smeserver-fail2ban/contribs10/smeserver-fail2ban-0.1.18-bz11636-smanager.patch

diff -urN smeserver-fail2ban-0.1.18.old/createlinks smeserver-fail2ban-0.1.18/createlinks
--- smeserver-fail2ban-0.1.18.old/createlinks   2021-07-04 23:05:32.000000000 +0400
+++ smeserver-fail2ban-0.1.18/createlinks       2021-07-04 23:14:09.805000000 +0400
@@ -51,3 +51,10 @@
 #service_link_enhanced("fail2ban", "S99", "7");
 #service_link_enhanced("fail2ban", "K08", "6");
 #service_link_enhanced("fail2ban", "K08", "0");
+
+# for smeserver-manager
+my $event = "smeserver-fail2ban-update"; 
+safe_symlink('restart', "root/etc/e-smith/events/$event/services2adjust/smanager");
+event_link('navigation2-conf', "$event", '80');
+event_link('routes2-conf', "$event", '80');
+event_link('locales2-conf', "$event", '80');
diff -urN smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager
--- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager 1970-01-01 04:00:00.000000000 +0400
+++ smeserver-fail2ban-0.1.18/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service32Smanager     2021-07-08 19:57:02.208000000 +0400
@@ -0,0 +1,25 @@
+{
+my $port = (${'httpd-e-smith'}{'TCPPort'} || '80') .','. 
+           ($modSSL{'TCPPort'} || '443');
+my $status = $smanager{'status'} || 'disabled';
+my $f2b = $smanager{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
+
+$OUT .=<<"EOF";
+
+[smanager]
+enabled  = true
+port     = $port
+filter   = smanager
+logpath  = /usr/share/smanager/log/production.log
+maxretry = 3
+findtime = 300
+bantime  = 1800
+action   = smeserver-iptables[port="$port",protocol=tcp,bantime=$bantime]
+
+EOF
+
+$OUT .= "           smeserver-sendmail[name=\"SManager\",dest=$maildest]\n"
+       if ($mail eq 'enabled');
+
+}
diff -urN smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/smanager.conf smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/smanager.conf
--- smeserver-fail2ban-0.1.18.old/root/etc/fail2ban/filter.d/smanager.conf      1970-01-01 04:00:00.000000000 +0400
+++ smeserver-fail2ban-0.1.18/root/etc/fail2ban/filter.d/smanager.conf  2021-07-08 19:55:39.162000000 +0400
@@ -0,0 +1,12 @@
+# Fail2Ban filter for Smanager attempted bypasses
+
+[Definition]
+#[Mon Nov  9 20:33:34 2020] [info] Login FAILED: mab   192.168.0.11
+
+failregex = ^\[.*\] \[info\] Login FAILED: .*\t<HOST>$
+
+ignoreregex = ^\[.*\] \[debug\] .*$
+ignoreregex = ^\[.*\] \[info\] Login succeeded: .*$
+
+datepattern = {^LN-BEG}
+
diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm smeserver-fail2ban-0.1.18/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm
--- smeserver-fail2ban-0.1.18.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm  2021-07-04 23:05:32.000000000 +0400
+++ smeserver-fail2ban-0.1.18/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm      2021-07-08 19:51:50.523000000 +0400
@@ -299,7 +299,7 @@
     # those are stored in a different key dedicated to the service
     my %services;
     $services{'sshd'}= ($q->param ("sshd") ||'enabled');
-    $services{'qpsmtp'}= ($q->param ("qpsmtpd") ||'enabled');
+    $services{'qpsmtpd'}= ($q->param ("qpsmtpd") ||'enabled');
     $services{'dovecot'}= ($q->param ("dovecot") ||'enabled');
     $services{'httpd-e-smith'}= ($q->param ("httpd-e-smith") ||'enabled');
     $services{'ftp'}= ($q->param ("ftp") ||'enabled');
diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm smeserver-fail2ban-0.1.18/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm
--- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm    1970-01-01 04:00:00.000000000 +0400
+++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/lib/SrvMngr/Controller/Fail2ban.pm        2021-07-08 20:31:44.477000000 +0400
@@ -0,0 +1,455 @@
+package SrvMngr::Controller::Fail2ban;
+
+#----------------------------------------------------------------------
+# heading     : Security
+# description : Fail2Ban
+# navigation  : 5000 5250
+
+# name : fail2ban,  method : get,  url : /fail2ban,   ctlact : fail2ban#main
