Lukas
f62785aaf2
This commit implements fixes for three independent bugs in the fail2ban configuration and integration layer: 1. Task 1: Detect UnknownJailException and prevent silent failures - Added JailNotFoundError detection in jail_service.reload_all() - Enhanced error handling in config_file_service to catch JailNotFoundError - Added specific error message with logpath validation hints - Added rollback test for this scenario 2. Task 2: Fix iptables-allports exit code 4 (xtables lock contention) - Added global banaction setting in jail.conf with -w 5 lockingopt - Removed redundant per-jail banaction overrides from bangui-sim and blocklist-import - Added production compose documentation note 3. Task 3: Suppress log noise from unsupported backend/idle commands - Implemented capability detection to cache command support status - Double-check locking to minimize lock contention - Avoids sending unsupported get <jail> backend/idle commands - Returns default values without socket calls when unsupported All changes include comprehensive tests and maintain backward compatibility.
20 lines
837 B
Plaintext
20 lines
837 B
Plaintext
# ──────────────────────────────────────────────────────────────
|
|
# BanGUI — Simulated authentication failure jail
|
|
#
|
|
# Watches Docker/logs/auth.log (mounted at /remotelogs/bangui)
|
|
# for lines produced by Docker/simulate_failed_logins.sh.
|
|
# ──────────────────────────────────────────────────────────────
|
|
|
|
[bangui-sim]
|
|
|
|
enabled = true
|
|
filter = bangui-sim
|
|
logpath = /remotelogs/bangui/auth.log
|
|
backend = polling
|
|
maxretry = 3
|
|
findtime = 120
|
|
bantime = 60
|
|
|
|
# Never ban localhost, the Docker bridge network, or the host machine.
|
|
ignoreip = 127.0.0.0/8 ::1 172.16.0.0/12
|