implements new interpolation variable `%(fail2ban_confpath)s` (automatically substituted from config-reader path, default `/etc/fail2ban` or `/usr/local/etc/fail2ban` depending on distribution); `ignorecommands_dir` is unneeded anymore, thus removed from `paths-common.conf`;

fixes gh-3005
2022-02-09 17:10:19 +01:00 · 2022-02-09 17:10:19 +01:00 · a2431158f6
parent 13520a0494
commit a2431158f6
3 changed files with 8 additions and 8 deletions
--- a/config/jail.conf
+++ b/config/jail.conf
@ -346,7 +346,7 @@ maxretry = 2
 port     = http,https
 logpath  = %(apache_access_log)s
 maxretry = 1
-ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
+ignorecommand = %(fail2ban_confpath)s/filter.d/ignorecommands/apache-fakegooglebot <ip>


 [apache-modsecurity]
--- a/config/paths-common.conf
+++ b/config/paths-common.conf
@ -91,6 +91,3 @@ mysql_log = %(syslog_daemon)s
 mysql_backend = %(default_backend)s

 roundcube_errors_log = /var/log/roundcube/errors
-
-# Directory with ignorecommand scripts
-ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands
--- a/fail2ban/client/jailreader.py
+++ b/fail2ban/client/jailreader.py
@ -121,9 +121,12 @@ class JailReader(ConfigReader):

 	def getOptions(self):

+		basedir = self.getBaseDir()
+
 		# Before interpolation (substitution) add static options always available as default:
 		self.merge_defaults({
-			"fail2ban_version": version
+			"fail2ban_version": version,
+			"fail2ban_confpath": basedir
 		})

 		try:
@ -146,7 +149,7 @@ class JailReader(ConfigReader):
 					raise JailDefError("Invalid filter definition %r: %s" % (flt, e))
 				self.__filter = FilterReader(
 					filterName, self.__name, filterOpt, 
-					share_config=self.share_config, basedir=self.getBaseDir())
+					share_config=self.share_config, basedir=basedir)
 				ret = self.__filter.read()
 				if not ret:
 					raise JailDefError("Unable to read the filter %r" % filterName)
@ -186,13 +189,13 @@ class JailReader(ConfigReader):
 							"addaction",
 							actOpt.pop("actname", os.path.splitext(actName)[0]),
 							os.path.join(
-								self.getBaseDir(), "action.d", actName),
+								basedir, "action.d", actName),
 							json.dumps(actOpt),
 							])
 					else:
 						action = ActionReader(
 							actName, self.__name, actOpt,
-							share_config=self.share_config, basedir=self.getBaseDir())
+							share_config=self.share_config, basedir=basedir)
 						ret = action.read()
 						if ret:
 							action.getOptions(self.__opts)