_SSHD' => 'sshd',
552 +'f2b_QPSMTPD_STATUS' => 'Status of qpsmtpd (incoming emails) jail.',
553 +'f2b_QPSMTPD' => 'qpsmtpd',
554 +'f2b_IMAP_STATUS' => 'Status of dovecot (imap service to retrieve emails) jail.',
555 +'f2b_IMAP' => 'dovecot',
556 +'f2b_HTTPD_STATUS' => 'Status of httpd jails. Multiple features are enabled at once there.',
557 +'f2b_HTTPD' => 'httpd',
558 +'f2b_FTP_STATUS' => 'Status of proftpd jail.',
559 +'f2b_FTP' => 'proftpd',
560 +'f2b_LEMONLDAP_STATUS' => 'Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled.',
561 +'f2b_LEMONLDAP' => 'LemonLDAP',
562 +'f2b_EJABBERD_STATUS' => 'Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled.',
563 +'f2b_EJABBERD' => 'ejabberd',
564 +'f2b_SOGOD_STATUS' => 'Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled.',
565 +'f2b_SOGOD' => 'Sogo',
566 +'f2b_WORDPRESS_STATUS' => 'Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances.',
567 +'f2b_WORDPRESS' => 'Wordpress',
568 +'f2b_SMANAGER_STATUS' => 'Status of smanager jails. You need to activate it manually if you install it after fail2ban.',
569 +'f2b_SMANAGER' => 'Smanager',
570 +'f2b_VALIDFROM_TITLE' => 'Allowed Hosts',
571 +'f2b_VALIDFROM_DESC' => 'This is a list of hosts that will not be blocked by fail2ban.',
572 +'f2b_NO_ENTRIES_YET' => 'No Entries Yet',
573 +'f2b_DESC_ADD_IP' => 'To add a new allowed network, enter the details below.',
574 +'f2b_ADD_IP' => 'Authorized network',
575 +'f2b_DESC_ADD_BITS' => 'To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32).',
576 +'f2b_ADD_BITS' => 'Authorized network subnet',
577 +'f2b_CURRENT_DENY_TITLE' => 'Blocked Hosts',
578 +'f2b_CURRENT_DENY_DESC' => 'This is a list of hosts that are currently blocked.',
579 +'f2b_JAIL' => 'Jail',
580 +'f2b_FIRST_SEEN' => 'Host first seen',
581 +'f2b_SUCCESS' => 'The new fail2ban settings have been saved.',
582 +'f2b_ERR_NO_RECORD' => 'Unable to locate fail2ban record in configuration db',
583 +'f2b_ERROR_STOPPING' => 'Error while trying to stop service',
584 +'f2b_SUCCESS_IP' => 'The following IP has been unbanned',
585 +'f2b_WHITELIST' => 'Whitelist',
586 +'f2b_SUCCESS_IP_WHITE' => 'The following IP has been unbanned and whitelisted',
587 +'f2b_ERROR_UPDATING' => 'Unable to unban',
588 +'f2b_ERROR_UPDATING_WHITE' => 'Unable to unban and whitelist',
589 +'f2b_ERR_INVALID_PARAMS' => 'Invalid network parameters',
590 +'f2b_INVALID_SUBNET_MASK' => 'Invalid subnet mask',
591 diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep
592 --- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep 1970-01-01 04:00:00.000000000 +0400
593 +++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep 2021-07-08 20:34:31.468000000 +0400
594 @@ -0,0 +1,180 @@
595 +% layout 'default', title => "Sme server 2 - fail2ban";
596 +
597 +% content_for 'module' => begin
598 +
599 +<div id="module">
600 +
601 + %if ($config->{debug} == 1) {
602 + <p>
603 + %= dumper $c->current_route
604 + %= dumper $f2b_datas
605 + </p>
606 + %}
607 +
608 + % if ( stash 'error' ) {
609 + <br><div class=sme-error>
610 + %= $c->render_to_string(inline => stash 'error')
611 + </div>
612 + %}
613 +
614 + <h1><%= $title %></h1>
615 +
616 + %= form_for '/fail2ban' => (method => 'POST') => begin
617 + <p>
618 + %=l('f2b_SERVICE_STATUS')
619 + <br><span class=label>
620 + %=l 'f2b_STATUS'
621 + </span><span class=input>
622 + % param 'Status' => $f2b_datas->{status} unless param 'Status';
623 + %= select_field 'Status' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
624 + </span></p>
625 + <p>
626 + %=l('f2b_FilterLocalNetworks_STATUS')
627 + <br><span class=label>
628 + %=l 'f2b_FilterLocalNetworks'
629 + </span><span class=input>
630 + % param 'FilterLocalNetworks' => $f2b_datas->{filterlocalnetworks} unless param 'FilterLocalNetworks';
631 + %= select_field 'FilterLocalNetworks' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
632 + </span></p>
633 + <p>
634 + %=l('f2b_FilterValidRemoteHosts_STATUS')
635 + <br><span class=label>
