/[smecontribs]/rpms/smeserver-fail2ban/contribs9/smeserver-fail2ban-0.1.18.bz10767-adminpanel.patch
ViewVC logotype

Contents of /rpms/smeserver-fail2ban/contribs9/smeserver-fail2ban-0.1.18.bz10767-adminpanel.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Wed Apr 10 03:26:12 2019 UTC (5 years, 6 months ago) by jpp
Branch: MAIN
CVS Tags: smeserver-fail2ban-0_1_18-2_el6_sme
Changes since 1.1: +14 -5 lines
* Tue Apr 09 2019 Jean-Philipe Pialasse <tests@pialasse.com> 0.1.18-2.sme
- add admin panel [SME: 10767]
- add wordpress jails and filters [SME: 9709]

1 diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/fail2ban smeserver-fail2ban-0.1.18/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/fail2ban
2 --- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/fail2ban 1969-12-31 19:00:00.000000000 -0500
3 +++ smeserver-fail2ban-0.1.18/root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/fail2ban 2019-04-09 22:32:20.723000000 -0400
4 @@ -0,0 +1,190 @@
5 +<lexicon lang="en-us">
6 + <entry>
7 + <base>SERVICE_STATUS</base>
8 + <trans>Fail2ban service status.</trans>
9 + </entry>
10 + <entry>
11 + <base>STATUS</base>
12 + <trans>Status</trans>
13 + </entry>
14 + <entry>
15 + <base>FilterLocalNetworks_STATUS</base>
16 + <trans>Whitelist all the local network defined.</trans>
17 + </entry>
18 + <entry>
19 + <base>FilterLocalNetworks</base>
20 + <trans>FilterLocalNetworks status</trans>
21 + </entry>
22 + <entry>
23 + <base>FilterValidRemoteHosts_STATUS</base>
24 + <trans>Whitelist all the authorized remote hosts allowed to acces server-manager.</trans>
25 + </entry>
26 + <entry>
27 + <base>FilterValidRemoteHosts</base>
28 + <trans>FilterValidRemoteHosts status</trans>
29 + </entry>
30 + <entry>
31 + <base>BANTIME</base>
32 + <trans>Set the default ban time for jails (Initial default is 1800 seconds).</trans>
33 + </entry>
34 + <entry>
35 + <base>DEFAULT_BANTIME</base>
36 + <trans>Bantime</trans>
37 + </entry>
38 + <entry>
39 + <base>FINDTIME</base>
40 + <trans>>Set the default find time for jails (Initial default is 900 seconds).</trans>
41 + </entry>
42 + <entry>
43 + <base>DEFAULT_FINDTIME</base>
44 + <trans>Findtime</trans>
45 + </entry>
46 + <entry>
47 + <base>MAXRETRY</base>
48 + <trans>Set the default max retry allowed before being ban (Initial default is 3).</trans>
49 + </entry>
50 + <entry>
51 + <base>DEFAULT_MAXRETRY</base>
52 + <trans>Maxretry</trans>
53 + </entry>
54 + <entry>
55 + <base>SSHD_STATUS</base>
56 + <trans>Status of sshd jail.</trans>
57 + </entry>
58 + <entry>
59 + <base>SSHD</base>
60 + <trans>sshd</trans>
61 + </entry>
62 + <entry>
63 + <base>QPSMTPD_STATUS</base>
64 + <trans>Status of qpsmtpd (incoming emails) jail.</trans>
65 + </entry>
66 + <entry>
67 + <base>QPSMTPD</base>
68 + <trans>qpsmtpd</trans>