+# name : fail2banu, method : post, url : /fail2ban,   ctlact : fail2ban#do_action
+# name : fail2banr, method : get,  url : /fail2ban2,  ctlact : fail2ban#do_action_get
+#
+# routes : end
+#----------------------------------------------------------------------
+
+use strict;
+use warnings;
+use Mojo::Base 'Mojolicious::Controller';
+
+use Locale::gettext;
+use SrvMngr::I18N;
+
+use Data::Validate::IP;
+
+#use esmith::FormMagick::Panel::fail2ban;
+#    qw( get_value get_prop change_settings RemoveIP );
+
+use SrvMngr qw( theme_list init_session ip_number );
+
+our $cdb = esmith::ConfigDB->open() or die "Couldn't open ConfigDB\n";
+
+my %defaultval=('FilterLocalNetworks'=> "enabled",
+       'FilterValidRemoteHosts'=> "enabled",
+       "Mail" => "enabled",
+        "BanTime" => '1800',
+        "FindTime" => '900',
+        "MaxRetry" =>  '3',
+        "sshd" => 'enabled',
+        "qpsmtpd" => 'enabled',
+        "dovecot" => 'enabled',
+       "httpd-e-smith" => 'enabled',
+        "ftp" => 'enabled',
+       "lemonldap" => 'enabled',
+        "ejabberd"  => 'enabled',
+        "sogod"  => 'disabled',
+        "wordpress" => 'disabled',
+        "smanager" => 'enabled',
+);
+
+
+sub main {
+
+    my $c = shift;
+    $c->app->log->info($c->log_req);
+
+    my %f2b_datas = ();
+    my $title = $c->l('f2b_FORM_TITLE');
+
+    $f2b_datas{'status'} = get_prop('fail2ban', 'status');
+    $f2b_datas{'filterlocalnetworks'} = get_prop('fail2ban', 'FilterLocalNetworks');
+    $f2b_datas{'filtervalidremotehosts'} = get_prop('fail2ban', 'FilterValidRemoteHosts');
+    $f2b_datas{'mail'} = get_prop('fail2ban', 'Mail');
+    $f2b_datas{'bantime'} = get_prop('fail2ban', 'BanTime');
+    $f2b_datas{'findtime'} = get_prop('fail2ban', 'FindTime');
+    $f2b_datas{'maxretry'} = get_prop('fail2ban', 'MaxRetry');
+    $f2b_datas{'wordpress'} = get_prop('fail2ban', 'wordpress');
+
+    $f2b_datas{'sshd'} = get_prop('sshd', 'Fail2Ban');
+    $f2b_datas{'qpsmtpd'} = get_prop('qpsmtpd', 'Fail2Ban');
+    $f2b_datas{'dovecot'} = get_prop('dovecot', 'Fail2Ban');
+    $f2b_datas{'httpd-e-smith'} = get_prop('httpd-e-smith', 'Fail2Ban');
+    $f2b_datas{'ftp'} = get_prop('sshd', 'Fail2Ban');
+    $f2b_datas{'lemonldap'} = get_prop('lemonldap', 'Fail2Ban');
+    $f2b_datas{'ejabberd'} = get_prop('ejabberd', 'Fail2Ban');
+    $f2b_datas{'sogod'} = get_prop('sogod', 'Fail2Ban');
+    $f2b_datas{'smanager'} = get_prop('smanager', 'Fail2Ban');
+
+    $c->stash( title => $title, f2b_datas => \%f2b_datas);
+    $c->render('fail2ban');
+};
+
+
+sub do_action {
+
+    my $c = shift;
+    $c->app->log->info($c->log_req);
+
+    my $rt = $c->current_route;
+
+    my %f2b_datas = ();
+    my $title = $c->l('f2b_FORM_TITLE');
+
+    my ($res, $result) = '';
+
+    $f2b_datas{status} = $c->param('Status');
+    my $action = ( $c->param('action') || '' );
+    $f2b_datas{ip}     = $c->param('Ip');
+    $f2b_datas{bits}   = $c->param('Bits');
+
+    # controls
+    $res = ip_number_or_blank( $c, $f2b_datas{ip} );
+    $result .= $res . " <br>" if ( $res ne 'OK' );
+
+    $res = subnet_mask_bit( $c, $f2b_datas{bit} );
+    $result .= $res . " <br>" if ( $res ne 'OK' );
+
+    $res = validate_network_and_mask( $c, $f2b_datas{ip}, $f2b_datas{bits} );
+    $result .= $res . " <br>" if ( $res ne 'OK' );
+
+    #$result .= 'Blocked for testing d_a ! No updates for now '; # if $action;
+
+    $res = '';
+    if ( ! $result ) {
+        $res = $c->do_changes();
+        $result .= $res unless $res eq 'OK';
+        if ( ! $result ) { 
+           $result = $c->l('f2b_SUCCESS'); 
+        }
+    }
+
+    $c->stash( title => $title, f2b_datas => \%f2b_datas );
+    if ($res ne 'OK') {
+       $c->stash( error => $result );
+       return $c->render('fail2ban');
+    }
+
+    my $message = 'fail2ban updates DONE';
+    $c->app->log->info($message);
+    $c->flash( success => $result );
+    #$c->flash( error => " No changes applied !!" );
+
+    #return to 'fail2ban' route !!!