636 + %=l 'f2b_FilterValidRemoteHosts'
637 + </span><span class=input>
638 + % param 'FilterValidRemoteHosts' => $f2b_datas->{filtervalidremotehosts} unless param 'FilterValidRemoteHosts';
639 + %= select_field 'FilterValidRemoteHosts' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
640 + </span></p>
641 + <p>
642 + %=l('f2b_SEND_MAIL_STATUS')
643 + <br><span class=label>
644 + %=l 'f2b_MAIL'
645 + </span><span class=input>
646 + % param 'Mail' => $f2b_datas->{mail} unless param 'Mail';
647 + %= select_field 'Mail' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
648 + </span></p>
649 + <p><span class=label>
650 + %=l 'f2b_DEFAULT_BANTIME'
651 + </span><span class=input>
652 + % param 'BanTime' => $f2b_datas->{bantime} unless param 'BanTime';
653 + %= text_field 'BanTime', size => '9', class => 'input'
654 + </span><span class=label2>
655 + %=l 'f2b_DEFAULT_FINDTIME'
656 + </span><span class=input>
657 + % param 'FindTime' => $f2b_datas->{findtime} unless param 'FindTime';
658 + %= text_field 'FindTime', size => '6', class => 'input'
659 + </span><span class=label2>
660 + %=l 'f2b_DEFAULT_MAXRETRY'
661 + </span><span class=input>
662 + % param 'MaxRetry' => $f2b_datas->{maxretry} unless param 'MaxRetry';
663 + %= text_field 'MaxRetry', size => '2', class => 'input'
664 + </span></p>
665 + <p>
666 + %=l('f2b_SSHD_STATUS')
667 + <br><span class=label>
668 + %=l 'f2b_SSHD'
669 + </span><span class=input>
670 + % param 'Sshd' => $f2b_datas->{sshd} unless param 'Sshd';
671 + %= select_field 'Sshd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
672 + </span></p><p>
673 + %=l('f2b_QPSMTPD_STATUS')
674 + <br><span class=label>
675 + %=l 'f2b_QPSMTPD'
676 + </span><span class=input>
677 + % param 'Qpsmtpd' => $f2b_datas->{qpsmtpd} unless param 'Qpsmtpd';
678 + %= select_field 'Qpsmtpd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
679 + </span></p>
680 + <p>
681 + %=l('f2b_IMAP_STATUS')
682 + <br><span class=label>
683 + %=l 'f2b_IMAP'
684 + </span><span class=input>
685 + % param 'Dovecot' => $f2b_datas->{dovecot} unless param 'Dovecot';
686 + %= select_field 'Dovecot' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
687 + </span></p>
688 + <p>
689 + %=l('f2b_HTTPD_STATUS')
690 + <br><span class=label>
691 + %=l 'f2b_HTTPD'
692 + </span><span class=input>
693 + % param 'Httpd-e-smith' => $f2b_datas->{'httpd-e-smith'} unless param 'Httpd-e-smith';
694 + %= select_field 'Httpd-e-smith' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
695 + </span></p>
696 + <p>
697 + %=l('f2b_FTP_STATUS')
698 + <br><span class=label>
699 + %=l 'f2b_FTP'
700 + </span><span class=input>
701 + % param 'Ftp' => $f2b_datas->{ftp} unless param 'Ftp';
702 + %= select_field 'Ftp' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
703 + </span></p>
704 + <p>
705 + %=l('f2b_LEMONLDAP_STATUS')
706 + <br><span class=label>
707 + %=l 'f2b_LEMONLDAP'
708 + </span><span class=input>
709 + % param 'Lemonldap' => $f2b_datas->{lemonldap} unless param 'Lemonldap';
710 + %= select_field 'Lemonldap' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
711 + </span></p>
712 + <p>
713 + %=l('f2b_EJABBERD_STATUS')
714 + <br><span class=label>
715 + %=l 'f2b_EJABBERD'
716 + </span><span class=input>
717 + % param 'Ejabberd' => $f2b_datas->{ejabberd} unless param 'Ejabberd';
718 + %= select_field 'Ejabberd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
719 + </span></p>
720 + <p>
721 + %=l('f2b_SOGOD_STATUS')
722 + <br><span class=label>
723 + %=l 'f2b_SOGOD'
724 + </span><span class=input>
725 + % param 'Sogod' => $f2b_datas->{sogod} unless param 'Sogod';
726 + %= select_field 'Sogod' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
727 + </span></p>
728 + <p>
729 + %=l('f2b_WORDPRESS_STATUS')
730 + <br><span class=label>
731 + %=l 'f2b_WORDPRESS'
732 + </span><span class=input>
733 + % param 'Wordpress' => $f2b_datas->{wordpress} unless param 'Wordpress';
734 + %= select_field 'Wordpress' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