69 + </entry>
70 + <entry>
71 + <base>IMAP_STATUS</base>
72 + <trans>Status of dovecot (imap service to retrieve emails) jail.</trans>
73 + </entry>
74 + <entry>
75 + <base>IMAP</base>
76 + <trans>dovecot</trans>
77 + </entry>
78 + <entry>
79 + <base>HTTPD_STATUS</base>
80 + <trans>Status of httpd jails. Multiple features are enabled at once there.</trans>
81 + </entry>
82 + <entry>
83 + <base>HTTPD</base>
84 + <trans>httpd</trans>
85 + </entry>
86 + <entry>
87 + <base>FTP_STATUS</base>
88 + <trans>Status of proftpd jail.</trans>
89 + </entry>
90 + <entry>
91 + <base>FTP</base>
92 + <trans>proftpd</trans>
93 + </entry>
94 + <entry>
95 + <base>LEMONLDAP_STATUS</base>
96 + <trans>Status of LemonLDAP jail, if installed. Nothing is running if LemonLDAP is not installed or disabled.</trans>
97 + </entry>
98 + <entry>
99 + <base>LEMONLDAP</base>
100 + <trans>LemonLDAP</trans>
101 + </entry>
102 + <entry>
103 + <base>EJABBERD_STATUS</base>
104 + <trans>Status of ejabberd jail, if installed. Nothing is running if ejabberd is not installed or disabled.</trans>
105 + </entry>
106 + <entry>
107 + <base>EJABBERD</base>
108 + <trans>ejabberd</trans>
109 + </entry>
110 + <entry>
111 + <base>SOGOD_STATUS</base>
112 + <trans>Status of SOGO jail, if installed. Nothing is running if SOGO is not installed or disabled.</trans>
113 + </entry>
114 + <entry>
115 + <base>SOGOD</base>
116 + <trans>SOGO</trans>
117 + </entry>
118 + <entry>
119 + <base>WORDPRESS_STATUS</base>
120 + <trans>Status of wordpress jails. You need to activate it manually whether you have it in an ibay or use the contrib. Please also install the plugin in all your wordpress instances.</trans>
121 + </entry>
122 + <entry>
123 + <base>WORDPRESS</base>
124 + <trans>wordpress</trans>
125 + </entry>
126 + <entry>
127 + <base>VALIDFROM_DESC</base>
128 + <trans>
129 + <![CDATA[ <hr class="sectionbar" /><h2>Allowed Hosts</h2>
130 + <p>This is a list of hosts that will not be blocked by fail2ban.</p>
131 + ]]>
132 + </trans>
133 + </entry>
134 + <entry>
135 + <base>NO_ENTRIES_YET</base>
136 + <trans>No Entries Yet</trans>
137 + </entry>
138 + <entry>
139 + <base>DESC_ADD_IP</base>
140 + <trans>To add a new allowed network, enter the details below.</trans>
141 + </entry>
142 + <entry>
143 + <base>ADD_IP</base>
144 + <trans>Authorized network</trans>
145 + </entry>
146 + <entry>
147 + <base>DESC_ADD_BITS</base>
148 + <trans>To add a new allowed network, enter the associated subnet using bits eg 22, 25 or 32).</trans>
149 + </entry>
150 + <entry>
151 + <base>ADD_BITS</base>
152 + <trans>Authorized network subnet</trans>
153 + </entry>
154 + <entry>
155 + <base>CURRENT_DENY_DESC</base>
156 + <trans>
157 + <![CDATA[ <h2>Blocked Hosts</h2>
158 + <p>This is a list of hosts that are currently blocked.
159 + ]]>
160 + </trans>
161 + </entry>
162 + <entry>
163 + <base>FIRST_SEEN</base>
164 + <trans>Host first seen</trans>
165 + </entry>
166 + <entry>
167 + <base>SUCCESS</base>
168 + <trans>The new fail2ban settings have been saved.</trans>
169 + </entry>
170 + <entry>
171 + <base>ERR_NO_RECORD</base>
172 + <trans>Unable to locate fail2ban record in configuration db</trans>
173 + </entry>
174 + <entry>
175 + <base>ERROR_STOPPING</base>
176 + <trans>Error while trying to stop service</trans>
177 + </entry>
178 + <entry>
179 + <base>SUCCESS_IP</base>
180 + <trans>The following IP has been unbanned</trans>
181 + </entry>
182 + <entry>
183 + <base>SUCCESS_IP_WHITE</base>
184 + <trans>The following IP has been unbanned and whitelisted</trans>
185 + </entry>
186 + <entry>
187 + <base>ERROR_UPDATING</base>
188 + <trans>Unable to unban</trans>
189 + </entry>
190 + <entry>
191 + <base>ERROR_UPDATING_WHITE</base>
192 + <trans>Unable to unban and whitelist</trans>
193 + </entry>
194 +</lexicon>
195 diff -Nur smeserver-fail2ban-0.1.18.old/root/etc/e-smith/web/functions/fail2ban smeserver-fail2ban-0.1.18/root/etc/e-smith/web/functions/fail2ban
196 --- smeserver-fail2ban-0.1.18.old/root/etc/e-smith/web/functions/fail2ban 1969-12-31 19:00:00.000000000 -0500
197 +++ smeserver-fail2ban-0.1.18/root/etc/e-smith/web/functions/fail2ban 2019-04-09 22:33:38.413000000 -0400
198 @@ -0,0 +1,143 @@
199 +#!/usr/bin/perl -wT
200 +# vim: ft=xml ts=8 sw=4 noet:
201 +#----------------------------------------------------------------------
202 +# heading : Security
203 +# description : Fail2Ban
204 +# navigation : 5000 5250
205 +#----------------------------------------------------------------------
206 +
207 +use strict;
208 +use esmith::FormMagick::Panel::fail2ban;
209 +my $f = esmith::FormMagick::Panel::fail2ban->new();
210 +$f->display();
211 +
212 +__DATA__
213 +<form title="Fail2Ban" header="/etc/e-smith/web/common/head.tmpl"
214 + footer="/etc/e-smith/web/common/foot.tmpl">
215 + <page name="First" post-event="change_settings()"
216 + pre-event="print_status_message()">
217 +
218 + <field type="select" id="status"
219 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
220 + value="get_prop('fail2ban', 'status')">
221 + <label>STATUS</label>
222 + <description>SERVICE_STATUS</description>
223 + </field>
224 + <field type="select" id="FilterLocalNetworks"
225 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
226 + value="get_prop('fail2ban', 'FilterLocalNetworks')">
227 + <label>FilterLocalNetworks</label>
228 + <description>FilterLocalNetworks_STATUS</description>
229 + </field>
230 + <field type="select" id="FilterValidRemoteHosts"
231 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
232 + value="get_prop('fail2ban', 'FilterValidRemoteHosts')">
233 + <label>FilterValidRemoteHosts</label>
234 + <description>FilterValidRemoteHosts_STATUS</description>
235 + </field>
236 +
237 + <field type="select" id="Mail"
238 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
239 + value="get_prop('fail2ban', 'Mail')">
240 + <label>MAIL</label>
241 + <description>SEND_MAIL_STATUS</description>
242 + </field>
243 +
244 + <field type="text" id="BanTime" value="get_prop('fail2ban', 'BanTime')"
245 + validation="">
246 + <description>BANTIME</description>
247 + <label>DEFAULT_BANTIME</label>
248 + </field>
249 +
250 + <field type="text" id="FindTime" value="get_prop('fail2ban', 'FindTime')"
251 + validation="">
252 + <description>FINDTIME</description>
253 + <label>DEFAULT_FINDTIME</label>
254 + </field>
255 + <field type="text" id="MaxRetry" value="get_prop('fail2ban', 'MaxRetry')"
256 + validation="">
257 + <description>MAXRETRY</description>
