More work on editing a jail

fail2ban/fail2ban-lib.pl

@@ -5,6 +5,7 @@
 # XXX main help page
 # XXX help page for filters with description of <HOST> / etc
 # XXX filter defaults
+# XXX deleting a directive removes too many lines?
 
 BEGIN { push(@INC, ".."); };
 use strict;
@@ -101,7 +102,7 @@ while(<$fh>) {
 			  'members' => [] };
 		push(@rv, $sect);
 		}
-	elsif (/^\s*(\S+)\s*=\s*(.*)/ && $sect) {
+	elsif (/^(\S+)\s*=\s*(.*)/ && $sect) {
 		# A directive in a section
 		my $dir = { 'name' => $1,
 			    'value' => $2,
@@ -134,8 +135,9 @@ sub split_directive_values
 my ($dir) = @_;
 my @w;
 my $v = $dir->{'value'};
+$v =~ s/\n/ /g;
 while($v =~ /\S/) {
-	if ($v =~ /^(\S+\[[^\]]+\])\s*(.*)/) {
+	if ($v =~ /^([^\[]+\[[^\]]+\])\s*(.*)/) {
 		push(@w, $1);
 		$v = $2;
 		}
@@ -160,6 +162,17 @@ $sect->{'eline'} = scalar(@$lref) - $sect->{'line'};
 &flush_file_lines($file);
 }
 
+# modify_section(file, &section)
+# Update the first line (only) for some section
+sub modify_section
+{
+my ($file, $sect) = @_;
+my $lref = &read_file_lines($file);
+my @lines = &section_lines($sect);
+$lref->[$sect->{'line'}] = $lines[0];
+&flush_file_lines($file);
+}
+
 # delete_section(file, &section)
 # Remove a section and all directives from a file
 sub delete_section
@@ -206,7 +219,7 @@ my @rv;
 my @v = ref($dir->{'value'}) eq 'ARRAY' ? @{$dir->{'value'}}
 					: split(/\n/, $dir->{'value'});
 push(@rv, $dir->{'name'}." = ".shift(@v));
-push(@rv, map { "\t".$_ } @v);	# Continuation
+push(@rv, map { "        ".$_ } @v);	# Continuation
 return @rv;
 }
 

fail2ban/lang/en

@@ -103,5 +103,8 @@ jail_eport=Invalid port number for action $1
 jail_eactions=No actions selected!
 jail_elogpaths=No log file paths entered
 jail_elogpath=All log files must be absolute paths or patterns
+jail_emaxretry=Matches before applying action must be a number greater than zero
+jail_efindtime=Delay between matches must be a number greater than zero
+jail_ebantime=Time to ban an IP must be a number greater than zero
 
 config_title=Global Configuration

fail2ban/list_jails.cgi

@@ -22,12 +22,18 @@ print &ui_columns_start([ "",
 foreach my $j (@jails) {
 	next if ($j->{'name'} eq 'DEFAULT');
 	my $filter = &find_value("filter", $j);
-	my $action = &find_value("action", $j);
+	my $action_dir = &find("action", $j);
+	my $action = "";
+	if ($action_dir) {
+		$action = join(" | ",
+			map { /^([^\[]+)/; &html_escape("$1") }
+			    @{$action_dir->{'words'}});
+		}
 	print &ui_checked_columns_row([
 		&ui_link("edit_jail.cgi?name=".&urlize($j->{'name'}),
 			 $j->{'name'}),
 		&html_escape($filter),
-		&html_escape($action),
+		$action,
 		], \@tds, "d", $j->{'name'});
 	}
 print &ui_columns_end();

fail2ban/save_jail.cgi

@@ -71,6 +71,19 @@ else {
 		$l =~ /^\/\S+$/ || &error($text{'jail_elogpath'});
 		}
 
+	# Validate various counters
+	foreach my $f ("maxretry", "findtime", "bantime") {
+		$in{$f.'_def'} || $in{$f} =~ /^[1-9]\d*$/ ||
+			&error($text{'jail_e'.$f});
+		}
+
+	# Split and validate IPs to ignore
+	my @ignoreips = split(/\s+/, $in{'ignoreip'});
+	foreach my $ip (@ignoreips) {
+		&check_ipaddress($ip) || &check_ip6address($ip) ||
+			&error($text{'jail_eignoreip'});
+		}
+
 	# Create new section or rename existing if needed
 	&lock_file($jail->{'file'});
 	if ($in{'new'}) {
@@ -85,6 +98,11 @@ else {
 	&save_directive("filter", $in{'filter'}, $jail);
 	&save_directive("action", join("\n", @actions), $jail);
 	&save_directive("logpath", join("\n", @logpaths), $jail);
+	foreach my $f ("maxretry", "findtime", "bantime") {
+		&save_directive($f, $in{$f."_def"} ? undef : $in{$f}, $jail);
+		}
+	&save_directive("ignoreip",
+		@ignoreips ? join(" ", @ignoreips) : undef, $jail);
 
 	&unlock_file($jail->{'file'});
 	}