From 00119ed68dc887722be96706970aa9a43a52a8ad Mon Sep 17 00:00:00 2001 From: Lukas Date: Sun, 15 Mar 2026 14:09:49 +0100 Subject: [PATCH] Rename dev jail bangui-sim to manual-Jail Rename fail2ban-dev-config jail.d/bangui-sim.conf and filter.d/bangui-sim.conf to manual-Jail.conf. Update section header, filter reference, and comments in both files. Update JAIL constant and header comment in check_ban_status.sh. Update comments in simulate_failed_logins.sh. Replace all bangui-sim occurrences in fail2ban-dev-config/README.md. --- Docker/check_ban_status.sh | 4 ++-- Docker/fail2ban-dev-config/README.md | 14 +++++++------- .../fail2ban/filter.d/manual-Jail.conf | 1 + .../fail2ban/jail.d/manual-Jail.conf | 4 ++-- Docker/simulate_failed_logins.sh | 4 ++-- 5 files changed, 14 insertions(+), 13 deletions(-) diff --git a/Docker/check_ban_status.sh b/Docker/check_ban_status.sh index 74a10f1..8e036e6 100644 --- a/Docker/check_ban_status.sh +++ b/Docker/check_ban_status.sh @@ -2,7 +2,7 @@ # ────────────────────────────────────────────────────────────── # check_ban_status.sh # -# Queries the bangui-sim jail inside the running fail2ban +# Queries the manual-Jail jail inside the running fail2ban # container and optionally unbans a specific IP. # # Usage: @@ -17,7 +17,7 @@ set -euo pipefail readonly CONTAINER="bangui-fail2ban-dev" -readonly JAIL="bangui-sim" +readonly JAIL="manual-Jail" # ── Helper: run a fail2ban-client command inside the container ─ f2b() { diff --git a/Docker/fail2ban-dev-config/README.md b/Docker/fail2ban-dev-config/README.md index 8d41b71..6ecaf56 100644 --- a/Docker/fail2ban-dev-config/README.md +++ b/Docker/fail2ban-dev-config/README.md @@ -2,7 +2,7 @@ This directory contains the fail2ban configuration and supporting scripts for a self-contained development test environment. A simulation script writes fake -authentication-failure log lines, fail2ban detects them via the `bangui-sim` +authentication-failure log lines, fail2ban detects them via the `manual-Jail` jail, and bans the offending IP — giving a fully reproducible ban/unban cycle without a real service. @@ -71,14 +71,14 @@ Chains steps 1–3 automatically with appropriate sleep intervals. | File | Purpose | |------|---------| -| `fail2ban/filter.d/bangui-sim.conf` | Defines the `failregex` that matches simulation log lines | -| `fail2ban/jail.d/bangui-sim.conf` | Jail settings: `maxretry=3`, `bantime=60s`, `findtime=120s` | +| `fail2ban/filter.d/manual-Jail.conf` | Defines the `failregex` that matches simulation log lines | +| `fail2ban/jail.d/manual-Jail.conf` | Jail settings: `maxretry=3`, `bantime=60s`, `findtime=120s` | | `Docker/logs/auth.log` | Log file written by the simulation script (host path) | Inside the container the log file is mounted at `/remotelogs/bangui/auth.log` (see `fail2ban/paths-lsio.conf` — `remote_logs_path = /remotelogs`). -To change sensitivity, edit `fail2ban/jail.d/bangui-sim.conf`: +To change sensitivity, edit `fail2ban/jail.d/manual-Jail.conf`: ```ini maxretry = 3 # failures before a ban @@ -108,14 +108,14 @@ Test the regex manually: ```bash docker exec bangui-fail2ban-dev \ - fail2ban-regex /remotelogs/bangui/auth.log bangui-sim + fail2ban-regex /remotelogs/bangui/auth.log manual-Jail ``` The output should show matched lines. If nothing matches, check that the log lines match the corresponding `failregex` pattern: ``` -# bangui-sim (auth log): +# manual-Jail (auth log): YYYY-MM-DD HH:MM:SS bangui-auth: authentication failure from ``` @@ -132,7 +132,7 @@ sudo modprobe ip_tables ### IP not banned despite enough failures Check whether the source IP falls inside the `ignoreip` range defined in -`fail2ban/jail.d/bangui-sim.conf`: +`fail2ban/jail.d/manual-Jail.conf`: ```ini ignoreip = 127.0.0.0/8 ::1 172.16.0.0/12 diff --git a/Docker/fail2ban-dev-config/fail2ban/filter.d/manual-Jail.conf b/Docker/fail2ban-dev-config/fail2ban/filter.d/manual-Jail.conf index 275b83f..48019ec 100644 --- a/Docker/fail2ban-dev-config/fail2ban/filter.d/manual-Jail.conf +++ b/Docker/fail2ban-dev-config/fail2ban/filter.d/manual-Jail.conf @@ -3,6 +3,7 @@ # # Matches lines written by Docker/simulate_failed_logins.sh # Format: bangui-auth: authentication failure from +# Jail: manual-Jail # ────────────────────────────────────────────────────────────── [Definition] diff --git a/Docker/fail2ban-dev-config/fail2ban/jail.d/manual-Jail.conf b/Docker/fail2ban-dev-config/fail2ban/jail.d/manual-Jail.conf index 8137a82..00a9a82 100644 --- a/Docker/fail2ban-dev-config/fail2ban/jail.d/manual-Jail.conf +++ b/Docker/fail2ban-dev-config/fail2ban/jail.d/manual-Jail.conf @@ -5,10 +5,10 @@ # for lines produced by Docker/simulate_failed_logins.sh. # ────────────────────────────────────────────────────────────── -[bangui-sim] +[manual-Jail] enabled = true -filter = bangui-sim +filter = manual-Jail logpath = /remotelogs/bangui/auth.log backend = polling maxretry = 3 diff --git a/Docker/simulate_failed_logins.sh b/Docker/simulate_failed_logins.sh index 3a01691..a0ad9ac 100644 --- a/Docker/simulate_failed_logins.sh +++ b/Docker/simulate_failed_logins.sh @@ -3,7 +3,7 @@ # simulate_failed_logins.sh # # Writes synthetic authentication-failure log lines to a file -# that matches the bangui-sim fail2ban filter. +# that matches the manual-Jail fail2ban filter. # # Usage: # bash Docker/simulate_failed_logins.sh [COUNT] [SOURCE_IP] [LOG_FILE] @@ -13,7 +13,7 @@ # SOURCE_IP: 192.168.100.99 # LOG_FILE : Docker/logs/auth.log (relative to repo root) # -# Log line format (must match bangui-sim failregex exactly): +# Log line format (must match manual-Jail failregex exactly): # YYYY-MM-DD HH:MM:SS bangui-auth: authentication failure from # ──────────────────────────────────────────────────────────────