From 6c64ffbd49cd99f0b4649703aa68b6e4e4b390b2 Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 29 Jun 2017 10:29:56 +0200 Subject: [PATCH] [acme-mailcow] Auto-detect container ids for restart; Restart containers after restore --- data/web/admin.php | 2 +- data/web/inc/functions.fail2ban.inc.php | 93 +++++++++++++++++++++++++ data/web/inc/functions.inc.php | 90 ------------------------ data/web/inc/prerequisites.inc.php | 1 + data/web/json_api.php | 2 +- data/web/lang/lang.de.php | 2 + data/web/lang/lang.en.php | 2 + 7 files changed, 100 insertions(+), 92 deletions(-) create mode 100644 data/web/inc/functions.fail2ban.inc.php diff --git a/data/web/admin.php b/data/web/admin.php index 787129f0..8c01b340 100644 --- a/data/web/admin.php +++ b/data/web/admin.php @@ -274,7 +274,7 @@ $tfa_data = get_tfa();
Fail2Ban parameters
diff --git a/data/web/inc/functions.fail2ban.inc.php b/data/web/inc/functions.fail2ban.inc.php new file mode 100644 index 00000000..c9644d5f --- /dev/null +++ b/data/web/inc/functions.fail2ban.inc.php @@ -0,0 +1,93 @@ +Get('F2B_BAN_TIME'); + $data['max_attempts'] = $redis->Get('F2B_MAX_ATTEMPTS'); + $data['retry_window'] = $redis->Get('F2B_RETRY_WINDOW'); + $wl = $redis->hGetAll('F2B_WHITELIST'); + if (is_array($wl)) { + foreach ($wl as $key => $value) { + $tmp_data[] = $key; + } + $data['whitelist'] = implode(PHP_EOL, $tmp_data); + } + else { + $data['whitelist'] = ""; + } + } + catch (RedisException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'Redis: '.$e + ); + return false; + } + return $data; + break; + case 'edit': + if ($_SESSION['mailcow_cc_role'] != "admin") { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + $is_now = fail2ban('get'); + if (!empty($is_now)) { + $ban_time = intval((isset($_data['ban_time'])) ? $_data['ban_time'] : $is_now['ban_time']); + $max_attempts = intval((isset($_data['max_attempts'])) ? $_data['max_attempts'] : $is_now['active_int']); + $retry_window = intval((isset($_data['retry_window'])) ? $_data['retry_window'] : $is_now['retry_window']); + } + else { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => sprintf($lang['danger']['access_denied']) + ); + return false; + } + $wl = $_data['whitelist']; + $ban_time = ($ban_time < 60) ? 60 : $ban_time; + $max_attempts = ($max_attempts < 1) ? 1 : $max_attempts; + $retry_window = ($retry_window < 1) ? 1 : $retry_window; + try { + $redis->Set('F2B_BAN_TIME', $ban_time); + $redis->Set('F2B_MAX_ATTEMPTS', $max_attempts); + $redis->Set('F2B_RETRY_WINDOW', $retry_window); + $redis->Del('F2B_WHITELIST'); + if(!empty($wl)) { + $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl)); + if (is_array($wl_array)) { + foreach ($wl_array as $wl_item) { + $cidr = explode('/', $wl_item); + if (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 32))) { + $redis->hSet('F2B_WHITELIST', $wl_item, 1); + } + elseif (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 128))) { + $redis->hSet('F2B_WHITELIST', $wl_item, 1); + } + } + } + } + } + catch (RedisException $e) { + $_SESSION['return'] = array( + 'type' => 'danger', + 'msg' => 'Redis: '.$e + ); + return false; + } + $_SESSION['return'] = array( + 'type' => 'success', + 'msg' => sprintf($lang['success']['f2b_modified']) + ); + break; + } +} \ No newline at end of file diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 68a09531..948214e9 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -1435,94 +1435,4 @@ function get_logs($container, $lines = 100) { } return false; } -function get_f2b_parameters() { - global $lang; - global $redis; - $data = array(); - if ($_SESSION['mailcow_cc_role'] != "admin") { - return false; - } - try { - $data['ban_time'] = $redis->Get('F2B_BAN_TIME'); - $data['max_attempts'] = $redis->Get('F2B_MAX_ATTEMPTS'); - $data['retry_window'] = $redis->Get('F2B_RETRY_WINDOW'); - $wl = $redis->hGetAll('F2B_WHITELIST'); - if (is_array($wl)) { - foreach ($wl as $key => $value) { - $tmp_data[] = $key; - } - $data['whitelist'] = implode(PHP_EOL, $tmp_data); - } - else { - $data['whitelist'] = ""; - } - } - catch (RedisException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'Redis: '.$e - ); - return false; - } - return $data; -} -function edit_f2b_parameters($postarray) { - global $lang; - global $redis; - if ($_SESSION['mailcow_cc_role'] != "admin") { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['access_denied']) - ); - return false; - } - $is_now = get_f2b_parameters(); - if (!empty($is_now)) { - $ban_time = intval((isset($postarray['ban_time'])) ? $postarray['ban_time'] : $is_now['ban_time']); - $max_attempts = intval((isset($postarray['max_attempts'])) ? $postarray['max_attempts'] : $is_now['active_int']); - $retry_window = intval((isset($postarray['retry_window'])) ? $postarray['retry_window'] : $is_now['retry_window']); - } - else { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => sprintf($lang['danger']['access_denied']) - ); - return false; - } - $wl = $postarray['whitelist']; - $ban_time = ($ban_time < 60) ? 60 : $ban_time; - $max_attempts = ($max_attempts < 1) ? 1 : $max_attempts; - $retry_window = ($retry_window < 1) ? 1 : $retry_window; - try { - $redis->Set('F2B_BAN_TIME', $ban_time); - $redis->Set('F2B_MAX_ATTEMPTS', $max_attempts); - $redis->Set('F2B_RETRY_WINDOW', $retry_window); - $redis->Del('F2B_WHITELIST'); - if(!empty($wl)) { - $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl)); - if (is_array($wl_array)) { - foreach ($wl_array as $wl_item) { - $cidr = explode('/', $wl_item); - if (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 32))) { - $redis->hSet('F2B_WHITELIST', $wl_item, 1); - } - elseif (filter_var($cidr[0], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) && (!isset($cidr[1]) || ($cidr[1] >= 0 && $cidr[1] <= 128))) { - $redis->hSet('F2B_WHITELIST', $wl_item, 1); - } - } - } - } - } - catch (RedisException $e) { - $_SESSION['return'] = array( - 'type' => 'danger', - 'msg' => 'Redis: '.$e - ); - return false; - } - $_SESSION['return'] = array( - 'type' => 'success', - 'msg' => 'Saved changes to Fail2ban configuration' - ); -} ?> diff --git a/data/web/inc/prerequisites.inc.php b/data/web/inc/prerequisites.inc.php index a1dd4d58..b8abb804 100644 --- a/data/web/inc/prerequisites.inc.php +++ b/data/web/inc/prerequisites.inc.php @@ -64,6 +64,7 @@ require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.mailbox.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.policy.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.dkim.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fwdhost.inc.php'; +require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/functions.fail2ban.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/init_db.inc.php'; require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/triggers.inc.php'; init_db_schema(); diff --git a/data/web/json_api.php b/data/web/json_api.php index d891f88d..0ed10556 100644 --- a/data/web/json_api.php +++ b/data/web/json_api.php @@ -1925,7 +1925,7 @@ if (isset($_SESSION['mailcow_cc_role']) || isset($_SESSION['pending_mailcow_cc_u // No items if (isset($_POST['attr'])) { $attr = (array)json_decode($_POST['attr'], true); - if (edit_f2b_parameters($attr) === false) { + if (fail2ban('edit', $attr) === false) { if (isset($_SESSION['return'])) { echo json_encode($_SESSION['return']); } diff --git a/data/web/lang/lang.de.php b/data/web/lang/lang.de.php index a9009fcc..ea8fe9da 100644 --- a/data/web/lang/lang.de.php +++ b/data/web/lang/lang.de.php @@ -49,6 +49,7 @@ $lang['success']['aliasd_modified'] = 'Änderungen an Alias-Domain %s wurden ges $lang['success']['mailbox_modified'] = 'Änderungen an Mailbox %s wurden gespeichert'; $lang['success']['resource_modified'] = "Änderungen an Ressource %s wurden gespeichert"; $lang['success']['object_modified'] = "Änderungen an Objekt %s wurden gespeichert"; +$lang['success']['f2b_modified'] = "Änderungen an Fail2ban Parametern wurden gespeichert"; $lang['success']['msg_size_saved'] = 'Limit wurde gesetzt'; $lang['danger']['aliasd_not_found'] = 'Alias-Domain nicht gefunden'; $lang['danger']['targetd_not_found'] = 'Ziel-Domain nicht gefunden'; @@ -417,6 +418,7 @@ $lang['tfa']['enter_qr_code'] = "Falls Sie den angezeigten QR-Code nicht scannen $lang['tfa']['confirm_totp_token'] = "Bitte bestätigen Sie die Änderung durch Eingabe eines generierten Tokens"; $lang['admin']['search_domain_da'] = 'Domains durchsuchen'; +$lang['admin']['f2b_parameters'] = 'Fail2ban Parameter'; $lang['admin']['restrictions'] = 'Postfix Restriktionen'; $lang['admin']['rr'] = 'Postfix Empfänger Restriktionen'; $lang['admin']['sr'] = 'Postfix Sender Restriktionen'; diff --git a/data/web/lang/lang.en.php b/data/web/lang/lang.en.php index c49a535f..d6d4256a 100644 --- a/data/web/lang/lang.en.php +++ b/data/web/lang/lang.en.php @@ -51,6 +51,7 @@ $lang['success']['aliasd_modified'] = "Changes to alias domain have been saved"; $lang['success']['mailbox_modified'] = "Changes to mailbox %s have been saved"; $lang['success']['resource_modified'] = "Changes to mailbox %s have been saved"; $lang['success']['object_modified'] = "Changes to object %s have been saved"; +$lang['success']['f2b_modified'] = "Changes to Fail2ban parameters have been saved"; $lang['success']['msg_size_saved'] = "Message size limit has been set"; $lang['danger']['aliasd_not_found'] = "Alias domain not found"; $lang['danger']['targetd_not_found'] = "Target domain not found"; @@ -421,6 +422,7 @@ $lang['tfa']['scan_qr_code'] = "Please scan the following code with your authent $lang['tfa']['enter_qr_code'] = "Your TOTP code if your device cannot scan QR codes"; $lang['tfa']['confirm_totp_token'] = "Please confirm your changes by entering the generated token"; +$lang['admin']['f2b_parameters'] = 'Fail2ban parameters'; $lang['admin']['search_domain_da'] = 'Search domains'; $lang['admin']['restrictions'] = 'Postfix Restrictions'; $lang['admin']['rr'] = 'Postfix Recipient Restrictions';