Add support for age purge bans database option

https://forum.virtualmin.com/t/change-fail2ban-times/124311/3?u=ilia
webmin · Jan 5, 2024 · 7fd3b9e · 7fd3b9e
1 parent 1bd70e7
commit 7fd3b9e
Show file tree

Hide file tree

Showing 4 changed files with 150 additions and 0 deletions.
diff --git a/fail2ban/edit_config.cgi b/fail2ban/edit_config.cgi
@@ -11,6 +11,7 @@ our (%in, %text);
 my $conf = &get_config();
 my ($def) = grep { $_->{'name'} eq 'Definition' } @$conf;
 $def || &error($text{'config_edef'});
+my ($DEF) = grep { $_->{'name'} eq 'DEFAULT' } @$conf;
 
 &ui_print_header(undef, $text{'config_title'}, "");
 
@@ -51,6 +52,37 @@ my $socket = &find_value("socket", $def);
 print &ui_table_row($text{'config_socket'},
 	&ui_opt_textbox("socket", $socket, 40, $text{'default'}));
 
+# DB Purge Age
+if ($DEF) {
+	my $dbpurgeage = &find_value("dbpurgeage", $DEF);
+	my @dbpurgeages = (
+			[ '', '' ],
+			[ '900', $text{'config_dbpurgeage_15m'} ],
+			[ '1800', $text{'config_dbpurgeage_30m'} ],
+			[ '3600', $text{'config_dbpurgeage_1h'} ],
+			[ '21600', $text{'config_dbpurgeage_6h'} ],
+			[ '43200', $text{'config_dbpurgeage_12h'} ],
+			[ '86400', $text{'config_dbpurgeage_1d'} ],
+			[ '259200', $text{'config_dbpurgeage_3d'} ],
+			[ '604800', $text{'config_dbpurgeage_1w'} ],
+			[ '1209600', $text{'config_dbpurgeage_2w'} ],
+			[ '2629800', $text{'config_dbpurgeage_1mo'} ] );
+
+	# Check of $dbpurgeage is in @dbpurgeages
+	my $time_in_seconds = &time_to_seconds($dbpurgeage);
+	my $dbpurgestd = grep { $_->[0] eq $time_in_seconds } @dbpurgeages;
+	my $dbpurge_def = $time_in_seconds == 86400 ? 1 : $dbpurgestd ? 0 : 2;
+	my $depurgeagelabeled = $dbpurge_def == 2 ? &seconds_to_time($dbpurgeage) : undef;
+	print &ui_table_row($text{'config_dbpurgeage'},
+		&ui_radio('dbpurgeage', $dbpurge_def,
+		[ [ 1, $text{'config_dbpurgeagedef'}."&nbsp;" ],
+		  [ 0, $text{'config_dbpurgeagesel'}."&nbsp;".
+		  	&ui_select("dbpurgeagesel", $time_in_seconds, \@dbpurgeages) ],
+		  [ 2, $text{'config_dbpurgeagecus'}."&nbsp;".
+		  	&ui_textbox("dbpurgeagecus", $depurgeagelabeled, 15) ]
+		]));
+	}
+
 print &ui_table_end();
 print &ui_form_end([ [ undef, $text{'save'} ] ]);
 

diff --git a/fail2ban/fail2ban-lib.pl b/fail2ban/fail2ban-lib.pl
@@ -577,4 +577,83 @@ sub unblock_jail
 	}
 }
 
+# Convert human readable time to seconds
+sub time_to_seconds
+{
+my ($time) = @_;
+my $seconds;
+my ($number, $unit) = $time =~ /^(\d+)\s*(year|years|month|months|week|weeks|day|days|hour|hours|min|minute|minutes|sec|second|seconds|y|mo|w|d|h|m|s)$/;
+if ($number && $unit) {
+	$seconds = $number if ($unit =~ /^s/);
+	$seconds = $number * 60 if ($unit =~ /^m$|^min/);
+	$seconds = $number * 3600 if ($unit =~ /^h/);
+	$seconds = $number * 86400 if ($unit =~ /^d/);
+	$seconds = $number * 604800 if ($unit =~ /^w/);
+	$seconds = $number * 2629800 if ($unit =~ /^mo/);
+	$seconds = $number * 31557600 if ($unit =~ /^y/);
+	}
+else {
+	$seconds = int($time);
+	}
+return $seconds;
+}
+
+# Convert seconds to human readable time
+sub seconds_to_time {
+    my ($seconds) = @_;
+    my ($number, $unit) = $seconds =~ /^(\d+)\s*(year|years|month|months|week|weeks|day|days|hour|hours|min|minute|minutes|sec|second|seconds|y|mo|w|d|h|m|s)$/;
+    return $seconds if ($unit);
+    my $time;
+    if ($seconds >= 31557600) {
+	my $years = int($seconds / 31557600);
+        $time = $years . " " .
+		($years > 1 ? $text{'config_dbpurgeagecusyrs'} :
+			$text{'config_dbpurgeagecusyr'});
+    } elsif ($seconds >= 2629800) {
+	my $months = int($seconds / 2629800);
+        $time = $months . " " .
+		($months > 1 ? $text{'config_dbpurgeagecusmos'} :
+			$text{'config_dbpurgeagecusmo'});
+    } elsif ($seconds >= 604800) {
+	my $weeks = int($seconds / 604800);
+        $time = $weeks . " " .
+		($weeks > 1 ? $text{'config_dbpurgeagecuswks'} :
+			$text{'config_dbpurgeagecuswk'});
+    } elsif ($seconds >= 86400) {
+	my $days = int($seconds / 86400);
+        $time = $days . " " .
+		($days > 1 ? $text{'config_dbpurgeagecusdays'} :
+			$text{'config_dbpurgeagecusday'});
+    } elsif ($seconds >= 3600) {
+	my $hours = int($seconds / 3600);
+        $time = $hours . " " .
+		($hours > 1 ? $text{'config_dbpurgeagecushrs'} :
+			$text{'config_dbpurgeagecushr'});
+    } elsif ($seconds >= 60) {
+	my $minutes = int($seconds / 60);
+        $time = $minutes . " " .
+		($minutes > 1 ? $text{'config_dbpurgeagecusmins'} :
+			$text{'config_dbpurgeagecusmin'});
+    } else {
+        $time = $seconds . " " .
+		(int($seconds / 60) > 1 ? $text{'config_dbpurgeagecussecs'} :
+			$text{'config_dbpurgeagecussec'});
+    }
+    return $time;
+}
+
+# Test if given format is correct
+sub time_to_seconds_error
+{
+my ($time) = @_;
+my ($seconds) = $time =~ /^(\d+)$/;
+return 0 if ($seconds);
+my ($number, $unit) = $time =~ /^(\d+)\s*(year|years|month|months|week|weeks|day|days|hour|hours|min|minute|minutes|sec|second|seconds|y|mo|w|d|h|m|s)$/;
+return 0 if ($number && $unit);
+my ($ewrongunit) = $time =~ /^\d+\s*(\S+)\s*$/;
+return &text('config_ewrongunit', $ewrongunit) if ($ewrongunit);
+return $text{'config_ewrongtime'} if ($time !~ /^(\d+)$/ || $time == 0);
+return 0;
+}
+
 1;
diff --git a/fail2ban/lang/en b/fail2ban/lang/en
@@ -164,6 +164,36 @@ config_socket=Socket for communication with server
 config_err=Failed to save global configuration
 config_elogtarget=File to write logs to must be an absolute path
 config_esocket=Socket file must be an absolute path
+config_dbpurgeage=Age at which bans should be purged from the database
+config_dbpurgeage_15m=15 minutes
+config_dbpurgeage_30m=30 minutes
+config_dbpurgeage_1h=1 hour
+config_dbpurgeage_6h=6 hours
+config_dbpurgeage_12h=12 hours
+config_dbpurgeage_1d=1 day
+config_dbpurgeage_3d=3 days
+config_dbpurgeage_1w=1 week
+config_dbpurgeage_2w=2 weeks
+config_dbpurgeage_1mo=1 month
+config_ewrongunit=Invalid unit <tt>$1</tt> for database purge age
+config_ewrongtime=Invalid time for database purge age. Time for database purge age must be a number greater than zero
+config_dbpurgeagedef=Default
+config_dbpurgeagesel=Selected
+config_dbpurgeagecus=Custom
+config_dbpurgeagecussec=second
+config_dbpurgeagecussecs=seconds
+config_dbpurgeagecusmin=minute
+config_dbpurgeagecusmins=minutes
+config_dbpurgeagecushr=hour
+config_dbpurgeagecushrs=hours
+config_dbpurgeagecusday=day
+config_dbpurgeagecusdays=days
+config_dbpurgeagecuswk=week
+config_dbpurgeagecuswks=weeks
+config_dbpurgeagecusmo=month
+config_dbpurgeagecusmos=months
+config_dbpurgeagecusyr=year
+config_dbpurgeagecusyrs=years
 
 manual_title=Edit Config Files
 manual_desc=File to edit:

diff --git a/fail2ban/save_config.cgi b/fail2ban/save_config.cgi
@@ -13,6 +13,7 @@ our (%in, %text, %config);
 my $conf = &get_config();
 my ($def) = grep { $_->{'name'} eq 'Definition' } @$conf;
 $def || &error($text{'config_edef'});
+my ($DEF) = grep { $_->{'name'} eq 'DEFAULT' } @$conf;
 
 # Validate inputs
 if ($in{'logtarget_def'} eq 'file') {
@@ -31,6 +32,14 @@ if (!$in{'socket_def'}) {
 	$in{'logtarget_def'} eq 'file' ? $in{'logtarget'} :
 					 $in{'logtarget_def'}, $def);
 &save_directive("socket", $in{'socket_def'} ? undef : $in{'socket'}, $def);
+if ($DEF) {
+	my $time = $in{'dbpurgeage'} == 1 ? 86400 :
+			$in{'dbpurgeage'} == 2 ?
+				$in{'dbpurgeagecus'} : $in{'dbpurgeagesel'};
+	my $conf_time_error = &time_to_seconds_error($time);
+	&error($conf_time_error) if ($conf_time_error);
+	&save_directive("dbpurgeage", $time, $DEF);
+	}
 
 &unlock_all_config_files();
 &webmin_log("config");