Upgraded to fresh upstream 0.7.7

2007-10-16 17:01:21 -04:00 · 2007-10-16 17:01:21 -04:00 · 018484d985
parent 93125ae6ac 88d65de126
commit 018484d985
33 changed files with 1067 additions and 190 deletions
--- a/15
+++ b/15
@ -4,9 +4,22 @@
             |_| \__,_|_|_/___|_.__/\__,_|_||_|

 =============================================================
-Fail2Ban (version 0.7.6)                           2007/01/04
+Fail2Ban (version 0.7.7)                           2007/02/08
 =============================================================

+ver. 0.7.7 (2007/02/08) - release candidate
+----------
+- Added signal handling in fail2ban-client
+- Added a wonderful visual effect when waiting on the server
+- fail2ban-client returns an error code if configuration is
+  not valid
+- Added new filters/actions. Thanks to Yaroslav Halchenko
+- Call Python interpreter directly (instead of using "env")
+- Added file support to fail2ban-regex. Benchmark feature has
+  been removed
+- Added cacti script and template.
+- Added IP list in "status <JAIL>". Thanks to Eric Gerbier
+
 ver. 0.7.6 (2007/01/04) - beta
 ----------
 - Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 Metadata-Version: 1.0
 Name: fail2ban
-Version: 0.7.6
+Version: 0.7.7
 Summary: Ban IPs that make too many password failure
 Home-page: http://fail2ban.sourceforge.net
 Author: Cyril Jaquier
--- a/14
+++ b/14
@ -4,7 +4,7 @@
             |_| \__,_|_|_/___|_.__/\__,_|_||_|

 =============================================================
-Fail2Ban (version 0.7.6)                           2007/01/04
+Fail2Ban (version 0.7.7)                           2007/02/08
 =============================================================

 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@ -15,7 +15,7 @@ or Apache web server ones.

 This README is a quick introduction to Fail2ban. More
 documentation, FAQ, HOWTOs are available on the project
-website: http://fail2ban.sourceforge.net
+website: http://www.fail2ban.org

 Installation:
 -------------
@ -28,8 +28,8 @@ Optional:

 To install, just do:

-> tar xvfj fail2ban-0.7.6.tar.bz2
-> cd fail2ban-0.7.6
+> tar xvfj fail2ban-0.7.7.tar.bz2
+> cd fail2ban-0.7.7
 > python setup.py install

 This will install Fail2Ban into /usr/share/fail2ban. The
@ -53,7 +53,7 @@ You can configure Fail2ban using the files in /etc/fail2ban.
 It is possible to configure the server using commands sent to
 it by fail2ban-client. The available commands are described
 in the man page of fail2ban-client. Please refer to it or to
-the website: http://fail2ban.sourceforge.net
+the website: http://www.fail2ban.org

 Contact:
 --------
@ -61,7 +61,7 @@ Contact:
 You need some new features, you found bugs or you just
 appreciate this program, you can contact me at:

-Website: http://fail2ban.sourceforge.net
+Website: http://www.fail2ban.org

 Cyril Jaquier: <lostcontrol@users.sourceforge.net>

@ -73,7 +73,7 @@ Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
 Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
 Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
 Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
-René Berber, mEDI, Axel Thimm
+René Berber, mEDI, Axel Thimm, Eric Gerbier

 License:
 --------
--- a/20
+++ b/20
@ -4,7 +4,7 @@
             |_| \__,_|_|_/___|_.__/\__,_|_||_|

 =============================================================
-ToDo                                         $Revision: 509 $
+ToDo                                         $Revision: 540 $
 =============================================================

 Legend:
@ -13,6 +13,24 @@ Legend:
 # partially done
 * done

+- Add timeout to external commands (signal alarm, watchdog
+  thread, etc)
+
+- New backend: pynotify
+
+- Uniformize filters and actions name. Use the software name
+  (openssh, postfix, proftp)
+
+- Added <USER> tag for failregex. Add features using this
+  information
+
+- Look at the memory consumption. Decrease memory usage
+
+- More detailed statistics
+
+- Auto-enable function (search for log files), check
+  modification date to see if service is still in use
+
 - Improve parsing of the action parameters in jailreader.py

 - Better handling of the protocol in transmitter.py
--- a/client/beautifier.py
+++ b/client/beautifier.py
@ -16,11 +16,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 504 $
+# $Revision: 537 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 504 $"
-__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision: 537 $"
+__date__ = "$Date: 2007-02-01 21:50:12 +0100 (Thu, 01 Feb 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

@ -70,11 +70,12 @@ class Beautifier:
 				if len(inC) > 1:
 					msg = "Status for the jail: " + inC[1] + "\n"
 					msg = msg + "|- " + response[0][0] + "\n"
-					msg = msg + "|  |- " + response[0][1][0][0] + ":\t\t" + `response[0][1][0][1]` + "\n"
-					msg = msg + "|  `- " + response[0][1][1][0] + ":\t\t" + `response[0][1][1][1]` + "\n"
+					msg = msg + "|  |- " + response[0][1][0][0] + ":\t" + `response[0][1][0][1]` + "\n"
+					msg = msg + "|  `- " + response[0][1][1][0] + ":\t" + `response[0][1][1][1]` + "\n"
 					msg = msg + "`- " + response[1][0] + "\n"
-					msg = msg + "   |- " + response[1][1][0][0] + ":\t\t" + `response[1][1][0][1]` + "\n"
-					msg = msg + "   `- " + response[1][1][1][0] + ":\t\t" + `response[1][1][1][1]`
+					msg = msg + "   |- " + response[1][1][0][0] + ":\t" + `response[1][1][0][1]` + "\n"
+					msg = msg + "   |  `- " + response[1][1][2][0] + ":\t" + `response[1][1][2][1]` + "\n"
+					msg = msg + "   `- " + response[1][1][1][0] + ":\t" + `response[1][1][1][1]`
 				else:
 					msg = "Status\n"
 					msg = msg + "|- " + response[0][0] + ":\t" + `response[0][1]` + "\n"
--- a/client/configurator.py
+++ b/client/configurator.py
@ -16,11 +16,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 433 $
+# $Revision: 518 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision: 518 $"
+__date__ = "$Date: 2007-01-08 22:15:47 +0100 (Mon, 08 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

@ -60,7 +60,7 @@ class Configurator:
 	
 	def getAllOptions(self):
 		self.__fail2ban.getOptions()
-		self.__jails.getOptions()
+		return self.__jails.getOptions()
 		
 	def convertToProtocol(self):
 		self.__streams["general"] = self.__fail2ban.convert()
--- a/client/jailsreader.py
+++ b/client/jailsreader.py
@ -16,11 +16,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 433 $
+# $Revision: 518 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision: 518 $"
+__date__ = "$Date: 2007-01-08 22:15:47 +0100 (Mon, 08 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

@ -54,6 +54,8 @@ class JailsReader(ConfigReader):
 					self.__jails.append(jail)
 			else:
 				logSys.error("Errors in jail '" + sec + "'. Skipping...")
+				return False
+		return True
 	
 	def convert(self):
 		stream = list()
--- a/common/protocol.py
+++ b/common/protocol.py
@ -16,11 +16,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 504 $
+# $Revision: 529 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 504 $"
-__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision: 529 $"
+__date__ = "$Date: 2007-01-29 21:27:51 +0100 (Mon, 29 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

@ -30,23 +30,23 @@ import textwrap
 # Describes the protocol used to communicate with the server.

