Add fail2ban dev test environment (Stage 0)

- Add bangui-sim filter (filter.d/bangui-sim.conf) matching the simulated authentication failure log format - Add bangui-sim jail (jail.d/bangui-sim.conf) with maxretry=3, bantime=60s, findtime=120s, ignoreip safeguard, polling backend - Mount Docker/logs/ into fail2ban container at /remotelogs/bangui in compose.debug.yml - Add simulate_failed_logins.sh to write synthetic failure lines - Add check_ban_status.sh with optional --unban flag - Add dev-ban-test Makefile target for one-command smoke testing - Write Docker/fail2ban-dev-config/README.md with setup and troubleshooting docs - Update .gitignore to track custom config files while still excluding auto-generated linuxserver fail2ban files
2026-03-03 21:00:08 +01:00
parent 39ee1e2945
commit 1c89454197
9 changed files with 442 additions and 16 deletions
--- a/24
+++ b/24
@@ -5,12 +5,13 @@
 #  Auto-detects which compose binary is available.
 #
 #  Usage:
-#    make up        — start the debug stack
-#    make down      — stop the debug stack
-#    make build     — (re)build the backend image without starting
-#    make clean     — stop, remove all containers, volumes, and local images
-#    make logs      — tail logs for all debug services
-#    make restart   — restart the debug stack
+#    make up           — start the debug stack
+#    make down         — stop the debug stack
+#    make build        — (re)build the backend image without starting
+#    make clean        — stop, remove all containers, volumes, and local images
+#    make logs         — tail logs for all debug services
+#    make restart      — restart the debug stack
+#    make dev-ban-test — one-command smoke test of the ban pipeline
 # ──────────────────────────────────────────────────────────────

 COMPOSE_FILE := Docker/compose.debug.yml
@@ -38,7 +39,7 @@ COMPOSE := $(shell command -v podman-compose 2>/dev/null \
 # Detect available container runtime (podman or docker).
 RUNTIME := $(shell command -v podman 2>/dev/null || echo "docker")

-.PHONY: up down build restart logs clean
+.PHONY: up down build restart logs clean dev-ban-test

 ## Start the debug stack (detached).
 up:
@@ -66,3 +67,12 @@ clean:
 	$(RUNTIME) volume rm $(DEV_VOLUMES) 2>/dev/null || true
 	$(RUNTIME) rmi $(DEV_IMAGES) 2>/dev/null || true
 	@echo "All debug volumes and local images removed. Run 'make up' to rebuild and start fresh."
+
+## One-command smoke test for the ban pipeline:
+##   1. Start fail2ban, 2. write failure lines, 3. check ban status.
+dev-ban-test:
+	$(COMPOSE) -f $(COMPOSE_FILE) up -d fail2ban
+	sleep 5
+	bash Docker/simulate_failed_logins.sh
+	sleep 3
+	bash Docker/check_ban_status.sh