Update

Author: Sylvain

config.inc.php

@@ -0,0 +1,9 @@
+<?php
+  #####################
+  #     CONSTANTS     #
+  #####################
+  define("SUDO", "/run/wrappers/bin/sudo");
+  define("F2BC", "/run/current-system/sw/bin/fail2ban-client");
+  define("GREP", "/run/current-system/sw/bin/grep");
+  define("AWK", "/run/current-system/sw/bin/awk");
+?>

engine.inc.php

@@ -1,82 +1,93 @@
-<?php
-
-  #####################
-  #     LANGUAGE      #
-  #####################
-  $lang=substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
-  if(stream_resolve_include_path("language/$lang.php")) {
-    include ("language/$lang.php");
-  } else {
-    include ("language/fr.php");
-  }
-
-  #####################
-  #    FUNCTIONS      #
-  #####################
-
-  function list_jails() {
-    global $f2b;
-    $jails=array();
-    $erg=@exec('sudo /usr/bin/fail2ban-client status | grep "Jail list:" | awk -F ":" \'{print $2}\' | awk \'{$1=$1;print}\'');
-    $erg=explode(",",$erg);
-    foreach($erg as $jail) {
-      $jails[trim($jail)]=false;
-    }
-    ksort($jails);
-    return $jails;
-  }
-
-  function jail_info($jail) {
-    global $f2b;
-    $info=array();
-    $erg=@exec('sudo /usr/bin/fail2ban-client get '.escapeshellarg($jail).' findtime ');
-    if(is_numeric($erg)) {
-      $info['findtime']='findtime: '.$erg;
-    }
-    $erg=@exec('sudo /usr/bin/fail2ban-client get '.escapeshellarg($jail).' bantime ');
-    if(is_numeric($erg)) {
-      $info['bantime']='bantime: '.$erg;
-    }
-    $erg=@exec('sudo /usr/bin/fail2ban-client get '.escapeshellarg($jail).' maxretry ');
-    if(is_numeric($erg)) {
-      $info['maxretry']='maxretry: '.$erg;
-    }
-    return $info;
-  }
-
-  function list_clients_banned($jail,$usedns) {
-    global $f2b;
-    $clients_banned=array();
-    $erg=@exec('sudo /usr/bin/fail2ban-client status '.$jail.' | grep "IP list:" | awk -F "list:" \'{print$2}\' | awk \'{$1=$1;print}\'');
-    if($erg!='') {
-      $clients_banned=explode(" ",$erg);
-      if($usedns==1) {
-        foreach($clients_banned as $client_banned=>$client) {
-          $client_dns=gethostbyaddr($client);
-          if($client_dns==$client) {
-            $client_dns=' ('.$GLOBALS['unknown'].')';
-          } else {
-            $client_dns=' ('.$client_dns.')';
-          }
-          $clients_banned[$client_banned].=$client_dns;
-        }
-      }
-      return $clients_banned;
-    }
-    return false;
-  }
-
-  function ban_unban_ip($action,$jail,$ip) {
-    if($jail=='') {
-      return 'nojailselected';
-    } elseif(!filter_var($ip,FILTER_VALIDATE_IP)) {
-      return 'ipnotvalid';
-    }
-    $erg=@exec('sudo /usr/bin/fail2ban-client set '.escapeshellarg($jail).' '.escapeshellarg($action).' '.escapeshellarg($ip));
-    if($erg!=1) {
-      return 'couldnot';
-    }
-    return 'OK';
-  }
-
-?>
+<?php
+
+  require_once('config.inc.php');
+
+  #####################
+  #     LANGUAGE      #
+  #####################
+  $lang=substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
+  if(stream_resolve_include_path("language/$lang.php")) {
+    include ("language/$lang.php");
+  } else {
+    include ("language/fr.php");
+  }
+
+  #####################
+  #    FUNCTIONS      #
+  #####################
+
+  function available() {
+    $erg=@exec(SUDO.' '.F2BC.' status');
+    if($erg==''){
+        return false;
+      } else {
+        return true;
+      }
+  }
+
+  function list_jails() {
+    global $f2b;
+    $jails=array();
+    $erg=@exec(SUDO.' '.F2BC.' status | '.GREP.' "Jail list:" | '.AWK.' -F ":" \'{print $2}\' | '.AWK.' \'{$1=$1;print}\'');
+    $erg=explode(",",$erg);
+    foreach($erg as $jail) {
+      $jails[trim($jail)]=false;
+    }
+    ksort($jails);
+    return $jails;
+  }
+
+  function jail_info($jail) {
+    global $f2b;
+    $info=array();
+    $erg=@exec(SUDO.' '.F2BC.' get '.escapeshellarg($jail).' findtime ');
+    if(is_numeric($erg)) {
+      $info['findtime']='findtime: '.$erg;
+    }
+    $erg=@exec(SUDO.' '.F2BC.' get '.escapeshellarg($jail).' bantime ');
+    if(is_numeric($erg)) {
+      $info['bantime']='bantime: '.$erg;
+    }
+    $erg=@exec(SUDO.' '.F2BC.' get '.escapeshellarg($jail).' maxretry ');
+    if(is_numeric($erg)) {
+      $info['maxretry']='maxretry: '.$erg;
+    }
+    return $info;
+  }
+
+  function list_clients_banned($jail,$usedns) {
+    global $f2b;
+    $clients_banned=array();
+    $erg=@exec(SUDO.' '.F2BC.' status '.$jail.' | '.GREP.' "IP list:" | '.AWK.' -F "list:" \'{print$2}\' | '.AWK.' \'{$1=$1;print}\'');
+    if($erg!='') {
+      $clients_banned=explode(" ",$erg);
+      if($usedns==1) {
+        foreach($clients_banned as $client_banned=>$client) {
+          $client_dns=gethostbyaddr($client);
+          if($client_dns==$client) {
+            $client_dns=' ('.$GLOBALS['unknown'].')';
+          } else {
+            $client_dns=' ('.$client_dns.')';
+          }
+          $clients_banned[$client_banned].=$client_dns;
+        }
+      }
+      return $clients_banned;
+    }
+    return false;
+  }
+
+  function ban_unban_ip($action,$jail,$ip) {
+    if($jail=='') {
+      return 'nojailselected';
+    } elseif(!filter_var($ip,FILTER_VALIDATE_IP)) {
+      return 'ipnotvalid';
+    }
+    $erg=@exec(SUDO.' '.F2BC.' set '.escapeshellarg($jail).' '.escapeshellarg($action).' '.escapeshellarg($ip));
+    if($erg!=1) {
+      return 'couldnot';
+    }
+    return 'OK';
+  }
+
+?>

examples/fail2ban-web-start.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# Poll until the socket file exists
+while ! [ -S "__FAIL2BAN_SOCK__" ]
+do
+	sleep 1
+done
+
+# Poll until netcat notices someone's listening on the socket
+while ! /bin/nc -zU "__FAIL2BAN_SOCK__"
+do
+	sleep 1
+done
+
+/bin/chmod u=rw,g=rw,o= "__FAIL2BAN_SOCK__"

examples/systemd.service

@@ -8,7 +8,7 @@ Type=oneshot
 # Only root can fully execute chmod
 User=root
 Group=root
-ExecStart=/bin/chmod 660 /var/run/fail2ban/fail2ban.sock
+ExecStart=__INSTALL_DIR__/fail2ban-web-start.sh
 
 [Install]
 WantedBy=multi-user.target