 protocol = [
-['', "Basic", ""],
+['', "BASIC", ""],
 ["start", "starts the server and the jails"], 
 ["reload", "reloads the configuration"], 
 ["stop", "stops all jails and terminate the server"], 
 ["status", "gets the current status of the server"], 
 ["ping", "tests if the server is alive"], 
-['', "Logging", ""],
+['', "LOGGING", ""],
 ["set loglevel <LEVEL>", "sets logging level to <LEVEL>. 0 is minimal, 4 is debug"], 
 ["get loglevel", "gets the logging level"], 
 ["set logtarget <TARGET>", "sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file"], 
 ["get logtarget", "gets logging target"], 
-['', "Jail control", ""],
+['', "JAIL CONTROL", ""],
 ["add <JAIL> <BACKEND>", "creates <JAIL> using <BACKEND>"], 
 ["start <JAIL>", "starts the jail <JAIL>"], 
 ["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"], 
 ["status <JAIL>", "gets the current status of <JAIL>"],
-['', "Jail configuration", ""],
+['', "JAIL CONFIGURATION", ""],
 ["set <JAIL> idle on|off", "sets the idle state of <JAIL>"], 
 ["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"], 
 ["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"], 
@ -70,7 +70,7 @@ protocol = [
 ["set <JAIL> actioncheck <ACT> <CMD>", "sets the check command <CMD> of the action <ACT> for <JAIL>"], 
 ["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"],
 ["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"], 
-['', "Jail information", ""],
+['', "JAIL INFORMATION", ""],
 ["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
 ["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
 ["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"],
--- a/common/version.py
+++ b/common/version.py
@ -16,12 +16,12 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 512 $
+# $Revision: 543 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 512 $"
-__date__ = "$Date: 2007-01-04 13:59:09 +0100 (Thu, 04 Jan 2007) $"
+__version__ = "$Revision: 543 $"
+__date__ = "$Date: 2007-02-08 22:14:01 +0100 (Thu, 08 Feb 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

-version = "0.7.6"
+version = "0.7.7"
--- a/config/action.d/iptables-multiport.conf
+++ b/config/action.d/iptables-multiport.conf
@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified by Yaroslav Halchenko for multiport banning
+# $Revision: 520 $
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N fail2ban-<name>
+              iptables -A fail2ban-<name> -j RETURN
+              iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+
+# Option:  actionend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+             iptables -F fail2ban-<name>
+             iptables -X fail2ban-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
--- a/config/action.d/iptables-new.conf
+++ b/config/action.d/iptables-new.conf
@ -0,0 +1,71 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Copied from iptables.conf and modified by Yaroslav Halchenko 
+#  to fullfill the needs of bugreporter dbts#350746.
+#
+# $Revision: 520 $
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N fail2ban-<name>
+              iptables -A fail2ban-<name> -j RETURN
+              iptables -I INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+
+# Option:  actionend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D INPUT -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+             iptables -F fail2ban-<name>
+             iptables -X fail2ban-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@ -0,0 +1,75 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified-By: Yaroslav Halchenko to include grepping on IP over log files
+# $Revision: 520 $
+#
+
+[Definition]
+
+# Option:  fwstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = echo -en "Hi,\n
+              The jail <name> has been started successfuly.\n
+              Regards,\n
+              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
+
+# Option:  fwend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = echo -en "Hi,\n
+             The jail <name> has been stopped.\n
+             Regards,\n
+             Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
+
+# Option:  fwcheck
+# Notes.:  command executed once before each fwban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  fwban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = echo -en "Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here are more information about <ip>:\n
+            `whois <ip>`\n\n
+            Lines containing IP:<ip> in <logpath>\n
+            `grep '\<<ip>\>' <logpath>`\n\n
+            Regards,\n
+            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
+
+# Option:  fwunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+#
+actionunban = 
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destinataire of the mail
+#
+dest = root
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 513 $
+# $Revision: 532 $
 #

 [Definition]
@ -14,7 +14,8 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = (?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid))? user .*(?: from|FROM) <HOST>
+failregex = Authentication failure for .* from <HOST>
+            Failed [-/\w+]+ for .* from <HOST>
            ROOT LOGIN REFUSED .* FROM <HOST>
            [iI](?:llegal|nvalid) user .* from <HOST>

--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 495 $
+# $Revision: 534 $
 #

 [Definition]
@ -14,7 +14,8 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
-failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
+failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$
+            \[.+\] FAIL LOGIN: Client "<HOST>"$

 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/wuftpd.conf
+++ b/config/filter.d/wuftpd.conf
@ -0,0 +1,14 @@
+# Fail2Ban configuration file for wuftpd
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision:  $
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT
+#
+failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>
--- a/config/jail.conf
+++ b/config/jail.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 509 $
+# $Revision: 524 $
 #

 # The DEFAULT allows a global definition of the options. They can be override
@ -69,19 +69,6 @@ action   = iptables[name=sasl, port=smtp, protocol=tcp]
           mail-whois[name=sasl, dest=yourmail@mail.com]
 logpath  = /var/log/mail.log

-# This one behaves like the previous and sends a report when the jail
-# is stopped.
-
-[ssh-iptables-report]
-
-enabled  = false
-filter   = sshd
-action   = iptables[name=SSH, port=ssh, protocol=tcp]
-           mail-whois[name=SSH, dest=yourmail@mail.com]
-           mail-report[dest=yourmail@mail.com]
-logpath  = /var/log/sshd.log
-maxretry = 5
-
 # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
 # used to avoid banning the user "myuser".

--- a/70
+++ b/70
@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python
 # This file is part of Fail2Ban.
 #
 # Fail2Ban is free software; you can redistribute it and/or modify
@ -17,15 +17,15 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 511 $
+# $Revision: 528 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 511 $"
-__date__ = "$Date: 2007-01-04 13:58:21 +0100 (Thu, 04 Jan 2007) $"
+__version__ = "$Revision: 528 $"
+__date__ = "$Date: 2007-01-29 21:27:01 +0100 (Mon, 29 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

-import sys, string, os, pickle, re, logging
+import sys, string, os, pickle, re, logging, signal
 import getopt, time, readline, shlex, socket

 # Inserts our own modules path first in the list
@ -75,7 +75,7 @@ class Fail2banClient:
 	def dispUsage(self):
 		""" Prints Fail2Ban command line options and exits
 		"""
-		print "Usage: "+self.__argv[0]+" [OPTIONS]... <COMMAND>"
+		print "Usage: "+self.__argv[0]+" [OPTIONS] <COMMAND>"
 		print
 		print "Fail2Ban v" + version + " reads log file that contains password failure report"
 		print "and bans the corresponding IP addresses using firewall rules."
@ -87,7 +87,7 @@ class Fail2banClient:
 		print "    -i                      interactive mode"
 		print "    -v                      increase verbosity"
 		print "    -q                      decrease verbosity"
-		print "    -x                      force execution of the server"
+		print "    -x                      force execution of the server (remove socket file)"
 		print "    -h, --help              display this help message"
 		print "    -V, --version           print the version"
 		print
@ -103,7 +103,13 @@ class Fail2banClient:
 		print "Fail2Ban v" + version + " reads log file that contains password failure report"
 		print "and bans the corresponding IP addresses using firewall rules."
 		print 
-	
+
+	def __sigTERMhandler(self, signum, frame):
+		# Print a new line because we probably come from wait
+		print
+		logSys.warn("Caught signal %d. Exiting" % signum)
+		sys.exit(-1)
+
 	def __getCmdLineOptions(self, optList):
 		""" Gets the command line options
 		"""
@ -169,10 +175,14 @@ class Fail2banClient:
 				logSys.error("Server already running")
 				return False
 			else:
+				# Read the config
+				ret = self.__readConfig()
+				# Do not continue if configuration is not 100% valid
+				if not ret:
+					return False
+				# Start the server
 				self.__startServerAsync(self.__conf["socket"],
 										self.__conf["force"])
-				# Read the config while the server is starting
-				self.__readConfig()
 				try:
 					# Wait for the server to start
 					self.__waitOnServer()
@ -180,11 +190,18 @@ class Fail2banClient:
 					self.__processCmd(self.__stream, False)
 					return True
 				except ServerExecutionException:
-					logSys.error("Could not start server. Try -x option")
+					logSys.error("Could not start server. Maybe an old " +
+								 "socket file is still present. Try to " +
+								 "remove " + self.__conf["socket"] + ". If " +
+								 "you used fail2ban-client to start the " +
+								 "server, adding the -x option will do it")
 					return False
 		elif len(cmd) == 1 and cmd[0] == "reload":
 			if self.__ping():
-				self.__readConfig()
+				ret = self.__readConfig()
+				# Do not continue if configuration is not 100% valid
+				if not ret:
+					return False
 				self.__processCmd([['stop', 'all']], False)
 				# Configure the server
 				return self.__processCmd(self.__stream, False)
@ -229,18 +246,40 @@ class Fail2banClient:
 	def __waitOnServer(self):
 		# Wait for the server to start
 		cnt = 0
+		if self.__conf["verbose"] > 1:
+			pos = 0
+			delta = 1
+			mask = "[          ]"
 		while not self.__ping():
+			# Wonderful visual :)
+			if self.__conf["verbose"] > 1:
+				pos += delta
+				sys.stdout.write("\rINFO   " + mask[:pos] + '#' + mask[pos+1:] +
+								 " Waiting on the server...")
+				sys.stdout.flush()
+				if pos > len(mask)-3:
+					delta = -1
+				elif pos < 2:
+					delta = 1
 			# The server has 30 secondes to start.
 			if cnt >= 300:
+				if self.__conf["verbose"] > 1:
+					sys.stdout.write('\n')
 				raise ServerExecutionException("Failed to start server")
 			time.sleep(0.1)
 			cnt += 1
+		if self.__conf["verbose"] > 1:
+			sys.stdout.write('\n')
 			
 	
 	def start(self, argv):
 		# Command line options
 		self.__argv = argv
 		
+		# Install signal handlers
+		signal.signal(signal.SIGTERM, self.__sigTERMhandler)
+		signal.signal(signal.SIGINT, self.__sigTERMhandler)
+		
 		# Reads the command line options.
 		try:
 			cmdOpts = 'hc:s:xdviqV'
@ -280,9 +319,9 @@ class Fail2banClient:
 		logSys.info("Using socket file " + self.__conf["socket"])

 		if self.__conf["dump"]:
-			self.__readConfig()
+			ret = self.__readConfig()
 			self.dumpConfig(self.__stream)
-			return True
+			return ret
 		
 		# Interactive mode
 		if self.__conf["interactive"]:
@ -313,9 +352,10 @@ class Fail2banClient:
 	def __readConfig(self):
 		# Read the configuration
 		self.__configurator.readAll()
-		self.__configurator.getAllOptions()
+		ret = self.__configurator.getAllOptions()
 		self.__configurator.convertToProtocol()
 		self.__stream = self.__configurator.getConfigStream()
+		return ret
 	
 	@staticmethod
 	def dumpConfig(cmd):
--- a/270
+++ b/270
@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python
 # This file is part of Fail2Ban.
 #
 # Fail2Ban is free software; you can redistribute it and/or modify
@ -17,20 +17,22 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 511 $
+# $Revision: 530 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 511 $"
-__date__ = "$Date: 2007-01-04 13:58:21 +0100 (Thu, 04 Jan 2007) $"
+__version__ = "$Revision: 530 $"
+__date__ = "$Date: 2007-01-29 21:31:04 +0100 (Mon, 29 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

-import locale, getopt, sys, time, logging, gc
+import getopt, sys, time, logging, os

 # Inserts our own modules path first in the list
 # fix for bug #343821
 sys.path.insert(1, "/usr/share/fail2ban")

+from ConfigParser import SafeConfigParser
+from ConfigParser import NoOptionError, NoSectionError, MissingSectionHeaderError
 from common.version import version
 from server.filter import Filter
 from server.regex import RegexException
@ -38,13 +40,38 @@ from server.regex import RegexException
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.regex")

+class RegexStat:
+
+	def __init__(self, failregex):
+		self.__stats = 0
+		self.__failregex = failregex
+		self.__ipList = list()
+	
+	def inc(self):
+		self.__stats += 1
+	
+	def getStats(self):
+		return self.__stats
+
+	def getFailRegex(self):
+		return self.__failregex
+	
+	def appendIP(self, value):
+		self.__ipList.extend(value)
+	
+	def getIPList(self):
+		return self.__ipList
+
 class Fail2banRegex:
 	
+	test = None
+	
 	def __init__(self):
 		self.__filter = Filter(None)
+		self.__failregex = list()
 		# Setup logging
 		logging.getLogger("fail2ban").handlers = []
-		self.__hdlr = logging.StreamHandler(sys.stdout)
+		self.__hdlr = logging.StreamHandler(Fail2banRegex.test)
 		# set a format which is simpler for console use
 		formatter = logging.Formatter("%(message)s")
 		# tell the handler to use this format
@ -52,7 +79,8 @@ class Fail2banRegex:
 		logging.getLogger("fail2ban").addHandler(self.__hdlr)
 		logging.getLogger("fail2ban").setLevel(logging.ERROR)
 	
-	def dispVersion(self):
+	@staticmethod
+	def dispVersion():
 		print "Fail2Ban v" + version
 		print
 		print "Copyright (c) 2004-2006 Cyril Jaquier"
@ -62,14 +90,26 @@ class Fail2banRegex:
 		print "Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>."
 		print "Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>."
 	
-	def dispUsage(self):
-		print "Usage: "+sys.argv[0]+" <logline> <failregex>"
+	@staticmethod
+	def dispUsage():
+		print "Usage: "+sys.argv[0]+" [OPTIONS] <LOG> <REGEX>"
 		print
 		print "Fail2Ban v" + version + " reads log file that contains password failure report"
 		print "and bans the corresponding IP addresses using firewall rules."
 		print
-		print "This tools can test and benchmark your regular expressions for the \"failregex\""
-		print "option."
+		print "This tools can test regular expressions for \"fail2ban\"."
+		print
+		print "Options:"
+		print "    -h, --help              display this help message"
+		print "    -V, --version           print the version"
+		print
+		print "Log:"
+		print "    string                  a string representing a log line"
+		print "    filename                path to a log file (/var/log/auth.log)"
+		print
+		print "Regex:"
+		print "    string                  a string representing a 'failregex'"
+		print "    filename                path to a filter file (filter.d/sshd.conf)"
 		print
 		print "Report bugs to <lostcontrol@users.sourceforge.net>"
 	
@ -78,87 +118,181 @@ class Fail2banRegex:
 		"""
 		for opt in optList:
 			if opt[0] in ["-h", "--help"]:
-	 			self.dispUsage()
-	 			sys.exit(0)
-	 		elif opt[0] in ["-V", "--version"]:
-	 			self.dispVersion()
-	 			sys.exit(0)
+				self.dispUsage()
+				sys.exit(0)
+			elif opt[0] in ["-V", "--version"]:
+				self.dispVersion()
+				sys.exit(0)
+
+	@staticmethod
+	def logIsFile(value):
+		return os.path.isfile(value)
+
+	def readRegex(self, value):
+		if os.path.isfile(value):
+			reader = SafeConfigParser()
+			try:
+				reader.read(value)
+				print "Use regex file : " + value
+				self.__failregex = [RegexStat(m)
+									for m in reader.get("Definition", "failregex").split('\n')]
+			except NoSectionError:
+				print "No [Definition] section in " + value
+				print
+				return False
+			except NoOptionError:
+				print "No failregex option in " + value
+				print
+				return False
+			except MissingSectionHeaderError:
+				print "No section headers in " + value
+				print
+				return False
+		else:
+			if len(value) > 53:
+				stripReg = value[0:50] + "..."
+			else:
+				stripReg = value
+			print "Use regex line : " + stripReg
+			self.__failregex = [RegexStat(value)]
+		return True
 	
-	def testRegex(self, line, regex):
-		print
-		try:
+	def testRegex(self, line):
+		found = False
+		for regex in self.__failregex:
 			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
-			self.__filter.addFailRegex(regex)
-			ret = self.__filter.findFailure(line)
-			print
-			logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
-		except RegexException, e:
-			print e
-			return False
-		except IndexError:
-			print "Sorry, but no <host> found in regex"
-			return False
-		if len(ret) == 0:
+			try:
+				self.__filter.addFailRegex(regex.getFailRegex())
+				try:
+					ret = self.__filter.findFailure(line)
+					if not len(ret) == 0:
+						if found == True:
+							ret[0].append(True)
+						else:
+							found = True
+							ret[0].append(False)
+						regex.inc()
+						regex.appendIP(ret)
+				except RegexException, e:
+					print e
+					return False
+				except IndexError:
+					print "Sorry, but no <host> found in regex"
+					return False
+			finally:
+				self.__filter.delFailRegex(0)
+				logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
+	
+	def printStats(self):
+		print
+		print "Results"
+		print "======="
+		print
+		
+		# Print title
+		cnt = 1
+		print "Failregex:"
+		for failregex in self.__failregex:
+			print "[" + str(cnt) + "] " + failregex.getFailRegex()
+			cnt += 1
+		
+		print
+		
+		# Print stats
+		cnt = 1
+		total = 0
+		print "Number of matches:"
+		for failregex in self.__failregex:
+			match = failregex.getStats()
+			total += match
+			print "[" + str(cnt) + "] " + str(match) + " match(es)"
+			cnt += 1
+		
+		print
+		
+		if total == 0:
 			print "Sorry, no match"
+			print
+			print "Look at the above section 'Running tests' which could contain important"
+			print "information."
 			return False
 		else:
-			print "Success, the following data were found:"
-			timeTuple = time.localtime(ret[0][1])
-			print "Date: " + time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
-			ipList = ""
-			for i in ret:
-				ipList = ipList + " " + i[0]
-			print "IP  :" + ipList
+			# Print stats
+			cnt = 1
+			print "Addresses found:"
+			for failregex in self.__failregex:
+				print "[" + str(cnt) + "]"
+				for ip in failregex.getIPList():
+					timeTuple = time.localtime(ip[1])
+					timeString = time.strftime("%a %b %d %H:%M:%S %Y", timeTuple)
+					if ip[2]:
+						dup = " (already matched)"
+					else:
+						dup = ""
+					print "    " + ip[0] + " (" + timeString + ")" + dup
+				cnt += 1
+			
 			print
+			
 			print "Date template hits:"
 			for template in self.__filter.dateDetector.getTemplates():
 				print `template.getHits()` + " hit: " + template.getName()
+			
 			print
-			print "Benchmark. Executing 1000..."
-			gc.disable()
-			total = 0
-			maxValue = 0
-			maxPos = 0
-			minValue = 99999999
-			minPos = 0
-			for i in range(1000):
-				start = time.time()
-				ret = self.__filter.findFailure(line)
-				end = time.time()
-				diff = (end - start) * 1000
-				total = total + diff
-				minValue = min(minValue, diff)
-				if minValue == diff:
-					minPos = i
-				maxValue = max(maxValue, diff)
-				if maxValue == diff:
-					maxPos = i
-			gc.enable()
-			print "Performance"
-			print "Avg: " + `total / 1000` + " ms"
-			print "Max: " + `maxValue` + " ms (Run " + `maxPos` + ")"
-			print "Min: " + `minValue` + " ms (Run " + `minPos` + ")"
+			
+			print "Success, the total number of match is " + str(total)
+			print
+			print "However, look at the above section 'Running tests' which could contain important"
+			print "information."
 			return True
+
 			
 if __name__ == "__main__":
-	regex = Fail2banRegex()
+	fail2banRegex = Fail2banRegex()
 	# Reads the command line options.
 	try:
 		cmdOpts = 'hV'
 		cmdLongOpts = ['help', 'version']
 		optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts)
 	except getopt.GetoptError:
-		regex.dispUsage()
+		fail2banRegex.dispUsage()
 		sys.exit(-1)
 	# Process command line
-	regex.getCmdLineOptions(optList)
+	fail2banRegex.getCmdLineOptions(optList)
 	# We need exactly 3 parameters
-	if len(sys.argv) <> 3:
-		regex.dispUsage()
+	if not len(sys.argv) == 3:
+		fail2banRegex.dispUsage()
 		sys.exit(-1)
 	else:
-		ret = regex.testRegex(sys.argv[1], sys.argv[2])
-		if ret:
+		print
+		print "Running tests"
+		print "============="
+		print
+
+		if fail2banRegex.readRegex(sys.argv[2]) == False:
+			sys.exit(-1)
+
+		if fail2banRegex.logIsFile(sys.argv[1]):
+			try:
+				hdlr = open(sys.argv[1])
+				print "Use log file   : " + sys.argv[1]
+				print
+				for line in hdlr:
+					fail2banRegex.testRegex(line)
+			except IOError, e:
+				print e
+				print
+				sys.exit(-1)
+		else:
+			if len(sys.argv[1]) > 53:
+				stripLog = sys.argv[1][0:50] + "..."
+			else:
+				stripLog = sys.argv[1]
+			print "Use single line: " + stripLog
+			print
+			fail2banRegex.testRegex(sys.argv[1])
+		
+		if fail2banRegex.printStats():
 			sys.exit(0)
 		else:
 			sys.exit(-1)
--- a/10
+++ b/10
@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python
 # This file is part of Fail2Ban.
 #
 # Fail2Ban is free software; you can redistribute it and/or modify
@ -17,11 +17,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 511 $
+# $Revision: 522 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 511 $"
-__date__ = "$Date: 2007-01-04 13:58:21 +0100 (Thu, 04 Jan 2007) $"
+__version__ = "$Revision: 522 $"
+__date__ = "$Date: 2007-01-21 23:19:57 +0100 (Sun, 21 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

@ -78,7 +78,7 @@ class Fail2banServer:
 		print "    -b                   start in background"
 		print "    -f                   start in foreground"
 		print "    -s <FILE>            socket path"
-		print "    -x                   force execution of the server"
+		print "    -x                   force execution of the server (remove socket file)"
 		print "    -h, --help           display this help message"
 		print "    -V, --version        print the version"
 		print
--- a/12
+++ b/12
@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python
 # This file is part of Fail2Ban.
 #
 # Fail2Ban is free software; you can redistribute it and/or modify
@ -17,21 +17,17 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 511 $
+# $Revision: 522 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 511 $"
-__date__ = "$Date: 2007-01-04 13:58:21 +0100 (Thu, 04 Jan 2007) $"
+__version__ = "$Revision: 522 $"
+__date__ = "$Date: 2007-01-21 23:19:57 +0100 (Sun, 21 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"


 import unittest, logging, sys

-# Inserts our own modules path first in the list
-# fix for bug #343821
-sys.path.insert(1, "/usr/share/fail2ban")
-
 from common.version import version
 from testcases import banmanagertestcase
 from testcases import clientreadertestcase
--- a/files/cacti/README
+++ b/files/cacti/README
@ -0,0 +1,53 @@
+               __      _ _ ___ _               
+              / _|__ _(_) |_  ) |__  __ _ _ _  
+             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
+             |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+=============================================================
+Fail2Ban (version 0.7.7)                           2007/??/??
+=============================================================
+
+Cacti is a graphing solution using RRDTool. It is possible to
+use Cacti to display statistics about Fail2ban.
+
+Installation:
+-------------
+
+1/ Install Fail2ban version 0.7 or higher and ensure that it
+   works properly.
+2/ The user running poller.php must have read and write
+   access to the socket used by Fail2ban.
+3/ Copy fail2ban_stats.sh to scripts/. You can test it with
+   bash scripts/fail2ban_stats.sh
+4/ Import the template cacti_host_template_fail2ban.xml
+5/ TO BE CONTINUED...
+
+Contact:
+--------
+
+You need some new features, you found bugs or you just
+appreciate this program, you can contact me at:
+
+Website: http://www.fail2ban.org
+
+Cyril Jaquier: <lostcontrol@users.sourceforge.net>
+
+License:
+--------
+
+Fail2Ban is free software; you can redistribute it
+and/or modify it under the terms of the GNU General Public
+License as published by the Free Software Foundation; either
+version 2 of the License, or (at your option) any later
+version.
+
+Fail2Ban is distributed in the hope that it will be
+useful, but WITHOUT ANY WARRANTY; without even the implied
+warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public
+License along with Fail2Ban; if not, write to the Free
+Software Foundation, Inc., 59 Temple Place, Suite 330,
+Boston, MA  02111-1307  USA
--- a/files/cacti/cacti_host_template_fail2ban.xml
+++ b/files/cacti/cacti_host_template_fail2ban.xml
@ -0,0 +1,297 @@
+<cacti>	
+	<hash_02001346a4e9f7498a8129f0dfc2e1c8c7b35a>
+		<name>Fail2ban</name>
+		<graph_templates>hash_0000132fe631a3ac1f1705e332d0aee925d21b</graph_templates>
+		<data_queries></data_queries>
+	</hash_02001346a4e9f7498a8129f0dfc2e1c8c7b35a>
+	<hash_0000132fe631a3ac1f1705e332d0aee925d21b>
+		<name>Fail2ban - Statistics</name>
+		<graph>
+			<t_title>on</t_title>
+			<title>|host_description| - Statistics</title>
+			<t_image_format_id></t_image_format_id>
+			<image_format_id>1</image_format_id>
+			<t_height></t_height>
+			<height>120</height>
+			<t_width></t_width>
+			<width>500</width>
+			<t_auto_scale></t_auto_scale>
+			<auto_scale>on</auto_scale>
+			<t_auto_scale_opts></t_auto_scale_opts>
+			<auto_scale_opts>2</auto_scale_opts>
+			<t_auto_scale_log></t_auto_scale_log>
+			<auto_scale_log></auto_scale_log>
+			<t_auto_scale_rigid></t_auto_scale_rigid>
+			<auto_scale_rigid></auto_scale_rigid>
+			<t_auto_padding></t_auto_padding>
+			<auto_padding>on</auto_padding>
+			<t_export></t_export>
+			<export>on</export>
+			<t_upper_limit></t_upper_limit>
+			<upper_limit>100</upper_limit>
+			<t_lower_limit></t_lower_limit>
+			<lower_limit>0</lower_limit>
+			<t_base_value></t_base_value>
+			<base_value>1000</base_value>
+			<t_unit_value></t_unit_value>
+			<unit_value></unit_value>
+			<t_unit_exponent_value></t_unit_exponent_value>
+			<unit_exponent_value></unit_exponent_value>
+			<t_vertical_label></t_vertical_label>
+			<vertical_label>hits/5min</vertical_label>
+		</graph>
+		<items>
+			<hash_100013f76575fdcd7f2684843e8f2cbae4ef96>
+				<task_item_id>hash_0800132d7bfb27a7ecb33f23433863e6f90612</task_item_id>
+				<color_id>00CF00</color_id>
+				<graph_type_id>4</graph_type_id>
+				<consolidation_function_id>1</consolidation_function_id>
+				<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
+				<value></value>
+				<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
+				<text_format>Failed</text_format>
+				<hard_return></hard_return>
+				<sequence>1</sequence>
+			</hash_100013f76575fdcd7f2684843e8f2cbae4ef96>
+			<hash_100013ca0d59c48dde83a1753e21eb1f44a396>
+				<task_item_id>hash_0800132d7bfb27a7ecb33f23433863e6f90612</task_item_id>
+				<color_id>0</color_id>
+				<graph_type_id>9</graph_type_id>
+				<consolidation_function_id>4</consolidation_function_id>
+				<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
+				<value></value>
+				<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
+				<text_format>Current:</text_format>
+				<hard_return></hard_return>
+				<sequence>2</sequence>
+			</hash_100013ca0d59c48dde83a1753e21eb1f44a396>
+			<hash_1000132f8d371932ebedbb665f80abf427ffb4>
+				<task_item_id>hash_0800132d7bfb27a7ecb33f23433863e6f90612</task_item_id>
+				<color_id>0</color_id>
+				<graph_type_id>9</graph_type_id>
+				<consolidation_function_id>1</consolidation_function_id>
+				<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
+				<value></value>
+				<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
+				<text_format>Average:</text_format>
+				<hard_return></hard_return>
+				<sequence>3</sequence>
+			</hash_1000132f8d371932ebedbb665f80abf427ffb4>
+			<hash_1000131b8e847f7be22014f1f0b3d098c9e702>
+				<task_item_id>hash_0800132d7bfb27a7ecb33f23433863e6f90612</task_item_id>
+				<color_id>0</color_id>
+				<graph_type_id>9</graph_type_id>
+				<consolidation_function_id>3</consolidation_function_id>
+				<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
+				<value></value>
+				<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
+				<text_format>Maximum:</text_format>
+				<hard_return>on</hard_return>
+				<sequence>4</sequence>
+			</hash_1000131b8e847f7be22014f1f0b3d098c9e702>
+			<hash_1000130e6084fd4ed86d8c86dea8f84b115eaa>
+				<task_item_id>hash_080013b224f2764ba5a827de959b1ff44cbc1d</task_item_id>
+				<color_id>FF0000</color_id>
+				<graph_type_id>5</graph_type_id>
+				<consolidation_function_id>1</consolidation_function_id>
+				<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
+				<value></value>
+				<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
+				<text_format>Banned</text_format>
+				<hard_return></hard_return>
+				<sequence>5</sequence>
+			</hash_1000130e6084fd4ed86d8c86dea8f84b115eaa>
+			<hash_1000132812e5f3ee8261819268854c67093b94>
+				<task_item_id>hash_080013b224f2764ba5a827de959b1ff44cbc1d</task_item_id>
+				<color_id>0</color_id>
+				<graph_type_id>9</graph_type_id>
+				<consolidation_function_id>4</consolidation_function_id>
+				<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
+				<value></value>
+				<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
+				<text_format>Current:</text_format>
+				<hard_return></hard_return>
+				<sequence>6</sequence>
+			</hash_1000132812e5f3ee8261819268854c67093b94>
+			<hash_10001336fcfc1d017e975fa22a3ce0d0492daf>
+				<task_item_id>hash_080013b224f2764ba5a827de959b1ff44cbc1d</task_item_id>
+				<color_id>0</color_id>
+				<graph_type_id>9</graph_type_id>
+				<consolidation_function_id>1</consolidation_function_id>
+				<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
+				<value></value>
+				<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
+				<text_format>Average:</text_format>
+				<hard_return></hard_return>
+				<sequence>7</sequence>
+			</hash_10001336fcfc1d017e975fa22a3ce0d0492daf>
+			<hash_100013e5fddd5da42b9bf296d7f344b2a00446>
+				<task_item_id>hash_080013b224f2764ba5a827de959b1ff44cbc1d</task_item_id>
+				<color_id>0</color_id>
+				<graph_type_id>9</graph_type_id>
+				<consolidation_function_id>3</consolidation_function_id>
+				<cdef_id>hash_050013e961cc8ec04fda6ed4981cf5ad501aa5</cdef_id>
+				<value></value>
+				<gprint_id>hash_060013e9c43831e54eca8069317a2ce8c6f751</gprint_id>
+				<text_format>Maximum:</text_format>
+				<hard_return>on</hard_return>
+				<sequence>8</sequence>
+			</hash_100013e5fddd5da42b9bf296d7f344b2a00446>
+		</items>
+		<inputs>
+			<hash_090013a5d69bc5ca8b53ef62b61221a69b8055>
+				<name>Data Source [banned]</name>
+				<description></description>
+				<column_name>task_item_id</column_name>
+				<items>hash_0000130e6084fd4ed86d8c86dea8f84b115eaa|hash_0000132812e5f3ee8261819268854c67093b94|hash_00001336fcfc1d017e975fa22a3ce0d0492daf|hash_000013e5fddd5da42b9bf296d7f344b2a00446</items>
+			</hash_090013a5d69bc5ca8b53ef62b61221a69b8055>
+			<hash_0900132cee6f79f051b0dd39cafcbfcfd87960>
+				<name>Data Source [failed]</name>
+				<description></description>
+				<column_name>task_item_id</column_name>
+				<items>hash_000013f76575fdcd7f2684843e8f2cbae4ef96|hash_000013ca0d59c48dde83a1753e21eb1f44a396|hash_0000131b8e847f7be22014f1f0b3d098c9e702|hash_0000132f8d371932ebedbb665f80abf427ffb4</items>
+			</hash_0900132cee6f79f051b0dd39cafcbfcfd87960>
+		</inputs>
+	</hash_0000132fe631a3ac1f1705e332d0aee925d21b>
+	<hash_0100130fce21647570158d210c7832cd50e98a>
+		<name>Fail2ban - Statistics</name>
+		<ds>
+			<t_name></t_name>
+			<name>|host_description| - Statistics</name>
+			<data_input_id>hash_030013a3adf3f2607747859b08262d972eabf0</data_input_id>
+			<t_rra_id></t_rra_id>
+			<t_rrd_step></t_rrd_step>
+			<rrd_step>300</rrd_step>
+			<t_active></t_active>
+			<active>on</active>
+			<rra_items>hash_150013c21df5178e5c955013591239eb0afd46|hash_1500130d9c0af8b8acdc7807943937b3208e29|hash_1500136fc2d038fb42950138b0ce3e9874cc60|hash_150013e36f3adb9f152adfa5dc50fd2b23337e</rra_items>
+		</ds>
+		<items>
+			<hash_0800132d7bfb27a7ecb33f23433863e6f90612>
+				<t_data_source_name></t_data_source_name>
+				<data_source_name>failed</data_source_name>
+				<t_rrd_minimum></t_rrd_minimum>
+				<rrd_minimum>0</rrd_minimum>
+				<t_rrd_maximum></t_rrd_maximum>
+				<rrd_maximum>0</rrd_maximum>
+				<t_data_source_type_id></t_data_source_type_id>
+				<data_source_type_id>2</data_source_type_id>
+				<t_rrd_heartbeat></t_rrd_heartbeat>
+				<rrd_heartbeat>600</rrd_heartbeat>
+				<t_data_input_field_id></t_data_input_field_id>
+				<data_input_field_id>hash_0700134027ae7d3baefb02f510c09de07d159f</data_input_field_id>
+			</hash_0800132d7bfb27a7ecb33f23433863e6f90612>
+			<hash_080013b224f2764ba5a827de959b1ff44cbc1d>
+				<t_data_source_name></t_data_source_name>
+				<data_source_name>banned</data_source_name>
+				<t_rrd_minimum></t_rrd_minimum>
+				<rrd_minimum>0</rrd_minimum>
+				<t_rrd_maximum></t_rrd_maximum>
+				<rrd_maximum>0</rrd_maximum>
+				<t_data_source_type_id></t_data_source_type_id>
+				<data_source_type_id>2</data_source_type_id>
+				<t_rrd_heartbeat></t_rrd_heartbeat>
+				<rrd_heartbeat>600</rrd_heartbeat>
+				<t_data_input_field_id></t_data_input_field_id>
+				<data_input_field_id>hash_07001319c32c9466152aa6cfc2bbc639a246d8</data_input_field_id>
+			</hash_080013b224f2764ba5a827de959b1ff44cbc1d>
+		</items>
+		<data>
+			<item_000>
+				<data_input_field_id>hash_0700131cda0f872b68c87e508a29e8976a6a7a</data_input_field_id>
+				<t_value>on</t_value>
+				<value>ssh-iptables</value>
+			</item_000>
+		</data>
+	</hash_0100130fce21647570158d210c7832cd50e98a>
+	<hash_030013a3adf3f2607747859b08262d972eabf0>
+		<name>Fail2ban - Get statistics</name>
+		<type_id>1</type_id>
+		<input_string>bash &lt;path_cacti&gt;/scripts/fail2ban_stats.sh &lt;jail&gt;</input_string>
+		<fields>
+			<hash_0700131cda0f872b68c87e508a29e8976a6a7a>
+				<name>Jail name</name>
+				<update_rra></update_rra>
+				<regexp_match></regexp_match>
+				<allow_nulls></allow_nulls>
+				<type_code></type_code>
+				<input_output>in</input_output>
+				<data_name>jail</data_name>
+			</hash_0700131cda0f872b68c87e508a29e8976a6a7a>
+			<hash_0700134027ae7d3baefb02f510c09de07d159f>
+				<name>Total of failed logins</name>
+				<update_rra>on</update_rra>
+				<regexp_match></regexp_match>
+				<allow_nulls></allow_nulls>
+				<type_code></type_code>
+				<input_output>out</input_output>
+				<data_name>failed</data_name>
+			</hash_0700134027ae7d3baefb02f510c09de07d159f>
+			<hash_07001319c32c9466152aa6cfc2bbc639a246d8>
+				<name>Total of banned hosts</name>
+				<update_rra>on</update_rra>
+				<regexp_match></regexp_match>
+				<allow_nulls></allow_nulls>
+				<type_code></type_code>
+				<input_output>out</input_output>
+				<data_name>banned</data_name>
+			</hash_07001319c32c9466152aa6cfc2bbc639a246d8>
+		</fields>
+	</hash_030013a3adf3f2607747859b08262d972eabf0>
+	<hash_150013c21df5178e5c955013591239eb0afd46>
+		<name>Daily (5 Minute Average)</name>
+		<x_files_factor>0.5</x_files_factor>
+		<steps>1</steps>
+		<rows>600</rows>
+		<timespan>86400</timespan>
+		<cf_items>1|2|3|4</cf_items>
+	</hash_150013c21df5178e5c955013591239eb0afd46>
+	<hash_1500130d9c0af8b8acdc7807943937b3208e29>
+		<name>Weekly (30 Minute Average)</name>
+		<x_files_factor>0.5</x_files_factor>
+		<steps>6</steps>
+		<rows>700</rows>
+		<timespan>604800</timespan>
+		<cf_items>1|2|3|4</cf_items>
+	</hash_1500130d9c0af8b8acdc7807943937b3208e29>
+	<hash_1500136fc2d038fb42950138b0ce3e9874cc60>
+		<name>Monthly (2 Hour Average)</name>
+		<x_files_factor>0.5</x_files_factor>
+		<steps>24</steps>
+		<rows>775</rows>
+		<timespan>2678400</timespan>
+		<cf_items>1|2|3|4</cf_items>
+	</hash_1500136fc2d038fb42950138b0ce3e9874cc60>
+	<hash_150013e36f3adb9f152adfa5dc50fd2b23337e>
+		<name>Yearly (1 Day Average)</name>
+		<x_files_factor>0.5</x_files_factor>
+		<steps>288</steps>
+		<rows>797</rows>
+		<timespan>33053184</timespan>
+		<cf_items>1|2|3|4</cf_items>
+	</hash_150013e36f3adb9f152adfa5dc50fd2b23337e>
+	<hash_050013e961cc8ec04fda6ed4981cf5ad501aa5>
+		<name>Make Per 5 Minutes</name>
+		<items>
+			<hash_14001340bb7a1143b0f2e2efca14eb356236de>
+				<sequence>1</sequence>
+				<type>4</type>
+				<value>CURRENT_DATA_SOURCE</value>
+			</hash_14001340bb7a1143b0f2e2efca14eb356236de>
+			<hash_140013faf1b148b2c0e0527362ed5b8ca1d351>
+				<sequence>2</sequence>
+				<type>6</type>
+				<value>300</value>
+			</hash_140013faf1b148b2c0e0527362ed5b8ca1d351>
+			<hash_14001342686ea0925c0220924b7d333599cd67>
+				<sequence>3</sequence>
+				<type>2</type>
+				<value>3</value>
+			</hash_14001342686ea0925c0220924b7d333599cd67>
+		</items>
+	</hash_050013e961cc8ec04fda6ed4981cf5ad501aa5>
+	<hash_060013e9c43831e54eca8069317a2ce8c6f751>
+		<name>Normal</name>
+		<gprint_text>%8.2lf %s</gprint_text>
+	</hash_060013e9c43831e54eca8069317a2ce8c6f751>
+</cacti>
--- a/files/cacti/fail2ban_stats.sh
+++ b/files/cacti/fail2ban_stats.sh
@ -0,0 +1,47 @@
+#!/bin/bash
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# This script can be used to collect data for Cacti. One parameter is needed,
+# the jail name. It must be a currently running jail. The script returns two
+# value: the number of failures and the number of banned host.
+#
+# If Fail2ban is not available in the path, you can change the value of the
+# variable FAIL2BAN below.. You can add option to this variable too. Please
+# look at the man page of fail2ban-client for more information.
+#
+# Author: Cyril Jaquier
+# 
+# $Revision: 527 $
+
+FAIL2BAN="fail2ban-client"
+
+JAIL=$1
+
+if [ -z $JAIL ]; then
+	echo "Usage:" `basename $0` "<jail>"
+	exit
+fi
+
+IFS=""
+
+STATS=$($FAIL2BAN status $JAIL)
+
+TOTAL_FAILED=$(echo $STATS | grep "Total failed:" | awk '{ print $5 }')
+TOTAL_BANNED=$(echo $STATS | grep "Total banned:" | awk '{ print $4 }')
+
+echo "failed:"$TOTAL_FAILED "banned:"$TOTAL_BANNED
+
--- a/man/fail2ban-client.1
+++ b/man/fail2ban-client.1
@ -1,12 +1,11 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-CLIENT "1" "December 2006" "fail2ban-client v0.7.5-SVN" "User Commands"
+.TH FAIL2BAN-CLIENT "1" "February 2007" "fail2ban-client v0.7.7" "User Commands"
 .SH NAME
 fail2ban-client \- configure and control the server
-.SH SYNOPSIS
-.B fail2ban-client
-[\fIOPTIONS\fR]... \fI<COMMAND>\fR
 .SH DESCRIPTION
-Fail2Ban v0.7.5\-SVN reads log file that contains password failure report
+[?1034hUsage: ../fail2ban\-client [OPTIONS] <COMMAND>
+.PP
+Fail2Ban v0.7.7 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .SH OPTIONS
 .TP
@ -29,7 +28,7 @@ increase verbosity
 decrease verbosity
 .TP
 \fB\-x\fR
-force execution of the server
+force execution of the server (remove socket file)
 .TP
 \fB\-h\fR, \fB\-\-help\fR
 display this help message
@ -38,7 +37,7 @@ display this help message
 print the version
 .SH COMMAND
 .IP
-Basic
+BASIC
 .TP
 \fBstart\fR
 starts the server and the jails
@ -57,7 +56,7 @@ server
 \fBping\fR
 tests if the server is alive
 .IP
-Logging
+LOGGING
 .TP
 \fBset loglevel <LEVEL>\fR
 sets logging level to <LEVEL>. 0
@ -74,7 +73,7 @@ file
 \fBget logtarget\fR
 gets logging target
 .IP
-Jail control
+JAIL CONTROL
 .TP
 \fBadd <JAIL> <BACKEND>\fR
 creates <JAIL> using <BACKEND>
@ -89,7 +88,7 @@ removed
 \fBstatus <JAIL>\fR
 gets the current status of <JAIL>
 .IP
-Jail configuration
+JAIL CONFIGURATION
 .TP
 \fBset <JAIL> idle on|off\fR
 sets the idle state of <JAIL>
@ -190,7 +189,7 @@ action <ACT> for <JAIL>
 sets the unban command <CMD> of
 the action <ACT> for <JAIL>
 .IP
-Jail information
+JAIL INFORMATION
 .TP
 \fBget <JAIL> logpath\fR
 gets the list of the monitored
--- a/man/fail2ban-regex.1
+++ b/man/fail2ban-regex.1
@ -1,16 +1,36 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-REGEX "1" "December 2006" "fail2ban-regex v0.7.5-SVN" "User Commands"
+.TH FAIL2BAN-REGEX "1" "February 2007" "fail2ban-regex v0.7.7" "User Commands"
 .SH NAME
 fail2ban-regex \- test Fail2ban "failregex" option
 .SH SYNOPSIS
 .B fail2ban-regex
-\fI<logline> <failregex>\fR
+[\fIOPTIONS\fR] \fI<LOG> <REGEX>\fR
 .SH DESCRIPTION
-Fail2Ban v0.7.5\-SVN reads log file that contains password failure report
+Fail2Ban v0.7.7 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
-This tools can test and benchmark your regular expressions for the "failregex"
-option.
+This tools can test regular expressions for "fail2ban".
+.SH OPTIONS
+.TP
+\fB\-h\fR, \fB\-\-help\fR
+display this help message
+.TP
+\fB\-V\fR, \fB\-\-version\fR
+print the version
+.SH LOG
+.TP
+\fBstring\fR
+a string representing a log line
+.TP
+\fBfilename\fR
+path to a log file (/var/log/auth.log)
+.SH REGEX
+.TP
+\fBstring\fR
+a string representing a 'failregex'
+.TP
+\fBfilename\fR
+path to a filter file (filter.d/sshd.conf)
 .SH AUTHOR
 Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
 Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
--- a/man/fail2ban-server.1
+++ b/man/fail2ban-server.1
@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-SERVER "1" "December 2006" "fail2ban-server v0.7.5-SVN" "User Commands"
+.TH FAIL2BAN-SERVER "1" "February 2007" "fail2ban-server v0.7.7" "User Commands"
 .SH NAME
 fail2ban-server \- start the server
 .SH SYNOPSIS
 .B fail2ban-server
 [\fIOPTIONS\fR]
 .SH DESCRIPTION
-Fail2Ban v0.7.5\-SVN reads log file that contains password failure report
+Fail2Ban v0.7.7 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 Only use this command for debugging purpose. Start the server with
@ -24,7 +24,7 @@ start in foreground
 socket path
 .TP
 \fB\-x\fR
-force execution of the server
+force execution of the server (remove socket file)
 .TP
 \fB\-h\fR, \fB\-\-help\fR
 display this help message
--- a/man/generate-man
+++ b/man/generate-man
@ -40,4 +40,30 @@ echo "[done]"
 echo -n "Generating fail2ban-regex  "
 help2man --section=1 --no-info --include=fail2ban-regex.h2m --output fail2ban-regex.1 ../fail2ban-regex
 echo "[done]"
-
+echo -n "Patching fail2ban-regex    "
+# Changes the title.
+sed -i -e 's/.SS "Log:"/.SH LOG/' fail2ban-regex.1
+sed -i -e 's/.SS "Regex:"/.SH REGEX/' fail2ban-regex.1
+# Sets bold font for commands.
+IFS="
+"
+NEXT=0
+FOUND=0
+LINES=$( cat fail2ban-regex.1 )
+echo -n "" > fail2ban-regex.1
+for LINE in $LINES; do
+	if [ "$LINE" = ".SH LOG" ]; then
+		FOUND=1
+	fi
+	if [ $NEXT -eq 1 ] && [ $FOUND -eq 1 ]; then
+		echo "\fB$LINE\fR" >> fail2ban-regex.1
+	else
+		echo "$LINE" >> fail2ban-regex.1
+	fi
+	if [ "$LINE" = ".TP" ]; then
+		NEXT=1
+	else
+		NEXT=0
+	fi
+done
+echo "[done]"
--- a/server/actions.py
+++ b/server/actions.py
@ -16,11 +16,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 455 $
+# $Revision: 535 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 455 $"
-__date__ = "$Date: 2006-11-12 11:56:21 +0100 (Sun, 12 Nov 2006) $"
+__version__ = "$Revision: 535 $"
+__date__ = "$Date: 2007-01-29 22:46:59 +0100 (Mon, 29 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

@ -189,6 +189,6 @@ class Actions(JailThread):
 	
 	def status(self):
 		ret = [("Currently banned", self.__banManager.size()), 
-			   ("Total banned", self.__banManager.getBanTotal())]
+			   ("Total banned", self.__banManager.getBanTotal()),
+			   ("IP list", self.__banManager.getBanList())]
 		return ret
-		
--- a/server/banmanager.py
+++ b/server/banmanager.py
@ -16,11 +16,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 454 $
+# $Revision: 536 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 454 $"
-__date__ = "$Date: 2006-11-12 11:54:19 +0100 (Sun, 12 Nov 2006) $"
+__version__ = "$Revision: 536 $"
+__date__ = "$Date: 2007-01-31 23:31:42 +0100 (Wed, 31 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

@ -100,7 +100,19 @@ class BanManager:
 			return self.__banTotal
 		finally:
 			self.__lock.release()
+
+	##
+	# Returns a copy of the IP list.
+	#
+	# @return IP list
 	
+	def getBanList(self):
+		try:
+			self.__lock.acquire()
+			return [m.getIP() for m in self.__banList]
+		finally:
+			self.__lock.release()
+
 	##
 	# Create a ban ticket.
 	#
--- a/server/failmanager.py
+++ b/server/failmanager.py
@ -16,11 +16,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 382 $
+# $Revision: 537 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 382 $"
-__date__ = "$Date: 2006-09-25 19:03:48 +0200 (Mon, 25 Sep 2006) $"
+__version__ = "$Revision: 537 $"
+__date__ = "$Date: 2007-02-01 21:50:12 +0100 (Thu, 01 Feb 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

--- a/server/filter.py
+++ b/server/filter.py
@ -16,11 +16,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 503 $
+# $Revision: 537 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 503 $"
-__date__ = "$Date: 2006-12-23 17:31:00 +0100 (Sat, 23 Dec 2006) $"
+__version__ = "$Revision: 537 $"
+__date__ = "$Date: 2007-02-01 21:50:12 +0100 (Thu, 01 Feb 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

@ -378,8 +378,8 @@ class Filter(JailThread):
 	# is created and is added to the FailManager.
 	
 	def getFailures(self, filename):
-		ret = self.__openLogFile(filename)
-		if not ret:
+		# Try to open log file.
+		if not self.__openLogFile(filename):
 			logSys.error("Unable to get failures in " + filename)
 			return False
 		self.__setFilePos()
--- a/setup.py
+++ b/setup.py
@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python

 # This file is part of Fail2Ban.
 #
@ -18,11 +18,11 @@

 # Author: Cyril Jaquier
 # 
-# $Revision: 511 $
+# $Revision: 522 $

 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 511 $"
-__date__ = "$Date: 2007-01-04 13:58:21 +0100 (Thu, 04 Jan 2007) $"
+__version__ = "$Revision: 522 $"
+__date__ = "$Date: 2007-01-21 23:19:57 +0100 (Sun, 21 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

--- a/testcases/files/testcase02.log
+++ b/testcases/files/testcase02.log
@ -11,3 +11,4 @@ Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:141.
 Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
 Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
 Aug 14 11:59:01 i60p295 sshd[12365]: Accepted keyboard-interactive/pam for roehl from ::ffff:141.3.81.106 port 51332 ssh2
+Aug 14 11:59:59 i60p295 sshd[11437]: Failed password for illegal user from from toto.com from ::ffff:66.38.192.238 port 51381 ssh2