258 + <label>DEFAULT_MAXRETRY</label>
259 + </field>
260 +
261 + <field type="select" id="sshd"
262 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
263 + value="get_prop('sshd', 'Fail2Ban')">
264 + <label>SSHD</label>
265 + <description>SSHD_STATUS</description>
266 + </field>
267 + <field type="select" id="qpsmtpd"
268 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
269 + value="get_prop('qpsmtpd', 'Fail2Ban')">
270 + <label>QPSMTPD</label>
271 + <description>QPSMTPD_STATUS</description>
272 + </field>
273 + <field type="select" id="dovecot"
274 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
275 + value="get_prop('dovecot', 'Fail2Ban')">
276 + <label>IMAP</label>
277 + <description>IMAP_STATUS</description>
278 + </field>
279 + <field type="select" id="httpd-e-smith"
280 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
281 + value="get_prop('httpd-e-smith', 'Fail2Ban')">
282 + <label>HTTPD</label>
283 + <description>HTTPD_STATUS</description>
284 + </field>
285 + <field type="select" id="ftp"
286 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
287 + value="get_prop('ftp', 'Fail2Ban')">
288 + <label>FTP</label>
289 + <description>FTP_STATUS</description>
290 + </field>
291 + <field type="select" id="lemonldap"
292 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
293 + value="get_prop('lemonldap', 'Fail2Ban')">
294 + <label>LEMONLDAP</label>
295 + <description>LEMONLDAP_STATUS</description>
296 + </field>
297 + <field type="select" id="ejabberd"
298 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
299 + value="get_prop('ejabberd', 'Fail2Ban')">
300 + <label>EJABBERD</label>
301 + <description>EJABBERD_STATUS</description>
302 + </field>
303 + <field type="select" id="sogod"
304 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
305 + value="get_prop('sogod', 'Fail2Ban')">
306 + <label>SOGOD</label>
307 + <description>SOGOD_STATUS</description>
308 + </field>
309 + <field type="select" id="wordpress"
310 + options=" 'enabled' => 'ENABLED', 'disabled' => 'DISABLED'"
311 + value="get_prop('fail2ban', 'wordpress')">
312 + <label>WORDPRESS</label>
313 + <description>WORDPRESS_STATUS</description>
314 + </field>
315 +
316 +
317 +
318 + <subroutine src="show_valid_from_list()"/>
319 + <field type="text" id="ip" value=""
320 + validation="ip_number_or_blank">
321 + <description>DESC_ADD_IP</description>
322 + <label>ADD_IP</label>
323 + </field>
324 + <field type="text" id="bits" value=""
325 + validation="subnet_mask_bit, validate_network_and_mask">
326 + <description>DESC_ADD_BITS</description>
327 + <label>ADD_BITS</label>
328 + </field>
329 +
330 +
331 + <subroutine src="print_button('SAVE')" />
332 +
333 + <subroutine src="show_current_deny()"/>
334 + </page>
335 + <page name="Second"
336 + pre-event="RemoveIP()">
337 + <subroutine src="print_status_message()" />
338 + <subroutine src="back()" />
339 + </page>
340 +</form>
341 +
342 diff -Nur smeserver-fail2ban-0.1.18.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm smeserver-fail2ban-0.1.18/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm
343 --- smeserver-fail2ban-0.1.18.old/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm 1969-12-31 19:00:00.000000000 -0500
344 +++ smeserver-fail2ban-0.1.18/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/fail2ban.pm 2019-04-09 22:35:27.295000000 -0400
345 @@ -0,0 +1,428 @@
346 +#!/usr/bin/perl -w
347 +
348 +package esmith::FormMagick::Panel::fail2ban;
349 +
350 +use strict;
351 +use esmith::ConfigDB;
352 +use esmith::FormMagick;
353 +use esmith::util;
354 +use esmith::cgi;
355 +use File::Basename;
356 +use Exporter;
357 +use Carp;
358 +use Data::Validate::IP;
359 +
360 +our @ISA = qw(esmith::FormMagick Exporter);
361 +
362 +our @EXPORT = qw(get_value get_prop change_settings RemoveIP);
363 +
364 +our $VERSION = sprintf '%d.%03d', q$Revision: 1.1 $ =~ /: (\d+).(\d+)/;
365 +our $db = esmith::ConfigDB->open
366 + || warn "Couldn't open configuration database (permissions problems?)";
367 +my $scriptname = basename($0);
368 +
369 +#TODO
370 +#- translation
371 +#- userpanel without settings
372 +
373 +my %defaultval=('FilterLocalNetworks'=> "enabled",
374 + 'FilterValidRemoteHosts'=> "enabled",
375 + "Mail" => "enabled",
376 + "BanTime" => '1800',
377 + "FindTime" => '900',
378 + "MaxRetry" => '3',
379 + "sshd" => 'enabled',
380 + "qpsmtpd" => 'enabled',
381 + "dovecot" => 'enabled',
382 + "httpd-e-smith" => 'enabled',
383 + "ftp" => 'enabled',
384 + "lemonldap" => 'enabled',
385 + "ejabberd" => 'enabled',
386 + "sogod" => 'enabled',
387 + "wordpress" => 'disabled',
388 +
389 + ) ;
390 +
391 +sub new {
392 + shift;
393 + my $self = esmith::FormMagick->new();
394 + $self->{calling_package} = (caller)[0];
395 + bless $self;
396 + return $self;
397 +}
398 +
399 +sub get_prop
400 +{
401 + my $fm = shift;
402 + my $item = shift;
403 + my $prop = shift;
404 + my $value = $db->get_prop($item, $prop) || '';
405 + if ( $value eq "" && exists($defaultval{$prop}) && $item eq "fail2ban")
406 + {
407 + $value=$defaultval{$prop};
408 + }
409 + elsif ( $value eq "" && exists($defaultval{$item}) && $prop eq "Fail2Ban" && $item ne "fail2ban" )
410 + {
411 + $value=$defaultval{$item};
412 + }
413 + return $value;
414 +}
415 +
416 +sub get_value {
417 + my $fm = shift;
418 + my $item = shift;
419 + return ($db->get($item)->value());
420 +}
421 +
422 +sub ip_number_or_blank
423 +{
424 + my $self = shift;
425 + my $ip = shift;
426 +
427 + if (!defined($ip) || $ip eq "")
428 + {
429 + return 'OK';
430 + }
431 + return CGI::FormMagick::Validator::ip_number($self, $ip);
432 +}
433 +
434 +sub subnet_mask_bit
435 +{
436 + my ($self, $mask) = @_;
437 + my @allowed = (8,9,12,14,16,17,20,22,24,25,28,30,32);
438 +# if ($self->ip_number_or_blank($mask) eq 'OK')
439 + if ( !defined($mask) || $mask eq "" || grep( /^$mask$/, @allowed ) )
440 + {
441 + return "OK";
442 + }
443 + return "INVALID_SUBNET_MASK";
444 +}
445 +
446 +sub validate_network_and_mask
447 +{
448 + my $self = shift;
449 + my $mask = shift || "";
450 +
451 + my $net = $self->cgi->param('ip') || "";
452 + if ($net xor $mask)
453 + {
454 + return $self->localise('ERR_INVALID_PARAMS');
455 + }
456 + return 'OK';
457 +}
458 +
459 +
460 +
461 +sub _get_valid_from
462 +{
463 + my $self = shift;
464 +
465 + my $rec = $db->get('fail2ban');
466 + return undef unless($rec);
467 + my @vals = (split ',', ($rec->prop('IgnoreIP') || ''));
468 + return @vals;
469 +}
470 +
471 +sub ip_sort(@)
472 +{
473 + return esmith::util::IPquadToAddr($a) <=> esmith::util::IPquadToAddr($b);
474 +}
475 +
476 +sub show_valid_from_list
477 +{
478 + my $self = shift;
479 + my $q = $self->{cgi};
480 +
481 + print '<tr><td colspan=2>',$q->p($self->localise('VALIDFROM_DESC')),'</td></tr>';
482 +
483 + my @vals = $self->_get_valid_from();
484 + if (@vals)
485 + {
486 + print '<tr><td colspan=2>',
487 + $q->start_table({class => "sme-border"}),"\n";
488 + print $q->Tr(
489 + esmith::cgi::genSmallCell($q, $self->localise('NETWORK'),"header"),
490 + esmith::cgi::genSmallCell($q, $self->localise('REMOVE'),"header"));
491 + my @vals_sorted= sort ip_sort @vals;
492 + my @cbGroup = $q->checkbox_group(-name => 'validFromRemove',
493 + -values => [@vals_sorted], -labels => { map {$_ => ''} @vals_sorted });
494 + foreach my $val (@vals_sorted)
495 + {
496 + print $q->Tr(
497 + esmith::cgi::genSmallCell($q, $val, "normal"),
