add new fail2ban menu

callcenter-magnus · callcenter-magnus · commit ca48140c7ff8 · 2025-04-23T11:46:30.000-03:00
diff --git a/app/model/Firewall.js b/app/model/Firewall.js
@@ -39,7 +39,7 @@ Ext.define('MBilling.model.Firewall', {
     }, {
         name: 'jail',
         type: 'string'
-    }],
+    }, 'idServername'],
     proxy: {
         type: 'uxproxy',
         module: 'firewall'
diff --git a/build/MagnusBilling-current.tar.gz b/build/MagnusBilling-current.tar.gz
diff --git a/classic/src/view/firewall/List.js b/classic/src/view/firewall/List.js
@@ -22,7 +22,7 @@ Ext.define('MBilling.view.firewall.List', {
     extend: 'Ext.ux.grid.Panel',
     alias: 'widget.firewalllist',
     store: 'Firewall',
-    initComponent: function() {
+    initComponent: function () {
         var me = this;
         me.textDelete = 'Unban';
         me.textNew = t('Ban new IP');
@@ -53,6 +53,16 @@ Ext.define('MBilling.view.firewall.List', {
                 ]
             },
             flex: 2
+        }, {
+            header: t('Server'),
+            dataIndex: 'idServername',
+            filter: {
+                type: 'string',
+                field: 'idServer.name'
+            },
+            flex: 3,
+            hidden: App.user.isClient,
+            hideable: !App.user.isClient
         }]
         me.callParent(arguments);
     }
diff --git a/protected/commands/FailtwobanipCommand.php b/protected/commands/FailtwobanipCommand.php
@@ -0,0 +1,191 @@
+<?php
+
+/**
+ * =======================================
+ * ###################################
+ * MagnusBilling
+ *
+ * @package MagnusBilling
+ * @author Adilson Leffa Magnus.
+ * @copyright Copyright (C) 2005 - 2023 MagnusSolution. All rights reserved.
+ * ###################################
+ *
+ * This software is released under the terms of the GNU Lesser General Public License v2.1
+ * A copy of which is available from http://www.gnu.org/copyleft/lesser.html
+ *
+ * Please submit bug reports, patches, etc to https://github.com/magnusbilling/mbilling/issues
+ * =======================================
+ * Magnusbilling.com <info@magnusbilling.com>
+ *
+ */
+class FailtwobanipCommand extends ConsoleCommand
+{
+    protected $resultBanIps = [];
+    protected $resultUnBanIps = [];
+    public function run($args)
+    {
+
+        /*
+        sed -i 's/ssh-iptables/sshd/g' /etc/fail2ban/jail.local 
+
+
+        echo "[ip-blacklist]
+enabled   = true
+maxretry  = 0
+findtime  = 15552000
+bantime   = -1" >> /etc/fail2ban/jail.local
+
+echo "[Definition]
+failregex = ^<HOST> \[.*\]$
+ignoreregex =
+" > /etc/fail2ban/filter.d/ip-blacklist.conf 
+
+        systemctl restart fail2ban
+        fail2ban-client status
+        
+
+        cd /root/.ssh
+        ssh-keygen -t rsa -N "" -f id_rsa
+        cat ~/.ssh/id_rsa.pub
+
+        add the ~/.ssh/id_rsa.pub on /root/.ssh/authorized_keys of the proxy and slaves.
+        */
+
+
+
+        $sql     = 'SELECT ip FROM pkg_firewall WHERE action = 3';
+        $command = Yii::app()->db->createCommand($sql);
+        $this->resultUnBanIps = $command->queryAll();
+
+        $sql     = 'DELETE FROM pkg_firewall WHERE action = 3';
+        $command = Yii::app()->db->createCommand($sql);
+
+
+        $sql     = 'SELECT ip FROM pkg_firewall WHERE action = 1';
+        $command = Yii::app()->db->createCommand($sql);
+        $this->resultBanIps = $command->queryAll();
+
+
+        $sql = 'TRUNCATE TABLE pkg_firewall';
+        Yii::app()->db->createCommand($sql)->execute();
+
+        $modelServers = Servers::model()->findAll('status IN (1,3,4)');
+
+        if (! isset($modelServers[0])) {
+
+            $modelServers = new Servers;
+
+
+            $modelServers->name     = 'Master';
+            $modelServers->host     = 'localhost';
+            $modelServers->type     = 'mbilling';
+            $modelServers->port = '5038';
+            $modelServers->username = 'magnus';
+            $modelServers->password = 'magnussolution';
+            $modelServers->status = '1';
+            $modelServers->description = '1';
+            $modelServers->save();
+            $modelServers = Servers::model()->findAll('status IN (1,3,4)');
+        }
+
+        foreach ($modelServers as $key => $server) {
+
+            echo $server['host'] . "\n";
+
+            if ($server['type'] == 'sipproxy') {
+
+                $this->getLinesCommand('ip-blacklist', 1, $server);
+                $this->getLinesCommand('opensips-iptables', 0, $server);
+            } else {
+
+                $this->getLinesCommand('ip-blacklist', 1, $server);
+                $this->getLinesCommand('asterisk-iptables', 0, $server);
+                $this->getLinesCommand('sshd', 0, $server);
+            }
+        }
+    }
+
+    public function getLinesCommand($command, $action = 0, $server)
+    {
+        if ($server['type'] == 'mbilling') {
+
+            foreach ($this->resultUnBanIps as  $unbanIP) {
+
+                echo "unbanip IP " .  $unbanIP['ip'] . "\n";
+
+                @shell_exec("sudo fail2ban-client set asterisk-iptables unbanip " .  $unbanIP['ip']);
+                @shell_exec("sudo fail2ban-client set ip-blacklist unbanip " .  $unbanIP['ip']);
+                @shell_exec("sudo fail2ban-client set sshd unbanip " . $unbanIP['ip']);
+            }
+            if ($command == 'ip-blacklist') {
+
+                foreach ($this->resultBanIps as  $blokedIP) {
+                    $status = shell_exec("fail2ban-client set ip-blacklist banip " . $blokedIP['ip']);
+
+                    $sqlCheck = "SELECT COUNT(*) FROM pkg_firewall WHERE ip = '" . $blokedIP['ip'] . "' AND id_server = '" . $server['id'] . "'";
+                    $exists = Yii::app()->db->createCommand($sqlCheck)->queryScalar();
+                    if ($exists > 0) {
+                        continue;
+                    }
+
+                    $sql = "INSERT INTO pkg_firewall (ip,action, date, description, jail, id_server) VALUES ('" . $blokedIP['ip'] . "',1, NOW(), '" . $server['name'] . "','$command','" . $server['id'] . "')";
+                    try {
+                        Yii::app()->db->createCommand($sql)->execute();
+                    } catch (Exception $e) {
+                    }
+                }
+            }
+            $status = shell_exec("fail2ban-client status " . $command);
+        } else {
+
+            foreach ($this->resultUnBanIps as  $unbanIP) {
+
+                echo "unbanip IP " .  $unbanIP['ip'] . "\n";
+
+                @shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p 22 "fail2ban-client set asterisk-iptables unbanip ' . $unbanIP['ip'] . '" ');
+                @shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p 22 "fail2ban-client set ip-blacklist unbanip ' . $unbanIP['ip'] . '" ');
+                @shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p 22 "fail2ban-client set sshd unbanip ' . $unbanIP['ip'] . '" ');
+                @shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p 22 "fail2ban-client set opensips-iptables unbanip ' . $unbanIP['ip'] . '" ');
+            }
+
+            if ($command == 'ip-blacklist') {
+                foreach ($this->resultBanIps as  $blokedIP) {
+                    $status =  shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p 22 "fail2ban-client set ip-blacklist banip ' . $blokedIP['ip'] . '" ');
+
+                    $sqlCheck = "SELECT COUNT(*) FROM pkg_firewall WHERE ip = '" . $blokedIP['ip'] . "' AND id_server = '" . $server['id'] . "'";
+                    $exists = Yii::app()->db->createCommand($sqlCheck)->queryScalar();
+                    if ($exists > 0) {
+                        continue;
+                    }
+                    $sql = "INSERT INTO pkg_firewall (ip,action, date, description, jail, id_server) VALUES ('" . $blokedIP['ip'] . "',1, NOW(), '" . $server['name'] . "','$command','" . $server['id'] . "')";
+                    try {
+                        Yii::app()->db->createCommand($sql)->execute();
+                    } catch (Exception $e) {
+                    }
+                }
+            }
+
+
+            $status =  shell_exec('ssh -o StrictHostKeyChecking=no root@' . $server['host'] . ' -p 22 "fail2ban-client status ' . $command . '" ');
+        }
+
+        preg_match('/Banned IP list:\s*(.*)/', $status, $ipMatches);
+
+        if (!isset($ipMatches[1]) || empty($ipMatches[1])) {
+            return;
+        }
+
+        $ips = array_filter(array_map('trim', explode(' ', $ipMatches[1])));
+
+
+        foreach ($ips as $ip) {
+            $sql = "INSERT INTO pkg_firewall (ip,action, date, description, jail, id_server) VALUES ('$ip',$action, NOW(), '" . $server['name'] . "','$command','" . $server['id'] . "')";
+
+            echo $sql;
+            try {
+                Yii::app()->db->createCommand($sql)->execute();
+            } catch (Exception $e) {
+            }
+        }
+    }
+}
diff --git a/protected/commands/UpdateMysqlCommand.php b/protected/commands/UpdateMysqlCommand.php
@@ -2076,6 +2076,32 @@ public function run($args)
             $version = '7.8.5.1';
             $this->update($version);
         }
+
+        //2025-04-23
+        if ($version == '7.8.5.1') {
+
+            $sql = "INSERT INTO `pkg_module`(`id`, `text`, `module`, `icon_cls`, `id_module`, `priority`) VALUES (82,'t(\'Fail2ban\')','firewall','x-fa fa-desktop',12,82);";
+            $this->executeDB($sql);
+
+            $sql = "INSERT INTO `pkg_group_module` (`id_group`, `id_module`, `action`, `show_menu`, `createShortCut`, `createQuickStart`) VALUES ('1', '82', 'crud', '1', '0', '0');";
+            $this->executeDB($sql);
+
+            $sql = "TRUNCATE TABLE pkg_firewall";
+            $this->executeDB($sql);
+
+            $sql = " ALTER TABLE `pkg_firewall` ADD `id_server` INT(11) NOT NULL AFTER `jail`;";
+            $this->executeDB($sql);
+
+            $sql = "ALTER TABLE pkg_firewall ADD  UNIQUE KEY ipperserver (ip, id_server);";
+            $this->executeDB($sql);
+
+            exec("echo '\n* * * * * root php /var/www/html/mbilling/cron.php failtwobanip' >> /etc/crontab");
+            exec("sed -i 's/ssh-iptables/sshd/g' /etc/fail2ban/jail.local");
+            exec("systemctl restart fail2ban");
+
+            $version = '7.8.5.2';
+            $this->update($version);
+        }
     }
 
     public function executeDB($sql)
diff --git a/protected/controllers/FirewallController.php b/protected/controllers/FirewallController.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Actions of module "Firewall".
  *
@@ -11,16 +12,44 @@ class FirewallController extends Controller
 {
 
     public $attributeOrder = 'date DESC';
-
+    public $extraValues         = ['idServer' => 'name'];
     public function init()
     {
 
-        echo json_encode([
-            $this->nameSuccess => $this->success,
-            $this->nameRoot    => $this->attributes,
-            $this->nameMsg     => $this->msg . 'This option has been discontinued.',
-        ]);
+        $this->instanceModel = new Firewall;
+        $this->abstractModel = Firewall::model();
+        $this->titleReport   = Yii::t('zii', 'Firewall');
 
+        parent::init();
     }
 
+    public function actionDestroy()
+    {
+        $values = $this->getAttributesRequest();
+        $namePk = 'id';
+        $ids    = array();
+
+        # Se existe a chave 0, indica que existe um array interno (mais de 1 registro selecionado)
+        if (array_key_exists(0, $values)) {
+            # percorre o array para excluir o(s) registro(s)
+            foreach ($values as $value) {
+                array_push($ids, $value[$namePk]);
+            }
+        } else {
+            array_push($ids, $values[$namePk]);
+        }
+
+        foreach ($ids as $value) {
+
+
+            $model = Firewall::model()->findByPk($value);
+            $model->action = 3;
+            $model->save();
+        }
+
+        echo json_encode(array(
+            $this->nameSuccess => true,
+            $this->nameMsg     => 'The IP wil unban in 1 minute',
+        ));
+    }
 }
diff --git a/protected/models/Firewall.php b/protected/models/Firewall.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * Modelo para a tabela "Firewall".
  * =======================================
@@ -54,10 +55,32 @@ public function rules()
     {
         $rules = [
             ['ip, action', 'required'],
-            ['action', 'numerical', 'integerOnly' => true],
+            ['action, id_server', 'numerical', 'integerOnly' => true],
             ['description,jail', 'length', 'max' => 200],
+            ['ip', 'checkip'],
 
         ];
         return $this->getExtraField($rules);
     }
+
+    public function checkip($attribute, $params)
+    {
+        if (!preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/', $this->ip)) {
+            $this->addError($attribute, Yii::t('zii', 'The IP is not valid'));
+        }
+    }
+
+    public function relations()
+    {
+        return [
+            'idServer' => [self::BELONGS_TO, 'Servers', 'id_server'],
+        ];
+    }
+    public function beforeSave()
+    {
+        if ($this->getIsNewRecord()) {
+            $this->id_server = 1;
+        }
+        return parent::beforeSave();
+    }
 }