+    $c->redirect_to('/fail2ban');
+
+};
+
+
+sub do_action_get {
+
+    my $c = shift;
+    $c->app->log->info($c->log_req);
+
+    my ($res, $result) = '';
+
+    # controls
+
+    my $action = ($c->param('action') || '');
+    $result .= $c->l('f2b_ERROR_UPDATING') . " action: $action <br>"
+       unless ($action eq 'RemoveIP');
+
+    my $ip = ($c->param('IP') || ''); 
+    my $whitelist = ($c->param('Whitelist'))? 'true' : 'false';
+
+    #check ip
+    my $validator=Data::Validate::IP->new;
+    $result .= $c->l('f2b_ERROR_STOPPING') . " IP: $ip <br>"
+       unless ($validator->is_ipv4($ip));
+    $ip = $validator->is_ipv4($ip);
+
+    # validate and untaint jail
+    my $jail = ($c->param('Jail') || '');
+    # could be [a-zA-Z0-9_\-]
+    $jail = $jail =~ /([a-zA-Z0-9_\-]+)/ ? $1 : undef; 
+    $result .= $c->l('f2b_ERROR_UPDATING') . " jail: $jail <br>"
+       unless $jail;
+
+    #$result .= 'Blocked for testing d_a_g ! No updates for now '; # if $action;
+
+    $res = '';
+    if ( ! $result ) {
+        $res = $c->RemoveIP( $ip, $whitelist, $jail );
+        $result .= $res unless $res eq 'OK';
+        if ( ! $result ) { 
+           if ($whitelist eq "true" ) {
+           $result = $c->l('f2b_SUCCESS_IP_WHITE')." : $ip";
+           } else {
+           $result = $c->l('f2b_SUCCESS_IP')." : $ip";
+           }
+        }
+    }
+
+    if ($res ne 'OK') {
+       $c->flash( error => $result );
+    } else {
+        my $message = "fail2ban removeip $ip DONE";
+       $c->app->log->info($message);
+       $c->flash( success => $result );
+    }
+
+    $c->redirect_to('/fail2ban');
+
+};
+
+
+sub do_changes {
+
+    my $c = shift;
+    my %conf;
+
+    # Don't process the form unless we clicked the Save button. The event is
+    # called even if we chose the Remove link or the Add link.
+
+    my $ip = ($c->param ('Ip') || '');
+    my $status = ($c->param ('Status') || 'status');
+    my $FilterLocalNetworks = ($c->param ('FilterLocalNetworks') || "enabled");
+    my $FilterValidRemoteHosts= ($c->param ('FilterValidRemoteHosts') || "enabled");
+    my $Mail= ($c->param ("Mail") || "enabled");
+    my $BanTime= ($c->param ("BanTime") || '1800');
+    my $FindTime= ($c->param ("FindTime") || '900');
+    my $MaxRetry= ($c->param ("MaxRetry") ||  '3');
+
+    # those are stored in a different key dedicated to the service
+    my %services;
+    $services{'sshd'}= ($c->param ("Sshd") ||'enabled');
+    $services{'qpsmtpd'}= ($c->param ("Qpsmtpd") ||'enabled');
+    $services{'dovecot'}= ($c->param ("Dovecot") ||'enabled');
+    $services{'httpd-e-smith'}= ($c->param ("Httpd-e-smith") ||'enabled');
+    $services{'ftp'}= ($c->param ("Ftp") ||'enabled');
+    $services{'lemonldap'}= ($c->param ("Lemonldap") ||'enabled');
+    $services{'ejabberd'}= ($c->param ("Ejabberd" ) ||'enabled');
+    $services{'sogod'}= ($c->param ("Sogod" ) ||'enabled');
+    $services{'wordpress'}= ($c->param ("Wordpress") ||'enabled');
+    $services{'smanager'}= ($c->param ("Smanager") ||'enabled');
+
+
+    #------------------------------------------------------------
+    # Looks good; go ahead and change the access.