735 + </span></p>
736 + <p>
737 + %=l('f2b_SMANAGER_STATUS')
738 + <br><span class=label>
739 + %=l 'f2b_SMANAGER'
740 + </span><span class=input>
741 + % param 'Smanager' => $f2b_datas->{smanager} unless param 'Smanager';
742 + %= select_field 'Smanager' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
743 + </span></p>
744 +
745 + %= include 'partials/_f2b_valid'
746 +
747 + <p>
748 + %=l('f2b_DESC_ADD_IP')
749 + <br><span class=label>
750 + %=l 'f2b_ADD_IP'
751 + </span><span class=input>
752 + % param 'Ip' => $f2b_datas->{ip} unless param 'Ip';
753 + %= text_field 'Ip', class => 'input'
754 + </span></p>
755 + <p>
756 + %=l('f2b_DESC_ADD_BITS')
757 + <br><span class=label>
758 + %=l 'f2b_ADD_BITS'
759 + </span><span class=input>
760 + % param 'Bits' => $f2b_datas->{bits} unless param 'Bits';
761 + %= text_field 'Bits', class => 'input'
762 + </span></p>
763 +
764 + <div class='center'>
765 + %= submit_button $c->l('SAVE'), class => 'action'
766 + </div>
767 +
768 + % end
769 +
770 + %= include 'partials/_f2b_blocked'
771 +
772 +</div>
773 +
774 +%end
775 diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep
776 --- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep 1970-01-01 04:00:00.000000000 +0400
777 +++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep 2021-07-02 19:28:29.000000000 +0400
778 @@ -0,0 +1,47 @@
779 +<div id="f2b_blocked">
780 + <hr class='sectionbar' /><h2>
781 + %=l 'f2b_CURRENT_DENY_TITLE'
782 + </h2><p>
783 + %=l 'f2b_CURRENT_DENY_DESC'
784 + </p>
785 +
786 + % my @denys = @{$c->get_current_deny()};
787 + % if ($config->{debug} == 1) {
788 + <p><%= dumper @denys %></p>
789 + % }
790 +
791 + % if ( @denys ) {
792 + <p>
793 + <table class="sme-border"><tbody>
794 + <tr><th class='sme-border'>
795 + %=l 'IP_ADDRESS'
796 + </th><th class='sme-border'>
797 + %=l 'f2b_JAIL'
798 + </th><th class='sme-border'>
799 + %=l 'ACTION'
800 + </th></tr>
801 + % foreach my $sval ( @denys) {
802 + % my @ssval = split(':',$sval);
803 + % my $curjail = $ssval[0];
804 + % $curjail =~ s/^\s//;
805 + % my @ssvalip = split(' ',$ssval[1]);
806 + % foreach my $sssval (@ssvalip) {
807 + % my $ip=$sssval;
808 + % my $action3 = "<a href=\"fail2ban2?action=RemoveIP".
809 + % "&IP=$ip&Jail=$curjail\">".$c->l('REMOVE')."</a>" .
810 + % " <a href=\"fail2ban2?action=RemoveIP&IP=$ip" .
811 + % "&Jail=$curjail&Whitelist=true\">".$c->l('WHITELIST')."</a>" ;
812 + <tr>
813 + %= t td => (class => 'sme-border') => "$ip"
814 + %= t td => (class => 'sme-border') => "$curjail"
815 + <td class='sme-border'><%= $c->render_to_string(inline => $action3) %></td>
816 + </tr>
817 + % }
818 + % }
819 + </tbody></table></span></p>
820 + % } else {
821 + <b>
822 + %=l 'f2b_NO_ENTRIES_YET';
823 + </b>
824 + % }
825 +</div>
826 diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep
827 --- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep 1970-01-01 04:00:00.000000000 +0400
828 +++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep 2021-06-30 20:15:59.000000000 +0400
829 @@ -0,0 +1,35 @@
830 +<div id="f2b_valid">
831 + <hr class='sectionbar' /><h2>
832 + %=l 'f2b_VALIDFROM_TITLE'
833 + </h2><p>
834 + %=l 'f2b_VALIDFROM_DESC'
835 + </p>
836 + % my @valids = @{$c->get_valid_from()};
837 + % if ( @valids ) {
838 + <p>
839 + <table class="sme-border"><tbody>
840 + <tr><th class='sme-border'>
841 + %=l 'NETWORK'
842 + </th><th class='sme-border'>
843 + %=l 'REMOVE'
844 + </th></tr>
845 + % foreach my $v ( @valids) {
846 + % my $checked = '';
847 + <tr>
848 + %= t td => (class => 'sme-border') => "$v"
849 + <td class='sme-border'>
850 + % if ( $checked eq 'checked' ) {
851 + <input type='checkbox' name='ValidFromRemove' checked value='<%= $v %>'>
852 + %} else {
853 + %= check_box 'ValidFromRemove' => $v
854 + %}
855 + </td>
856 + </tr>
857 + % }
858 + </tbody></table></span></p>
859 + % } else {
860 + <b>
861 + %=l 'f2b_NO_ENTRIES_YET';
862 + </b>
863 + % }
864 +</div>

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed