Rename dev jail bangui-sim to manual-Jail
Rename fail2ban-dev-config jail.d/bangui-sim.conf and filter.d/bangui-sim.conf to manual-Jail.conf. Update section header, filter reference, and comments in both files. Update JAIL constant and header comment in check_ban_status.sh. Update comments in simulate_failed_logins.sh. Replace all bangui-sim occurrences in fail2ban-dev-config/README.md.
This commit is contained in:
@@ -2,7 +2,7 @@
|
|||||||
# ──────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────
|
||||||
# check_ban_status.sh
|
# check_ban_status.sh
|
||||||
#
|
#
|
||||||
# Queries the bangui-sim jail inside the running fail2ban
|
# Queries the manual-Jail jail inside the running fail2ban
|
||||||
# container and optionally unbans a specific IP.
|
# container and optionally unbans a specific IP.
|
||||||
#
|
#
|
||||||
# Usage:
|
# Usage:
|
||||||
@@ -17,7 +17,7 @@
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
readonly CONTAINER="bangui-fail2ban-dev"
|
readonly CONTAINER="bangui-fail2ban-dev"
|
||||||
readonly JAIL="bangui-sim"
|
readonly JAIL="manual-Jail"
|
||||||
|
|
||||||
# ── Helper: run a fail2ban-client command inside the container ─
|
# ── Helper: run a fail2ban-client command inside the container ─
|
||||||
f2b() {
|
f2b() {
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
This directory contains the fail2ban configuration and supporting scripts for a
|
This directory contains the fail2ban configuration and supporting scripts for a
|
||||||
self-contained development test environment. A simulation script writes fake
|
self-contained development test environment. A simulation script writes fake
|
||||||
authentication-failure log lines, fail2ban detects them via the `bangui-sim`
|
authentication-failure log lines, fail2ban detects them via the `manual-Jail`
|
||||||
jail, and bans the offending IP — giving a fully reproducible ban/unban cycle
|
jail, and bans the offending IP — giving a fully reproducible ban/unban cycle
|
||||||
without a real service.
|
without a real service.
|
||||||
|
|
||||||
@@ -71,14 +71,14 @@ Chains steps 1–3 automatically with appropriate sleep intervals.
|
|||||||
|
|
||||||
| File | Purpose |
|
| File | Purpose |
|
||||||
|------|---------|
|
|------|---------|
|
||||||
| `fail2ban/filter.d/bangui-sim.conf` | Defines the `failregex` that matches simulation log lines |
|
| `fail2ban/filter.d/manual-Jail.conf` | Defines the `failregex` that matches simulation log lines |
|
||||||
| `fail2ban/jail.d/bangui-sim.conf` | Jail settings: `maxretry=3`, `bantime=60s`, `findtime=120s` |
|
| `fail2ban/jail.d/manual-Jail.conf` | Jail settings: `maxretry=3`, `bantime=60s`, `findtime=120s` |
|
||||||
| `Docker/logs/auth.log` | Log file written by the simulation script (host path) |
|
| `Docker/logs/auth.log` | Log file written by the simulation script (host path) |
|
||||||
|
|
||||||
Inside the container the log file is mounted at `/remotelogs/bangui/auth.log`
|
Inside the container the log file is mounted at `/remotelogs/bangui/auth.log`
|
||||||
(see `fail2ban/paths-lsio.conf` — `remote_logs_path = /remotelogs`).
|
(see `fail2ban/paths-lsio.conf` — `remote_logs_path = /remotelogs`).
|
||||||
|
|
||||||
To change sensitivity, edit `fail2ban/jail.d/bangui-sim.conf`:
|
To change sensitivity, edit `fail2ban/jail.d/manual-Jail.conf`:
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
maxretry = 3 # failures before a ban
|
maxretry = 3 # failures before a ban
|
||||||
@@ -108,14 +108,14 @@ Test the regex manually:
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker exec bangui-fail2ban-dev \
|
docker exec bangui-fail2ban-dev \
|
||||||
fail2ban-regex /remotelogs/bangui/auth.log bangui-sim
|
fail2ban-regex /remotelogs/bangui/auth.log manual-Jail
|
||||||
```
|
```
|
||||||
|
|
||||||
The output should show matched lines. If nothing matches, check that the log
|
The output should show matched lines. If nothing matches, check that the log
|
||||||
lines match the corresponding `failregex` pattern:
|
lines match the corresponding `failregex` pattern:
|
||||||
|
|
||||||
```
|
```
|
||||||
# bangui-sim (auth log):
|
# manual-Jail (auth log):
|
||||||
YYYY-MM-DD HH:MM:SS bangui-auth: authentication failure from <IP>
|
YYYY-MM-DD HH:MM:SS bangui-auth: authentication failure from <IP>
|
||||||
```
|
```
|
||||||
|
|
||||||
@@ -132,7 +132,7 @@ sudo modprobe ip_tables
|
|||||||
### IP not banned despite enough failures
|
### IP not banned despite enough failures
|
||||||
|
|
||||||
Check whether the source IP falls inside the `ignoreip` range defined in
|
Check whether the source IP falls inside the `ignoreip` range defined in
|
||||||
`fail2ban/jail.d/bangui-sim.conf`:
|
`fail2ban/jail.d/manual-Jail.conf`:
|
||||||
|
|
||||||
```ini
|
```ini
|
||||||
ignoreip = 127.0.0.0/8 ::1 172.16.0.0/12
|
ignoreip = 127.0.0.0/8 ::1 172.16.0.0/12
|
||||||
|
|||||||
@@ -3,6 +3,7 @@
|
|||||||
#
|
#
|
||||||
# Matches lines written by Docker/simulate_failed_logins.sh
|
# Matches lines written by Docker/simulate_failed_logins.sh
|
||||||
# Format: <timestamp> bangui-auth: authentication failure from <HOST>
|
# Format: <timestamp> bangui-auth: authentication failure from <HOST>
|
||||||
|
# Jail: manual-Jail
|
||||||
# ──────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
[Definition]
|
[Definition]
|
||||||
|
|||||||
@@ -5,10 +5,10 @@
|
|||||||
# for lines produced by Docker/simulate_failed_logins.sh.
|
# for lines produced by Docker/simulate_failed_logins.sh.
|
||||||
# ──────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
[bangui-sim]
|
[manual-Jail]
|
||||||
|
|
||||||
enabled = true
|
enabled = true
|
||||||
filter = bangui-sim
|
filter = manual-Jail
|
||||||
logpath = /remotelogs/bangui/auth.log
|
logpath = /remotelogs/bangui/auth.log
|
||||||
backend = polling
|
backend = polling
|
||||||
maxretry = 3
|
maxretry = 3
|
||||||
|
|||||||
@@ -3,7 +3,7 @@
|
|||||||
# simulate_failed_logins.sh
|
# simulate_failed_logins.sh
|
||||||
#
|
#
|
||||||
# Writes synthetic authentication-failure log lines to a file
|
# Writes synthetic authentication-failure log lines to a file
|
||||||
# that matches the bangui-sim fail2ban filter.
|
# that matches the manual-Jail fail2ban filter.
|
||||||
#
|
#
|
||||||
# Usage:
|
# Usage:
|
||||||
# bash Docker/simulate_failed_logins.sh [COUNT] [SOURCE_IP] [LOG_FILE]
|
# bash Docker/simulate_failed_logins.sh [COUNT] [SOURCE_IP] [LOG_FILE]
|
||||||
@@ -13,7 +13,7 @@
|
|||||||
# SOURCE_IP: 192.168.100.99
|
# SOURCE_IP: 192.168.100.99
|
||||||
# LOG_FILE : Docker/logs/auth.log (relative to repo root)
|
# LOG_FILE : Docker/logs/auth.log (relative to repo root)
|
||||||
#
|
#
|
||||||
# Log line format (must match bangui-sim failregex exactly):
|
# Log line format (must match manual-Jail failregex exactly):
|
||||||
# YYYY-MM-DD HH:MM:SS bangui-auth: authentication failure from <IP>
|
# YYYY-MM-DD HH:MM:SS bangui-auth: authentication failure from <IP>
|
||||||
# ──────────────────────────────────────────────────────────────
|
# ──────────────────────────────────────────────────────────────
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user