+    #------------------------------------------------------------
+
+    my $rec = $cdb->get('fail2ban');
+    if ($rec) {
+       $rec->set_prop('status', $status);
+       # unless prop empty and value eq default
+       $rec->set_prop('FilterLocalNetworks', $FilterLocalNetworks) 
+           unless ( ! $cdb->get_prop('fail2ban','FilterLocalNetworks') 
+               && $FilterLocalNetworks eq $defaultval{'FilterLocalNetworks'}  );
+       $rec->set_prop('FilterValidRemoteHosts', $FilterValidRemoteHosts) 
+           unless ( ! $cdb->get_prop('fail2ban','FilterValidRemoteHosts') 
+               && $FilterValidRemoteHosts  eq $defaultval{'FilterValidRemoteHosts'}  );
+       $rec->set_prop('Mail', $Mail)
+            unless ( ! $cdb->get_prop('fail2ban','Mail') && $Mail eq $defaultval{'Mail'}  );
+       $rec->set_prop('BanTime', $BanTime) 
+           unless ( ! $cdb->get_prop('fail2ban','BanTime') && $BanTime eq $defaultval{'BanTime'}  );
+        $rec->set_prop('FindTime', $FindTime) 
+           unless ( ! $cdb->get_prop('fail2ban','FindTime') && $FindTime eq $defaultval{'FindTime'}  );
+        $rec->set_prop('MaxRetry', $MaxRetry) 
+           unless ( ! $cdb->get_prop('fail2ban','MaxRetry') && $MaxRetry eq $defaultval{'MaxRetry'}  );
+    }
+    # for the 9 services update unless key does not exist and property does not exist and value eq default
+    foreach my $key (keys %services) {
+        if ($key eq "wordpress") {
+                $rec = $cdb->get('fail2ban');
+                my $getprop = $cdb->get_prop('fail2ban',$key) || "";
+                $rec->set_prop($key, $services{$key}  ) 
+                   unless ( ! $rec || (! $cdb->get_prop('fail2ban', $key) && $services{$key} eq $defaultval{$key} )  );
+        } else {
+                $rec = $cdb->get($key);
+                my $getprop = $cdb->get_prop($key,'Fail2Ban') || "";
+                $rec->set_prop('Fail2Ban', $services{$key}  ) 
+                   unless ( ! $rec || (! $cdb->get_prop($key,'Fail2Ban') && $services{$key} eq $defaultval{$key} )  );
+        }
+    }
+
+# ?? this seems to prevent reload of service if we update something and remove or add an ip... ??
+    $c->add_new_valid_from;
+    $c->remove_valid_from;
+
+    unless ( system( "/sbin/e-smith/signal-event", "fail2ban-update" ) == 0 ) {
+       return $c->l('f2b_ERROR_UPDATING');
+    }
+
+    unless ( system( "/sbin/e-smith/signal-event", "fail2ban-conf" ) == 0 ) {
+       return $c->l('f2b_ERROR_UPDATING');
+    }
+
+    if ( $rec->prop('status') eq 'disabled' ) {
+        unless ( `/etc/init.d/fail2ban stop`  ) {
+           return $c->l('f2b_ERROR_STOPPING');
+        }
+    }
+
+    return 'OK';
+}
+
+
+# RemoveIP after validation
+sub RemoveIP {
+
+    my ( $c, $ip, $whitelist, $jail ) = @_;
+
+    unless ( system( "/usr/bin/fail2ban-client set $jail unbanip  $ip ".' >/dev/null 2>&1'  ) == 0 ) {
+           return $c->l('f2b_ERROR_UPDATING');
+    }
+
+    if ($whitelist eq 'true' ) {
+       # add $ip to whitelist for the current $jail
+       warn "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP  `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32";
+       unless ( system( "/sbin/e-smith/db configuration setprop fail2ban  IgnoreIP  `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32 ".' >/dev/null 2>&1'  ) == 0 
+       && system( "/usr/bin/fail2ban-client reload ".' >/dev/null 2>&1'  ) == 0 
+       ) {
+           return $c->l('f2b_ERROR_UPDATING_WHITE');
+        }
+    }
+
+    return 'OK';
+
+}
+
+
+sub add_new_valid_from {
+
+    my $c = shift;
+
+    my $ip = $c->param('Ip');
+    my $bits = $c->param('Bits');
+
+    # do nothing if no ip was added
+    return 1 unless ($ip);
+
+    my $rec = $cdb->get('fail2ban');
+    return $c->l('f2b_ERR_NO_RECORD') unless $rec;
+
+    my $prop = $rec->prop('IgnoreIP') || '';
+
+    my @vals = split /,/, $prop;
+    return '' if (grep /^$ip\/$bits$/, @vals); # already have this entry
+
+    if ($prop ne '') {
+        $prop .= ",$ip/$bits";
+    } else {
+        $prop = "$ip/$bits";
+    }
+
+    $rec->set_prop('IgnoreIP', $prop);
+
+    return 1;
+}
+
+
+sub remove_valid_from {
+
+    my $c = shift;
+
+    my @remove = @{$c->every_param('ValidFromRemove')};
+    return 1 unless @remove;
+
+    my @vals = @{$c->get_valid_from()};
+    unless (@vals) {
+        print STDERR "ERROR: unable to load IgnoreIP property from conf db\n";
+        return undef;
+    }
+
+    #$c->app->log->debug("remo: " . $c->dumper(\@remove) .' vals: '. $c->dumper(\@vals));
+
+    foreach my $entry (@remove) {
+        @vals = (grep { $entry ne $_ } @vals);
+    }
+
+    my $prop = '';
+    $prop = join(',', @vals) if @vals;
+
+    $cdb->get('fail2ban')->set_prop('IgnoreIP', $prop);
+
+    return 1;
+}
+
+
+sub ip_number_or_blank {
+
+    my $c = shift;
+    my $ip = shift;
+
+    if (!defined($ip) || $ip eq "") {
+        return 'OK';
+    }
+    $c->ip_number( $ip );
+}
+
+
+sub subnet_mask_bit {
+
+    my ($c, $mask) = @_;
+
+    my @allowed = (8,9,12,14,16,17,20,22,24,25,28,30,32);
+
+    if ( !defined($mask) || $mask eq "" || grep( /^$mask$/, @allowed ) ) {
+        return "OK";
+    }
+    return $c->l('f2b_INVALID_SUBNET_MASK');
+}
+
+
+sub validate_network_and_mask {
+
+  my $c = shift;
+  my $net = shift || "";
+  my $mask = shift || "";
+
+#  my $net = $c->param('Ip') || "";
+  if ($net xor $mask) {
+    return $c->l('f2b_ERR_INVALID_PARAMS');
+  }
+
+  return 'OK';
+}
+
+
+sub get_prop {
+
+#    my $c   = shift;
+    my $item = shift;
+    my $prop = shift;
+    my $value = $cdb->get_prop($item, $prop) || '';
+    if ( $value eq "" && exists($defaultval{$prop})  && $item eq "fail2ban") {
+       $value=$defaultval{$prop};
+    } elsif ( $value eq "" && exists($defaultval{$item}) && $prop eq "Fail2Ban" && $item ne "fail2ban" ) {
+        $value=$defaultval{$item};
+    }
+
+    return $value;
+}
+
+
+sub get_valid_from {
+
+    my $c = shift;
+    my @vals_sorted = ();
+
+    my $rec = $cdb->get('fail2ban');
+    if ( $rec ) {
+        my @vals = (split ',', $rec->prop('IgnoreIP'));
+        @vals_sorted = sort ip_sort @vals if @vals;
+#      @vals_sorted = @vals;
+    }
+
+    return \@vals_sorted;
+}
+
+
+sub get_current_deny {
+
+    my $c = shift;
+
+    my @cdeny = `/usr/bin/sfail2ban`;
+
+    return \@cdeny
+}
+
+
+sub ip_sort(@) {
+    return esmith::util::IPquadToAddr($a) <=> esmith::util::IPquadToAddr($b);
+}
+
+
+1;
+
diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex smeserver-fail2ban-0.1.18/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex
--- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex     1970-01-01 04:00:00.000000000 +0400
+++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/lib/SrvMngr/I18N/Modules/Fail2ban/fail2ban_en.lex 2021-07-08 20:58:49.795000000 +0400
@@ -0,0 +1,56 @@
+'f2b_FORM_TITLE' => 'Fail2ban service',
+'f2b_SERVICE_STATUS' => 'Fail2ban service status.',
+'f2b_STATUS' => 'Status',
+'f2b_FilterLocalNetworks_STATUS' => 'Whitelist all the local network defined.',
+'f2b_FilterLocalNetworks' => 'FilterLocalNetworks status',
+'f2b_FilterValidRemoteHosts_STATUS' => 'Whitelist all the authorized remote hosts allowed to acces server-manager.',
+'f2b_FilterValidRemoteHosts' => 'FilterValidRemoteHosts status',
+'f2b_SEND_MAIL_STATUS' => 'Status of qmail jail',
+'f2b_MAIL' => 'Mail',
+'f2b_BANTIME' => 'Set the default ban time for jails (Initial default is 1800 seconds).',
+'f2b_DEFAULT_BANTIME' => 'Bantime',
+'f2b_FINDTIME' => '>Set the default find time for jails (Initial default is 900 seconds).',
+'f2b_DEFAULT_FINDTIME' => 'Findtime',
+'f2b_MAXRETRY' => 'Set the default max retry allowed before being ban (Initial default is 3).',
+'f2b_DEFAULT_MAXRETRY' => 'Maxretry',
+'f2b_SSHD_STATUS' => 'Status of sshd jail.',
+'f2b_SSHD' => 'sshd',
+'f2b_QPSMTPD_STATUS' => 'Status of qpsmtpd (incoming emails) jail.',
+'f2b_QPSMTPD' => 'qpsmtpd',
+'f2b_IMAP_STATUS' => 'Status of dovecot (imap service to retrieve emails) jail.',
+'f2b_IMAP' => 'dovecot',
+'f2b_HTTPD_STATUS' => 'Status of httpd jails. Multiple features are enabled at once there.',
+'f2b_HTTPD' => 'httpd',
+'f2b_FTP_STATUS' => 'Status of proftpd jail.',
+'f2b_FTP' => 'proftpd',
+'f2b_LEMONLDAP_STATUS' => 'Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled.',
+'f2b_LEMONLDAP' => 'LemonLDAP',
+'f2b_EJABBERD_STATUS' => 'Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled.',
+'f2b_EJABBERD' => 'ejabberd',
+'f2b_SOGOD_STATUS' => 'Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled.',
+'f2b_SOGOD' => 'Sogo',
+'f2b_WORDPRESS_STATUS' => 'Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances.',
+'f2b_WORDPRESS' => 'Wordpress',
+'f2b_SMANAGER_STATUS' => 'Status of smanager jails. You need to activate it manually if you install it after fail2ban.',
+'f2b_SMANAGER' => 'Smanager',
+'f2b_VALIDFROM_TITLE' => 'Allowed Hosts',
+'f2b_VALIDFROM_DESC' => 'This is a list of hosts that will not be blocked by fail2ban.',
+'f2b_NO_ENTRIES_YET' => 'No Entries Yet',
+'f2b_DESC_ADD_IP' => 'To add a new allowed network, enter the details below.',
+'f2b_ADD_IP' => 'Authorized network',
+'f2b_DESC_ADD_BITS' => 'To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32).',
+'f2b_ADD_BITS' => 'Authorized network subnet',
+'f2b_CURRENT_DENY_TITLE' => 'Blocked Hosts',
+'f2b_CURRENT_DENY_DESC' => 'This is a list of hosts that are currently blocked.',
+'f2b_JAIL' => 'Jail',
+'f2b_FIRST_SEEN' => 'Host first seen',
+'f2b_SUCCESS' => 'The new fail2ban settings have been saved.',
+'f2b_ERR_NO_RECORD' => 'Unable to locate fail2ban record in configuration db',
+'f2b_ERROR_STOPPING' => 'Error while trying to stop service',
+'f2b_SUCCESS_IP' => 'The following IP has been unbanned',
+'f2b_WHITELIST' => 'Whitelist',
+'f2b_SUCCESS_IP_WHITE' => 'The following IP has been unbanned and whitelisted',
+'f2b_ERROR_UPDATING' => 'Unable to unban',
+'f2b_ERROR_UPDATING_WHITE' => 'Unable to unban and whitelist',
+'f2b_ERR_INVALID_PARAMS' => 'Invalid network parameters',
+'f2b_INVALID_SUBNET_MASK' => 'Invalid subnet mask',
diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep
--- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep     1970-01-01 04:00:00.000000000 +0400
+++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/fail2ban.html.ep 2021-07-08 20:34:31.468000000 +0400
@@ -0,0 +1,180 @@
+% layout 'default', title => "Sme server 2 - fail2ban";
+
+% content_for 'module' => begin
+
+<div id="module">
+
+    %if ($config->{debug} == 1) {
+       <p>
+       %= dumper $c->current_route
+       %= dumper $f2b_datas
+       </p>
+    %}
+
+    % if ( stash 'error' ) {
+       <br><div class=sme-error>
+       %= $c->render_to_string(inline => stash 'error') 
+       </div>
+    %}
+
+    <h1><%= $title %></h1>
+
+  %= form_for '/fail2ban' => (method => 'POST') => begin
+    <p>
+    %=l('f2b_SERVICE_STATUS')
+    <br><span class=label>
+    %=l 'f2b_STATUS'
+    </span><span class=input>
+    % param 'Status' => $f2b_datas->{status} unless param 'Status';
+    %= select_field 'Status' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_FilterLocalNetworks_STATUS')
+    <br><span class=label>
+    %=l 'f2b_FilterLocalNetworks'
+    </span><span class=input>
+    % param 'FilterLocalNetworks' => $f2b_datas->{filterlocalnetworks} unless param 'FilterLocalNetworks';
+    %= select_field 'FilterLocalNetworks' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_FilterValidRemoteHosts_STATUS')
+    <br><span class=label>
+    %=l 'f2b_FilterValidRemoteHosts'
+    </span><span class=input>