498 + esmith::cgi::genSmallCell($q, shift(@cbGroup),
499 + "normal"));
500 + }
501 + print '</table></td></tr>';
502 + }
503 + else
504 + {
505 + print $q->Tr($q->td($q->b($self->localise('NO_ENTRIES_YET'))));
506 + }
507 + return '';
508 +}
509 +
510 +sub show_current_deny
511 +{
512 + my $self = shift;
513 + my $q = $self->{cgi};
514 +
515 + print '<tr><td colspan=2>',$q->p($self->localise('CURRENT_DENY_DESC')),'</td></tr>';
516 +
517 + my %vals = ();
518 + if (open(DENY, "/etc/hosts.deny_ssh") ) {
519 + %vals = map { m{DenyHosts: (.*) \| (.*)$}; $2 => $1; } grep /DenyHosts:/, <DENY>;
520 + close DENY;
521 + }
522 + my @strvals = `/usr/bin/sfail2ban`;
523 +
524 + if (%vals)
525 + {
526 + print '<tr><td colspan=2>',
527 + $q->start_table({class => "sme-border"}),"\n";
528 + print $q->Tr(
529 + esmith::cgi::genSmallCell($q, $self->localise('IP_ADDRESS'),"header"),
530 + esmith::cgi::genSmallCell($q, $self->localise('JAIL'),"header"),
531 + esmith::cgi::genSmallCell($q, $self->localise('ACTION'),"header"));
532 + foreach my $sval (@strvals)
533 + {
534 + my @ssval= split(':',$sval);
535 + my $curjail=$ssval[0];
536 + my @ssvalip = split(' ',$ssval[1]);
537 + foreach my $sssval (@ssvalip)
538 + {
539 + my $ip=$sssval;
540 + my $action3 ="<a href=\"$scriptname?page=0&page_stack=&Next=Next&action=RemoveIP&IP=$ip&jail=$curjail&wherenext=Second\">".$self->localise('REMOVE')."</a>" .
541 + " <a href=\"$scriptname?page=0&page_stack=&Next=Next&action=RemoveIP&IP=$ip&jail=$curjail&wherenext=Second&Whitelist=true\">".$self->localise('WHITELIST')."</a>" ;
542 +
543 + print $q->Tr(
544 + esmith::cgi::genSmallCell($q, $ip, "normal"),
545 + esmith::cgi::genSmallCell($q, $curjail, "normal"),
546 + esmith::cgi::genSmallCell($q, $action3, "normal"));
547 + }
548 +
549 +
550 + }
551 + print '</table></td></tr>';
552 + }
553 + else
554 + {
555 + print $q->Tr($q->td($q->b($self->localise('NO_ENTRIES_YET'))));
556 + }
557 + return '';
558 +}
559 +
560 +sub add_new_valid_from
561 +{
562 + my $self = shift;
563 + my $q = $self->{cgi};
564 +
565 + my $ip = $q->param('ip');
566 + my $bits = $q->param('bits');
567 + # do nothing if no ip was added
568 + return 1 unless ($ip);
569 +
570 + my $rec = $db->get('fail2ban');
571 + unless ($rec)
572 + {
573 + return $self->error('ERR_NO_RECORD');
574 + }
575 +
576 + my $prop = $rec->prop('IgnoreIP') || '';
577 +
578 + my @vals = split /,/, $prop;
579 + return '' if (grep /^$ip\/$bits$/, @vals); # already have this entry
580 +
581 + if ($prop ne '')
582 + {
583 + $prop .= ",$ip/$bits";
584 + }
585 + else
586 + {
587 + $prop = "$ip/$bits";
588 + }
589 + $rec->set_prop('IgnoreIP', $prop);
590 + $q->delete('ip');
591 + $q->delete('bits');
592 + return 1;
593 +}
594 +
595 +sub remove_valid_from
596 +{
597 + my $self = shift;
598 + my $q = $self->{cgi};
599 +
600 + my @remove = $q->param('validFromRemove');
601 + my @vals = $self->_get_valid_from();
602 +
603 + foreach my $entry (@remove)
604 + {
605 + return undef unless $entry;
606 +
607 + unless (@vals)
608 + {
609 + print STDERR "ERROR: unable to load IgnoreIP property from conf db\n";
610 + return undef;
611 + }
612 +
613 + @vals = (grep { $entry ne $_ } @vals);
614 + }
615 +
616 + my $prop;
617 + if (@vals)
618 + {
619 + $prop = join ',',@vals;
620 + }
621 + else
622 + {
623 + $prop = '';
624 + }
625 + $db->get('fail2ban')->set_prop('IgnoreIP', $prop);
626 + $q->delete('validFromRemove');
627 +
628 + return 1;
629 +}
630 +
631 +sub change_settings {
632 + my ($fm) = @_;
633 + my $q = $fm->{'cgi'};
634 +
635 + my %conf;
636 +
637 + # Don't process the form unless we clicked the Save button. The event is
638 + # called even if we chose the Remove link or the Add link.
