| Server IP : 195.201.23.43 / Your IP : 3.144.128.235 Web Server : Apache System : Linux webserver2.vercom.be 5.4.0-192-generic #212-Ubuntu SMP Fri Jul 5 09:47:39 UTC 2024 x86_64 User : kdecoratie ( 1041) PHP Version : 7.1.33-63+ubuntu20.04.1+deb.sury.org+1 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /usr/share/webmin/fail2ban/ |
Upload File : |
#!/usr/bin/perl
# Create, update or delete a jail
use strict;
use warnings;
no warnings 'redefine';
no warnings 'uninitialized';
require './fail2ban-lib.pl';
our (%in, %text, %config);
&ReadParse();
&error_setup($text{'jail_err'});
my $jail;
my @jails = &list_jails();
if ($in{'new'}) {
# Create new jail object
my $jfile = "$config{'config_dir'}/jail.conf";
my $jlfile = "$config{'config_dir'}/jail.local";
$jail = { 'members' => [ ],
'file' => -r $jlfile ? $jlfile : $jfile };
}
else {
# Find existing jail
($jail) = grep { $_->{'name'} eq $in{'name'} } @jails;
$jail || &error($text{'jail_egone'});
}
if ($in{'delete'}) {
# Just delete the jail
&lock_all_config_files();
&delete_section($jail->{'file'}, $jail,
$jail->{'file'} =~ /jail.local$/ ? 1 : 0);
&unlock_all_config_files();
}
else {
# Validate inputs
my $file;
$in{'name'} =~ /^[a-z0-9\_\-]+$/i || &error($text{'jail_ename'});
$jail->{'name'} = $in{'name'};
if ($in{'new'} || $in{'name'} ne $in{'old'}) {
# Check for clash
my ($clash) = grep { $_->{'name'} eq $in{'name'} } @jails;
$clash && &error($text{'jail_eclash'});
}
# Parse and validate actions
my @actions;
for(my $i=0; defined($in{"action_$i"}); $i++) {
next if (!$in{"action_$i"});
my @opts;
if ($in{"name_$i"}) {
$in{"name_$i"} =~ /^(%\(\S+\))?[A-Za-z0-9\.\_\-]+$/ ||
&error(&text('jail_eaname', $i+1));
push(@opts, "name=".$in{"name_$i"});
}
if ($in{"port_$i"}) {
my @p = split(/,/, $in{"port_$i"});
foreach my $p (split(/,/, $in{"port_$i"})) {
$p =~ /^\d+$/ ||
$p =~ /^\d+:\d+$/ ||
getservbyname($p,
$in{"protocol_$i"} || "tcp") ||
$p =~ /%\(\S+\)s/ ||
&error(&text('jail_eport', $i+1));
}
if (@p > 1) {
push(@opts, "port="."\"".$in{"port_$i"}."\"");
}
else {
push(@opts, "port=".$in{"port_$i"});
}
}
if ($in{"protocol_$i"}) {
push(@opts, "protocol=".$in{"protocol_$i"});
}
push(@opts, split(/\s+/, $in{"others_$i"}));
push(@actions, $in{"action_$i"}."[".join(", ", @opts)."]");
}
# Split and validate log file paths
my @logpaths = grep { /\S/ } split(/\r?\n/, $in{'logpath'});
@logpaths || &error($text{'jail_elogpaths'});
foreach my $l (@logpaths) {
$l =~ s/^\s*//;
$l =~ s/\s*$//;
$l =~ /^\/\S+$/ || $l =~ /^\%\(/ ||
&error($text{'jail_elogpath'});
}
# Validate various counters
foreach my $f ("maxretry", "findtime", "bantime") {
$in{$f.'_def'} || $in{$f} =~ /^\-?\d+(\.\d+)?[mhdwy]?$/ ||
&error($text{'jail_e'.$f});
}
# Split and validate IPs to ignore
my @ignoreips = $in{'ignoreip_def'} ? ( )
: split(/\s+/, $in{'ignoreip'});
foreach my $ip (@ignoreips) {
&check_ipaddress($ip) || &check_ip6address($ip) ||
($ip =~ /^([0-9\.]+)\/(\d+)/ && &check_ipaddress("$1")) ||
&to_ipaddress($ip) ||
&error($text{'jail_eignoreip'});
}
# Create new section or rename existing if needed
&lock_all_config_files();
if ($in{'new'}) {
&create_section($jail->{'file'}, $jail);
}
elsif ($in{'name'} ne $in{'old'}) {
&modify_section($jail->{'file'}, $jail);
}
# Save directives within the section
&save_directive("enabled", $in{'enabled'} ? 'true' : 'false', $jail);
&save_directive("filter", $in{'filter'} || undef, $jail);
&save_directive("action", @actions ? join("\n", @actions)
: undef, $jail);
&save_directive("logpath", join("\n", @logpaths), $jail);
foreach my $f ("maxretry", "findtime", "bantime") {
&save_directive($f, $in{$f."_def"} ? undef : $in{$f}, $jail);
}
&save_directive("ignoreip",
@ignoreips ? join(" ", @ignoreips) : undef, $jail);
&unlock_all_config_files();
}
# Log and redirect
&webmin_log($in{'delete'} ? 'delete' : $in{'new'} ? 'create' : 'update',
'jail', $jail->{'name'});
&redirect("list_jails.cgi");
Private