+    % param 'FilterValidRemoteHosts' => $f2b_datas->{filtervalidremotehosts} unless param 'FilterValidRemoteHosts';
+    %= select_field 'FilterValidRemoteHosts' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_SEND_MAIL_STATUS')
+    <br><span class=label>
+    %=l 'f2b_MAIL'
+    </span><span class=input>
+    % param 'Mail' => $f2b_datas->{mail} unless param 'Mail';
+    %= select_field 'Mail' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p><span class=label>
+    %=l 'f2b_DEFAULT_BANTIME'
+    </span><span class=input>
+    % param 'BanTime' => $f2b_datas->{bantime} unless param 'BanTime';
+    %= text_field 'BanTime', size => '9', class => 'input'
+    </span><span class=label2>
+    %=l 'f2b_DEFAULT_FINDTIME'
+    </span><span class=input>
+    % param 'FindTime' => $f2b_datas->{findtime} unless param 'FindTime';
+    %= text_field 'FindTime', size => '6', class => 'input'
+    </span><span class=label2>
+    %=l 'f2b_DEFAULT_MAXRETRY'
+    </span><span class=input>
+    % param 'MaxRetry' => $f2b_datas->{maxretry} unless param 'MaxRetry';
+    %= text_field 'MaxRetry', size => '2', class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_SSHD_STATUS')
+    <br><span class=label>
+    %=l 'f2b_SSHD'
+    </span><span class=input>
+    % param 'Sshd' => $f2b_datas->{sshd} unless param 'Sshd';
+    %= select_field 'Sshd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p><p>
+    %=l('f2b_QPSMTPD_STATUS')
+    <br><span class=label>
+    %=l 'f2b_QPSMTPD'
+    </span><span class=input>
+    % param 'Qpsmtpd' => $f2b_datas->{qpsmtpd} unless param 'Qpsmtpd';
+    %= select_field 'Qpsmtpd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_IMAP_STATUS')
+    <br><span class=label>
+    %=l 'f2b_IMAP'
+    </span><span class=input>
+    % param 'Dovecot' => $f2b_datas->{dovecot} unless param 'Dovecot';
+    %= select_field 'Dovecot' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_HTTPD_STATUS')
+    <br><span class=label>
+    %=l 'f2b_HTTPD'
+    </span><span class=input>
+    % param 'Httpd-e-smith' => $f2b_datas->{'httpd-e-smith'} unless param 'Httpd-e-smith';
+    %= select_field 'Httpd-e-smith' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_FTP_STATUS')
+    <br><span class=label>
+    %=l 'f2b_FTP'
+    </span><span class=input>
+    % param 'Ftp' => $f2b_datas->{ftp} unless param 'Ftp';
+    %= select_field 'Ftp' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_LEMONLDAP_STATUS')
+    <br><span class=label>
+    %=l 'f2b_LEMONLDAP'
+    </span><span class=input>
+    % param 'Lemonldap' => $f2b_datas->{lemonldap} unless param 'Lemonldap';
+    %= select_field 'Lemonldap' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_EJABBERD_STATUS')
+    <br><span class=label>
+    %=l 'f2b_EJABBERD'
+    </span><span class=input>
+    % param 'Ejabberd' => $f2b_datas->{ejabberd} unless param 'Ejabberd';
+    %= select_field 'Ejabberd' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_SOGOD_STATUS')
+    <br><span class=label>
+    %=l 'f2b_SOGOD'
+    </span><span class=input>
+    % param 'Sogod' => $f2b_datas->{sogod} unless param 'Sogod';
+    %= select_field 'Sogod' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_WORDPRESS_STATUS')
+    <br><span class=label>
+    %=l 'f2b_WORDPRESS'
+    </span><span class=input>
+    % param 'Wordpress' => $f2b_datas->{wordpress} unless param 'Wordpress';
+    %= select_field 'Wordpress' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_SMANAGER_STATUS')
+    <br><span class=label>
+    %=l 'f2b_SMANAGER'
+    </span><span class=input>
+    % param 'Smanager' => $f2b_datas->{smanager} unless param 'Smanager';
+    %= select_field 'Smanager' => [[(l 'DISABLED') => 'disabled'], [(l 'ENABLED') => 'enabled']], class => 'input'
+    </span></p>
+
+    %= include 'partials/_f2b_valid'
+
+    <p>