639 + return unless($q->param('Next') eq $fm->localise('SAVE'));
640 +
641 + my $ip = ($q->param ('ip') || '');
642 + my $status = ($q->param ('status') || 'status');
643 + my $FilterLocalNetworks = ($q->param ('FilterLocalNetworks') || "enabled");
644 + my $FilterValidRemoteHosts= ($q->param ('FilterValidRemoteHosts') || "enabled");
645 + my $Mail= ($q->param ("Mail") || "enabled");
646 + my $BanTime= ($q->param ("BanTime") || '1800');
647 + my $FindTime= ($q->param ("FindTime") || '900');
648 + my $MaxRetry= ($q->param ("MaxRetry") || '3');
649 + # those are stored in a different key dedicated to the service
650 + my %services;
651 + $services{'sshd'}= ($q->param ("sshd") ||'enabled');
652 + $services{'qpsmtp'}= ($q->param ("qpsmtpd") ||'enabled');
653 + $services{'dovecot'}= ($q->param ("dovecot") ||'enabled');
654 + $services{'httpd-e-smith'}= ($q->param ("httpd-e-smith") ||'enabled');
655 + $services{'ftp'}= ($q->param ("ftp") ||'enabled');
656 + $services{'lemonldap'}= ($q->param ("lemonldap") ||'enabled');
657 + $services{'ejabberd'}= ($q->param ("ejabberd" ) ||'enabled');
658 + $services{'sogod'}= ($q->param ("sogod" ) ||'enabled');
659 + $services{'wordpress'}= ($q->param ("wordpress") ||'enabled');
660 +
661 +
662 + #------------------------------------------------------------
663 + # Looks good; go ahead and change the access.
664 + #------------------------------------------------------------
665 +
666 + my $rec = $db->get('fail2ban');
667 + if ($rec)
668 + {
669 + $rec->set_prop('status', $status);
670 + # unless prop empty and value eq default
671 + $rec->set_prop('FilterLocalNetworks', $FilterLocalNetworks) unless ( ! $db->get_prop('fail2ban','FilterLocalNetworks') && $FilterLocalNetworks eq $defaultval{'FilterLocalNetworks'} );
672 + $rec->set_prop('FilterValidRemoteHosts', $FilterValidRemoteHosts) unless ( ! $db->get_prop('fail2ban','FilterValidRemoteHosts') && $FilterValidRemoteHosts eq $defaultval{'FilterValidRemoteHosts'} );
673 + $rec->set_prop('Mail', $Mail) unless ( ! $db->get_prop('fail2ban','Mail') && $Mail eq $defaultval{'Mail'} );
674 + $rec->set_prop('BanTime', $BanTime) unless ( ! $db->get_prop('fail2ban','BanTime') && $BanTime eq $defaultval{'BanTime'} );
675 + $rec->set_prop('FindTime', $FindTime) unless ( ! $db->get_prop('fail2ban','FindTime') && $FindTime eq $defaultval{'FindTime'} );
676 + $rec->set_prop('MaxRetry', $MaxRetry) unless ( ! $db->get_prop('fail2ban','MaxRetry') && $MaxRetry eq $defaultval{'MaxRetry'} );
677 + }
678 + # for the 9 services update unless key does not exist and property does not exist and value eq default
679 + foreach my $key (keys %services)
680 + {
681 + if ($key eq "wordpress")
682 + {
683 + $rec = $db->get('fail2ban');
684 + my $getprop = $db->get_prop('fail2ban',$key) || "";
685 + $rec->set_prop($key, $services{$key} ) unless ( ! $rec || (! $db->get_prop('fail2ban', $key) && $services{$key} eq $defaultval{$key} ) );
686 + }
687 + else
688 + {
689 + $rec = $db->get($key);
690 + my $getprop = $db->get_prop($key,'Fail2Ban') || "";
691 + $rec->set_prop('Fail2Ban', $services{$key} ) unless ( ! $rec || (! $db->get_prop($key,'Fail2Ban') && $services{$key} eq $defaultval{$key} ) );
692 + }
693 + }
694 +# this seems to prevent reload of service if we update something and remove or add an ip...
