From d6d51e352c47720d3c515fd9a9f4a261d6fa2d7d Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Fri, 11 Oct 2013 00:06:13 +1100 Subject: [PATCH] ENH: order config as jail.conf, jail.d/*.conf, jail.local, jail.d/*.local. closes gh-388 --- client/configreader.py | 13 ++++++++----- man/jail.conf.5 | 14 +++++++++++++- testcases/clientreadertestcase.py | 9 ++++++--- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/client/configreader.py b/client/configreader.py index 3d3aff94..96aab5f3 100644 --- a/client/configreader.py +++ b/client/configreader.py @@ -54,16 +54,19 @@ class ConfigReader(SafeConfigParserWithIncludes): % self._basedir) basename = os.path.join(self._basedir, filename) logSys.debug("Reading configs for %s under %s " % (basename, self._basedir)) - config_files = [ basename + ".conf", - basename + ".local" ] - - # choose only existing ones - config_files = filter(os.path.exists, config_files) + config_files = [ basename + ".conf" ] # possible further customizations under a .conf.d directory config_dir = basename + '.d' config_files += sorted(glob.glob('%s/*.conf' % config_dir)) + config_files.append(basename + ".local") + + config_files += sorted(glob.glob('%s/*.local' % config_dir)) + + # choose only existing ones + config_files = filter(os.path.exists, config_files) + if len(config_files): # at least one config exists and accessible logSys.debug("Reading config files: " + ', '.join(config_files)) diff --git a/man/jail.conf.5 b/man/jail.conf.5 index 8f281ce4..2d1f362d 100644 --- a/man/jail.conf.5 +++ b/man/jail.conf.5 @@ -1,7 +1,10 @@ -.TH JAIL.CONF "5" "March 2013" "Fail2Ban" "Fail2Ban Configuration" +.TH JAIL.CONF "10" "October 2013" "Fail2Ban" "Fail2Ban Configuration" .SH NAME jail.conf \- configuration for the fail2ban server .SH SYNOPSIS + +.I fail2ban.conf fail2ban.d/*.conf fail2ban.d/*.local + .I jail.conf / jail.local .I action.d/*.conf action.d/*.local @@ -45,6 +48,15 @@ identical entries, parsed alphabetically, e.g. .RE .RE +The order \fIjail\fR configuration is parsed is: + +jail.conf , +jail.d/*.conf (in alphabetical order), +jail.local, followed by +jail.d/*.local (in alphabetical order). + +Likewise for fail2ban configuration. + .SH DEFAULT The following options are applicable to all jails. Their meaning is described in the default \fIjail.conf\fR file. .TP diff --git a/testcases/clientreadertestcase.py b/testcases/clientreadertestcase.py index 01c8e656..773d5072 100644 --- a/testcases/clientreadertestcase.py +++ b/testcases/clientreadertestcase.py @@ -82,8 +82,6 @@ option = %s self.assertEqual(self._getoption(), 1) self._write("c.conf", "2") # overwrite self.assertEqual(self._getoption(), 2) - self._write("c.local", "3") # add override in .local - self.assertEqual(self._getoption(), 3) self._write("c.d/98.conf", "998") # add 1st override in .d/ self.assertEqual(self._getoption(), 998) self._write("c.d/90.conf", "990") # add previously sorted override in .d/ @@ -95,10 +93,15 @@ option = %s self._remove("c.d/98.conf") self.assertEqual(self._getoption(), 990) self._remove("c.d/90.conf") + self.assertEqual(self._getoption(), 2) + self._write("c.local", "3") # add override in .local self.assertEqual(self._getoption(), 3) + self._write("c.d/5.local", "9") # add override in c.d/*.local + self.assertEqual(self._getoption(), 9) self._remove("c.conf") # we allow to stay without .conf - self.assertEqual(self._getoption(), 3) + self.assertEqual(self._getoption(), 9) self._write("c.conf", "1") + self._remove("c.d/5.local") self._remove("c.local") self.assertEqual(self._getoption(), 1)