BanGUI

lukas.pupkalipinski/BanGUI

Fork 0

Commit Graph

Author	SHA1	Message	Date
Lukas	cbad4ea706	Add ban management features and update documentation - Implement ban model, service, and router endpoints in backend - Add ban table component and dashboard integration in frontend - Update ban-related types and API endpoints - Add comprehensive tests for ban service and dashboard router - Update documentation (Features, Tasks, Architecture, Web-Design) - Clean up old fail2ban configuration files - Update Makefile with new commands	2026-03-06 20:33:42 +01:00
Lukas	08b8f3872a	fix: reload/stop jail 404 + access list simulator Task 1 — fix Stop/Reload Jail returning 404 Root cause: reload_jail and reload_all sent an empty config stream (["reload", name, [], []]). In fail2ban's reload protocol the end-of- reload phase deletes every jail still in reload_state — i.e. every jail that received no configuration commands. An empty stream means all affected jails are silently removed from the daemon's runtime, causing everything touching those jails afterwards (including stop) to receive UnknownJailException → HTTP 404. Fixes: - reload_jail: send ["start", name] in the config stream; startJail() removes the jail from reload_state so the end phase commits instead of deletes, and un-idles the jail. - reload_all: fetch current jail list first, build a ["start", name] entry for every active jail, then send reload --all with that stream. - stop_jail: made idempotent — if the jail is already gone (not-found error) the operation silently succeeds (200 OK) rather than returning 404, matching the user expectation that stop = ensure-stopped. - Router: removed dead JailNotFoundError handler from stop endpoint. 391 tests pass (2 new), ruff clean, mypy clean (pre-existing config.py error unchanged). Task 2 — access list simulator - Docker/simulate_accesses.sh: writes fake HTTP-scan log lines in custom format (bangui-access: http scan from <IP> ...) to Docker/logs/access.log so the bangui-access jail detects them. - fail2ban/filter.d/bangui-access.conf: failregex matching the above. - fail2ban/jail.d/bangui-access.conf: polling jail on access.log, same settings as bangui-sim (maxretry=3, bantime=60s). - .gitignore: whitelist new bangui-access.conf files. - Docker/fail2ban-dev-config/README.md: added "Testing the Access List Feature" section with step-by-step instructions and updated Configuration Reference + Troubleshooting.	2026-03-06 19:49:31 +01:00
Lukas	1c89454197	Add fail2ban dev test environment (Stage 0) - Add bangui-sim filter (filter.d/bangui-sim.conf) matching the simulated authentication failure log format - Add bangui-sim jail (jail.d/bangui-sim.conf) with maxretry=3, bantime=60s, findtime=120s, ignoreip safeguard, polling backend - Mount Docker/logs/ into fail2ban container at /remotelogs/bangui in compose.debug.yml - Add simulate_failed_logins.sh to write synthetic failure lines - Add check_ban_status.sh with optional --unban flag - Add dev-ban-test Makefile target for one-command smoke testing - Write Docker/fail2ban-dev-config/README.md with setup and troubleshooting docs - Update .gitignore to track custom config files while still excluding auto-generated linuxserver fail2ban files	2026-03-03 21:00:08 +01:00

Author

SHA1

Message

Date

Lukas

cbad4ea706

Add ban management features and update documentation

- Implement ban model, service, and router endpoints in backend
- Add ban table component and dashboard integration in frontend
- Update ban-related types and API endpoints
- Add comprehensive tests for ban service and dashboard router
- Update documentation (Features, Tasks, Architecture, Web-Design)
- Clean up old fail2ban configuration files
- Update Makefile with new commands

2026-03-06 20:33:42 +01:00

Lukas

08b8f3872a

fix: reload/stop jail 404 + access list simulator

Task 1 — fix Stop/Reload Jail returning 404
  Root cause: reload_jail and reload_all sent an empty config stream
  (["reload", name, [], []]).  In fail2ban's reload protocol the end-of-
  reload phase deletes every jail still in reload_state — i.e. every jail
  that received no configuration commands.  An empty stream means *all*
  affected jails are silently removed from the daemon's runtime, causing
  everything touching those jails afterwards (including stop) to receive
  UnknownJailException → HTTP 404.

  Fixes:
  - reload_jail: send ["start", name] in the config stream; startJail()
    removes the jail from reload_state so the end phase commits instead of
    deletes, and un-idles the jail.
  - reload_all: fetch current jail list first, build a ["start", name]
    entry for every active jail, then send reload --all with that stream.
  - stop_jail: made idempotent — if the jail is already gone (not-found
    error) the operation silently succeeds (200 OK) rather than returning
    404, matching the user expectation that stop = ensure-stopped.
  - Router: removed dead JailNotFoundError handler from stop endpoint.

  391 tests pass (2 new), ruff clean, mypy clean (pre-existing
  config.py error unchanged).

Task 2 — access list simulator
  - Docker/simulate_accesses.sh: writes fake HTTP-scan log lines in
    custom format (bangui-access: http scan from <IP> ...) to
    Docker/logs/access.log so the bangui-access jail detects them.
  - fail2ban/filter.d/bangui-access.conf: failregex matching the above.
  - fail2ban/jail.d/bangui-access.conf: polling jail on access.log,
    same settings as bangui-sim (maxretry=3, bantime=60s).
  - .gitignore: whitelist new bangui-access.conf files.
  - Docker/fail2ban-dev-config/README.md: added "Testing the Access
    List Feature" section with step-by-step instructions and updated
    Configuration Reference + Troubleshooting.

2026-03-06 19:49:31 +01:00

Lukas

1c89454197

Add fail2ban dev test environment (Stage 0)

- Add bangui-sim filter (filter.d/bangui-sim.conf) matching the
  simulated authentication failure log format
- Add bangui-sim jail (jail.d/bangui-sim.conf) with maxretry=3,
  bantime=60s, findtime=120s, ignoreip safeguard, polling backend
- Mount Docker/logs/ into fail2ban container at /remotelogs/bangui
  in compose.debug.yml
- Add simulate_failed_logins.sh to write synthetic failure lines
- Add check_ban_status.sh with optional --unban flag
- Add dev-ban-test Makefile target for one-command smoke testing
- Write Docker/fail2ban-dev-config/README.md with setup and
  troubleshooting docs
- Update .gitignore to track custom config files while still
  excluding auto-generated linuxserver fail2ban files

2026-03-03 21:00:08 +01:00

3 Commits