diff options
author | sebres <serg.brester@sebres.de> | 2022-02-09 17:10:19 +0100 |
---|---|---|
committer | sebres <serg.brester@sebres.de> | 2022-02-09 17:10:19 +0100 |
commit | a2431158f670867e65534674b640cd0672a85e49 (patch) | |
tree | a2e3b81f1addb6edd1b605aa717128bb18152778 | |
parent | 13520a0494e24203c50ce5826a227d06632d6f01 (diff) | |
download | fail2ban-a2431158f670867e65534674b640cd0672a85e49.tar.gz |
implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`;
fixes gh-3005
-rw-r--r-- | config/jail.conf | 2 | ||||
-rw-r--r-- | config/paths-common.conf | 3 | ||||
-rw-r--r-- | fail2ban/client/jailreader.py | 11 |
3 files changed, 8 insertions, 8 deletions
diff --git a/config/jail.conf b/config/jail.conf index e827167b..fe8db527 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -346,7 +346,7 @@ maxretry = 2 port = http,https logpath = %(apache_access_log)s maxretry = 1 -ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip> +ignorecommand = %(fail2ban_confpath)s/filter.d/ignorecommands/apache-fakegooglebot <ip> [apache-modsecurity] diff --git a/config/paths-common.conf b/config/paths-common.conf index 7383cafe..4f6a5f71 100644 --- a/config/paths-common.conf +++ b/config/paths-common.conf @@ -91,6 +91,3 @@ mysql_log = %(syslog_daemon)s mysql_backend = %(default_backend)s roundcube_errors_log = /var/log/roundcube/errors - -# Directory with ignorecommand scripts -ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py index f3ccf7db..37746d4c 100644 --- a/fail2ban/client/jailreader.py +++ b/fail2ban/client/jailreader.py @@ -121,9 +121,12 @@ class JailReader(ConfigReader): def getOptions(self): + basedir = self.getBaseDir() + # Before interpolation (substitution) add static options always available as default: self.merge_defaults({ - "fail2ban_version": version + "fail2ban_version": version, + "fail2ban_confpath": basedir }) try: @@ -146,7 +149,7 @@ class JailReader(ConfigReader): raise JailDefError("Invalid filter definition %r: %s" % (flt, e)) self.__filter = FilterReader( filterName, self.__name, filterOpt, - share_config=self.share_config, basedir=self.getBaseDir()) + share_config=self.share_config, basedir=basedir) ret = self.__filter.read() if not ret: raise JailDefError("Unable to read the filter %r" % filterName) @@ -186,13 +189,13 @@ class JailReader(ConfigReader): "addaction", actOpt.pop("actname", os.path.splitext(actName)[0]), os.path.join( - self.getBaseDir(), "action.d", actName), + basedir, "action.d", actName), json.dumps(actOpt), ]) else: action = ActionReader( actName, self.__name, actOpt, - share_config=self.share_config, basedir=self.getBaseDir()) + share_config=self.share_config, basedir=basedir) ret = action.read() if ret: action.getOptions(self.__opts) |