Possibility to disable jails for individual services

11 years ago · e4db556bf3
parent 77ba56b52e
commit e4db556bf3
8 changed files with 16 additions and 8 deletions
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service10ssh
@ -2,7 +2,8 @@

 my $port = $sshd{'TCPPort'} || '22';
 my $status = $sshd{'status'} || 'disabled';
-return "" if ($status ne 'enabled');
+my $f2b = $sshd{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 $OUT .=<<"EOF";

 [ssh]
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service15dovecot
@ -1,7 +1,8 @@
 {

 my $status = $dovecot{'status'} || 'disabled';
-return "" if ($status ne 'enabled');
+my $f2b = $dovecot{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 my @ports = ();
 push @ports, ($imap{'TCPPort'} || '143')
    if (($imap{'status'} || 'disabled') eq 'enabled');
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service20qpsmtpd
@ -1,7 +1,8 @@
 {

 my $status = $smtpd{'status'} || 'disabled';
-return "" if ($status ne 'enabled');
+my $f2b = $qpsmtpd{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 my @ports = ();
 push @ports, ($smtpd{'TCPPort'} || '25');
 push @ports, ($ssmtpd{'TCPPort'} || '465')
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service25httpd
@ -1,7 +1,8 @@
 {

 my $status = ${'httpd-e-smith'}{'status'} || 'disabled';
-return "" if ($status ne 'enabled');
+my $f2b = ${'httpd-e-smith'}{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 my @ports = ();
 push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80');
 push @ports, ($modSSL{'TCPPort'} || '443');
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service35SOGo
@ -1,7 +1,8 @@
 {

 my $status = $sogod{'status'} || 'disabled';
-return "" if ($status ne 'enabled');
+my $f2b = $sogod{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 my @ports = ();
 push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80');
 push @ports, ($modSSL{'TCPPort'} || '443');
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service40LemonLDAPNG
@ -1,7 +1,8 @@
 {

 my $status = ${'lemonldap-ng'}{'status'} || 'disabled';
-return "" if ($status ne 'enabled');
+my $f2b = ${'lemonldap-ng'}{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 my @ports = ();
 push @ports, (${'httpd-e-smith'}{'TCPPort'} || '80');
 push @ports, ($modSSL{'TCPPort'} || '443');
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service45ftp
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service45ftp
@ -2,7 +2,8 @@

 my $port = $ftp{'TCPPort'} || '21';
 my $status = $ftp{'status'} || 'disabled';
-return "" if ($status ne 'enabled');
+my $f2b = $ftp{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 # add the data channel port
 $port .= ',20';
 $OUT .=<<"EOF";
--- a/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service50Ejabberd
+++ b/root/etc/e-smith/templates/etc/fail2ban/jail.conf/30Service50Ejabberd
@ -1,7 +1,8 @@
 {

 my $status = $ejabberd{'status'} || 'disabled';
-return "" if ($status ne 'enabled');
+my $f2b = $ejabberd{'Fail2Ban'} || 'enabled';
+return "" if (($status ne 'enabled') || ($f2b ne 'enabled'));
 my $port = $ejabberd{'TCPPorts'} || '5222,5223,5269';

 $OUT .=<<"EOF";