+    %=l('f2b_DESC_ADD_IP')
+    <br><span class=label>
+    %=l 'f2b_ADD_IP'
+    </span><span class=input>
+    % param 'Ip' => $f2b_datas->{ip} unless param 'Ip';
+    %= text_field 'Ip', class => 'input'
+    </span></p>
+    <p>
+    %=l('f2b_DESC_ADD_BITS')
+    <br><span class=label>
+    %=l 'f2b_ADD_BITS'
+    </span><span class=input>
+    % param 'Bits' => $f2b_datas->{bits} unless param 'Bits';
+    %= text_field 'Bits', class => 'input'
+    </span></p>
+
+    <div class='center'>
+    %= submit_button $c->l('SAVE'), class => 'action'
+    </div>
+
+  % end
+
+    %= include 'partials/_f2b_blocked'
+
+</div>
+
+%end
diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep
--- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep        1970-01-01 04:00:00.000000000 +0400
+++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/partials/_f2b_blocked.html.ep    2021-07-02 19:28:29.000000000 +0400
@@ -0,0 +1,47 @@
+<div id="f2b_blocked">
+    <hr class='sectionbar' /><h2>
+    %=l 'f2b_CURRENT_DENY_TITLE'
+    </h2><p>
+    %=l 'f2b_CURRENT_DENY_DESC'
+    </p>
+
+    % my @denys = @{$c->get_current_deny()};
+    % if ($config->{debug} == 1) {
+       <p><%= dumper @denys %></p>
+    % }
+
+    %  if ( @denys ) {
+       <p>
+       <table class="sme-border"><tbody>
+       <tr><th class='sme-border'>
+           %=l 'IP_ADDRESS'
+           </th><th class='sme-border'>
+           %=l 'f2b_JAIL'
+           </th><th class='sme-border'>
+           %=l 'ACTION'
+       </th></tr>
+    %    foreach my $sval ( @denys) {
+    %      my @ssval = split(':',$sval);
+    %      my $curjail = $ssval[0];
+    %      $curjail =~ s/^\s//;
+    %      my @ssvalip = split(' ',$ssval[1]);
+    %      foreach my $sssval (@ssvalip) {
+    %          my $ip=$sssval;
+    %          my $action3 = "<a href=\"fail2ban2?action=RemoveIP".
+    %                  "&IP=$ip&Jail=$curjail\">".$c->l('REMOVE')."</a>" .
+    %                   " <a href=\"fail2ban2?action=RemoveIP&IP=$ip" .
+    %                   "&Jail=$curjail&Whitelist=true\">".$c->l('WHITELIST')."</a>" ;
+               <tr>
+               %= t td => (class => 'sme-border') => "$ip"
+               %= t td => (class => 'sme-border') => "$curjail"
+               <td class='sme-border'><%= $c->render_to_string(inline => $action3) %></td>
+               </tr>
+    %      }
+    %    }
+       </tbody></table></span></p>
+    %  } else {
+       <b>
+        %=l 'f2b_NO_ENTRIES_YET';
+        </b>
+    %  }
+</div>
diff -urN smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep
--- smeserver-fail2ban-0.1.18.old/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep  1970-01-01 04:00:00.000000000 +0400
+++ smeserver-fail2ban-0.1.18/root/usr/share/smanager/themes/default/templates/partials/_f2b_valid.html.ep      2021-06-30 20:15:59.000000000 +0400
@@ -0,0 +1,35 @@
+<div id="f2b_valid">
+    <hr class='sectionbar' /><h2>
+    %=l 'f2b_VALIDFROM_TITLE'
+    </h2><p>
+    %=l 'f2b_VALIDFROM_DESC'
+    </p>
+    %  my @valids = @{$c->get_valid_from()};
+    %  if ( @valids ) {
+       <p>
+       <table class="sme-border"><tbody>
+       <tr><th class='sme-border'>
+           %=l 'NETWORK'
+           </th><th class='sme-border'>
+           %=l 'REMOVE'
+       </th></tr>
+    %    foreach my $v ( @valids) {
+    %        my $checked = '';
+           <tr>
+            %= t td => (class => 'sme-border') => "$v"
+           <td class='sme-border'>
+           % if ( $checked eq 'checked' ) {
+               <input type='checkbox' name='ValidFromRemove' checked value='<%= $v %>'>
+           %} else {
+               %= check_box 'ValidFromRemove' => $v
+           %}
+           </td>
+       </tr>
+    %    }
+       </tbody></table></span></p>
+    %  } else {
+       <b>
+        %=l 'f2b_NO_ENTRIES_YET';
+        </b>
+    %  }
+</div>