695 +# return '' unless $fm->add_new_valid_from;
696 +# return '' unless $fm->remove_valid_from;
697 +
698 + unless ( system( "/sbin/e-smith/signal-event", "fail2ban-update" ) == 0 )
699 + {
700 + $fm->error('ERROR_UPDATING');
701 + return undef;
702 + }
703 +
704 + if ( $rec->prop('status') eq 'disabled' )
705 + {
706 + unless ( `/etc/init.d/fail2ban stop` )
707 + {
708 + $fm->error('ERROR_STOPPING');
709 + return undef;
710 + }
711 + }
712 +
713 + $fm->success('SUCCESS');
714 +}
715 +
716 +# validate subnet
717 +
718 +
719 +
720 +# RemoveIP after validation
721 +sub RemoveIP {
722 + my $fm = shift;
723 + my $q = $fm->{'cgi'};
724 + my %conf;
725 + my $ip = ($q->param('IP') || '');
726 + my $whitelist = ($q->param('Whitelist'))? "true" : '';
727 + #check ip
728 + my $validator=Data::Validate::IP->new;
729 +
730 + unless ($validator->is_ipv4($ip))
731 + {
732 + $fm->error('ERROR_STOPPING');
733 + return undef;
734 + }
735 + $ip = $validator->is_ipv4($ip);
736 + # validate and untaint jail
737 + my $jail = ($q->param('jail') || '');
738 + # could be [a-zA-Z0-9_\-]
739 + $jail = $jail =~ /([a-zA-Z0-9_\-]+)/ ? $1 : undef;
740 + $fm->error('ERROR_UPDATING') unless $jail;
741 + return undef unless $jail;
742 + unless ( system( "/usr/bin/fail2ban-client set $jail unbanip $ip ".' >/dev/null 2>&1' ) == 0 )
743 + {
744 + $fm->error('ERROR_UPDATING');
745 + return undef;
746 + }
747 + if ($whitelist ne "" ) {
748 + # add $ip to whitelist for the current $jail
749 + warn "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32";
750 + unless ( system( "/sbin/e-smith/db configuration setprop fail2ban IgnoreIP `/sbin/e-smith/db configuration getprop fail2ban IgnoreIP`,$ip/32 ".' >/dev/null 2>&1' ) == 0
751 + && system( "/usr/bin/fail2ban-client reload ".' >/dev/null 2>&1' ) == 0
752 + )
753 + {
754 + $fm->error('ERROR_UPDATING_WHITE');
755 + return undef;
756 + }
757 +
758 + $fm->success($fm->localise('SUCCESS_IP_WHITE').": $ip",'First');
759 + }
760 + else
761 + {
762 + $fm->success($fm->localise('SUCCESS_IP').": $ip",'First');
763 + }
764 +}
765 +
766 +sub back {
767 + my $fm = shift;
768 + my $q = $fm->{'cgi'};
769 + print "<a href='$scriptname'>".$fm->localise('Back')."</a>";
770 +return;
771 +}
772 +
773 +1;
774 diff -Nur smeserver-fail2ban-0.1.18.old/usr/bin/sfail2ban smeserver-fail2ban-0.1.18/usr/bin/sfail2ban
775 --- smeserver-fail2ban-0.1.18.old/usr/bin/sfail2ban 1969-12-31 19:00:00.000000000 -0500
776 +++ smeserver-fail2ban-0.1.18/usr/bin/sfail2ban 2019-04-09 22:34:41.216000000 -0400
777 @@ -0,0 +1,6 @@
778 +#!/bin/bash
779 +for SERVI in $(fail2ban-client status|grep 'Jail list'|cut -d':' -f2|sed 's/, / /g'| sed -e 's/^[ \t]*//')
780 +do
781 +fail2ban-client status $SERVI |grep -E 'IP list|Status for the jail' |sed 'N;s/\n/:/'|cut -d: -f2,4
782 +done
783 +

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed