Upgraded to fresh upstream 0.6.1

CHANGELOG

@@ -4,9 +4,41 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.6.0)                           2005/11/20
+Fail2Ban (version 0.6.1)                           2006/03/16
 =============================================================
 
+ver. 0.6.1 (2006/03/16) - stable
+----------
+- Added permanent banning. Set banTime to a negative value to
+  enable this feature (-1 is perfect). Thanks to Mannone
+- Fixed locale bug. Thanks to Fernando José
+- Fixed crash when time format does not match data
+- Propagated patch from Debian to fix fail2ban search path 
+  addition to the path search list: now it is added first. 
+  Thanks to Nick Craig-Wood
+- Added SMTP authentification for mail notification. Thanks
+  to Markus Hoffmann
+- Removed debug mode as it is confusing for people
+- Added parsing of timestamp in TAI64N format (#1275325).
+  Thanks to Mark Edgington
+- Added patch #1382936 (Default formatted syslog logging).
+  Thanks to Patrick Börjesson
+- Removed 192.168.0.0/16 from ignoreip. Attacks could also
+  come from the local network.
+- Robust startup: if iptables module does not get fully
+  initialized after startup of fail2ban, fail2ban will do
+  "maxreinit" attempts to initialize its own firewall. It
+  will sleep between attempts for "polltime" number of
+  seconds (closes Debian: #334272). Thanks to Yaroslav
+  Halchenko
+- Added "interpolations" in fail2ban.conf. This is provided
+  by the ConfigParser module. Old configuration files still
+  work. Thanks to Yaroslav Halchenko
+- Added initial support for hosts.deny and shorewall. Need
+  more testing. Please test. Thanks to kojiro from Gentoo
+  forum for hosts.deny support
+- Added support for vsftpd. Thanks to zugeschmiert
+
 ver. 0.6.0 (2005/11/20) - stable
 ----------
 - Propagated patches introduced by Debian maintainer 

PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 1.0
 Name: fail2ban
-Version: 0.6.0
+Version: 0.6.1
 Summary: Ban IPs that make too many password failure
 Home-page: http://fail2ban.sourceforge.net
 Author: Cyril Jaquier

README

@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.6.0)                           2005/11/20
+Fail2Ban (version 0.6.1)                           2006/03/16
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -58,12 +58,12 @@ Require: python-2.4 (http://www.python.org)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.6.0.tar.bz2
+> tar xvfj fail2ban-0.6.1.tar.bz2
-> cd fail2ban-0.6.0
+> cd fail2ban-0.6.1
 > python setup.py install
 
-This will install Fail2Ban into /usr/lib/fail2ban. The fail2ban
+This will install Fail2Ban into /usr/lib/fail2ban. The
-executable is placed into /usr/bin.
+fail2ban executable is placed into /usr/bin.
 
 Gentoo: ebuilds are available on the website.
 Debian: Fail2Ban is in Debian unstable.
@@ -74,8 +74,17 @@ Fail2Ban should now be correctly installed. Just type:
 > fail2ban -h
 
 to see if everything is alright. You can configure fail2ban
-with a config file. Copy config/fail2ban.conf.default to
+with a config file. Different kind of configuration files are
-/etc/fail2ban.conf.
+available:
+
+iptables:   copy config/fail2ban.conf.iptables to
+            /etc/fail2ban.conf
+hosts.deny: copy config/fail2ban.conf.hostsdeny to
+            /etc/fail2ban.conf
+shorewall:  copy config/fail2ban.conf.shorewall to
+            /etc/fail2ban.conf
+
+Do not forget to edit fail2ban.conf to meet your needs.
 
 You can use the initd script available in config/. Copy
 <dist>-initd to /etc/init.d/fail2ban. Gentoo users must copy
@@ -96,7 +105,6 @@ the value stored in fail2ban.conf. Here are the command line
 options:
 
   -b         start in background
-  -d         start in debug mode
   -c <FILE>  read configuration file FILE
   -p <FILE>  create PID lock in FILE
   -h         display this help message
@@ -124,7 +132,8 @@ Thanks:
 
 Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
 Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
-Jonathan Kamens, Stephen Gildea
+Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
+Edgington, Patrick Börjesson, kojiro, zugeschmiert
 
 License:
 --------

TODO

@@ -4,20 +4,92 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-ToDo                                     $Revision: 1.5 $
+ToDo                                        $Revision: 1.11 $
 =============================================================
 
 See Feature Request Tracking System at SourceForge.net
 
 - improve installation process (better prefix support)
-- install Fail2ban into /usr/share
+
+- improve documentation and website for user
+
+- use Doxygen
+
+- use PyLint to check the code
+
 - better configuration files
+
 - add a check to see if the time of the log messages is
   correctly detected (valid regexp)
-- split configuration files in /etc/fail2ban/services.d
+
-  Example: /etc/fail2ban/services.d/apache
+- use Gentoo Portage style for scripts.
-- template for common services in /etc/fail2ban/scripts.d
+  - banning engines script in /etc/fail2ban/scripts.d
-  Example: /etc/fail2ban/scripts.d/apache
+    Example: /etc/fail2ban/scripts.d/iptables
+    Will be mostly bash scripting which is more "user
+    friendly".
+  - split configuration files in /etc/fail2ban/services.d
+    for log files
+    Example: /etc/fail2ban/services.d/apache
+    Mainly regular expressions.
+  - template for common regex in /etc/fail2ban/templates.d
+    Example: /etc/fail2ban/templates.d/date
+    Mainly regular expressions.
+
 - remove debug mode (root check)
+
 - better return values in function
+
 - use more email.Utils in mail.py
+
+- add gettext support. Is this really needed for a server
+  utility?
+
+- send an email when fail2ban is running
+
+- add multithreading. Python threading is not really
+  efficient. However, fail2ban could benefit of it. We could
+  use threads like this:
+  - one thread which check for host to unban.
+  - one thread per file to watch. This will allow things like
+    different polling time for each file.
+  <srv> is read-only (we only read log files) thus no locks
+  are required. However, <meth> is read-write and must take
+  care of concurrency in case of multithreading.
+
+- add FAM/Gamin support. Should be quite efficient with
+  threading. Take care that handle_one_event() release the
+  Python lock.
+
+- add a test framework. We could use unittest which is in
+  Python since 2.1. It should be possible to run all tests
+  automatically.
+
+- add client/server using socket. Something similar to
+  gdesklets. DBUS seems to be designed for desktop use.
+  - fail2ban start -> start the daemon.
+  - fail2ban stop -> stop the daemon.
+  - fail2ban add <srv> <meth> -> add <srv> monitoring with
+    <meth> ban method (iptables, hosts.deny, etc).
+  - fail2ban del <srv> -> remove <srv> monitoring.
+  - fail2ban status <srv> -> query current fail2ban status.
+    Should return infos like a ban counter. Could be graph
+    with rrdtool.
+  - fail2ban pause <srv> -> suspend monitoring.
+  - fail2ban resume <srv> -> resume monitoring.
+  - fail2ban list -> list available services.
+  - fail2ban flush <srv> -> flush the <srv> ban list.
+  
+- remove PID file.
+
+- remove most of the command lines options if possible.
+
+- add the possibility to specify wildcard in log files.
+  Example: logfile = /var/log/apache2/access-*.log
+  Should we start one thread per file or just one thread per
+  serivce?
+
+- autodetect date format in log file. Match the most popular
+  format and sort them using the hit ratio. Should avoid
+  user problem with regex and not have a big impact on perfs.
+
+- restart automatically the daemon if an exception occurs.

config/fail2ban.conf.hostsdeny

@@ -1,6 +1,6 @@
 # Fail2Ban configuration file
 #
-# $Revision: 1.9 $
+# $Revision: 1.2 $
 #
 # 2005.06.21  modified for readability  Iain Lea  iain@bricbrac.de
 
@@ -11,12 +11,6 @@
 #
 background = false
 
-# Option:  debug
-# Notes.:  enable debug mode. More verbose output and bypass root user test.
-# Values:  [true | false]  Default:  false
-#
-debug = false
-
 # Option:  logtargets
 # Notes.:  log targets. Space separated list of logging targets.
 # Values:  STDERR SYSLOG file  Default:  /var/log/fail2ban.log
@@ -48,7 +42,8 @@ pidlock = /var/run/fail2ban.pid
 maxfailures = 5
 
 # Option:  bantime
-# Notes.:  number of seconds an IP will be banned.
+# Notes.:  number of seconds an IP will be banned. If set to a negative
+#          value, IP will never be unbanned (permanent banning).
 # Values:  NUM  Default:  600
 #
 bantime = 600
@@ -63,9 +58,9 @@ findtime = 600
 # Notes.:  space separated list of IP's to be ignored by fail2ban.
 #          You can use CIDR mask in order to specify a range.
 #          Example:  ignoreip = 192.168.0.1/24 123.45.235.65
-# Values:  IP  Default:  192.168.0.0/16
+# Values:  IP  Default:  
 #
-ignoreip = 192.168.0.0/16
+ignoreip = 
 
 # Option:  cmdstart
 # Notes.:  command executed once at the start of Fail2Ban
@@ -99,6 +94,44 @@ reinittime = 10
 #
 maxreinits = -1
 
+# NOTE: Interpolations
+#
+# fwstart, as well as fwend, fwcheck, fwban, fwunban, use interpolations
+# so %(__name__)s  will be substituted by a name of each section
+# (unless the option is overriden in a section).
+# If you are going to use interpolations in your setup, please make
+# sure that you specified options port and protocol (which also has
+# an option in DEFAULT).
+#
+
+# Option:  hostsdeny
+# Notes.:  hosts.deny file path.
+# Values:  STR  Default:  /etc/hosts.deny
+#
+hostsdeny = /etc/hosts.deny
+
+# Option:  fwban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+# Default: iptables -I INPUT 1 -s <ip> -j DROP
+#
+fwban = IP=<ip> && echo "ALL: $IP" >> %(hostsdeny)s
+
+# Option:  fwunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+# Default: iptables -D INPUT -s <ip> -j DROP
+#
+fwunban = IP=<ip> && sed -i.old s/ALL:\ $IP// %(hostsdeny)s
 
 [MAIL]
 # Option:  enabled
@@ -119,6 +152,19 @@ host = localhost
 #
 port = 25
 
+# Option:  user
+# Notes.:  the username for smtp-server if authentification is required.
+#          if user is empty, no authentification is done.
+# Values:  STR  Default:  
+#
+user = 
+
+# Option:  password
+# Notes.:  the smtp-user's password if authentification is required.
+# Values:  STR  Default:  
+#
+password = 
+
 # Option:  from
 # Notes.:  e-mail address of the sender.
 # Values:  MAIL  Default:  fail2ban
@@ -182,53 +228,9 @@ enabled = false
 #
 logfile = /var/log/httpd/access_log
 
-# Option:  fwstart
-# Notes.:  command executed once at the start of Fail2Ban
-# Values:  CMD  Default:
-#
-fwstart = iptables -N fail2ban-http
-          iptables -I INPUT -p tcp --dport http -j fail2ban-http
-          iptables -A fail2ban-http -j RETURN
-
-# Option:  fwend
-# Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD  Default:
-#
-fwend = iptables -D INPUT -p tcp --dport http -j fail2ban-http
-        iptables -F fail2ban-http
-        iptables -X fail2ban-http
-
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
-# Values:  CMD  Default:
-#
-fwcheck = iptables -L INPUT | grep -q fail2ban-http
-
-# Option:  fwban
-# Notes.:  command executed when banning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <failures>  number of failures
-#          <failtime>  unix timestamp of the last failure
-#          <bantime>  unix timestamp of the ban time
-# Values:  CMD
-# Default: iptables -I INPUT 1 -s <ip> -j DROP
-#
-fwban = iptables -I fail2ban-http 1 -s <ip> -j DROP
-
-# Option:  fwunban
-# Notes.:  command executed when unbanning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <bantime>  unix timestamp of the ban time
-#          <unbantime>  unix timestamp of the unban time
-# Values:  CMD
-# Default: iptables -D INPUT -s <ip> -j DROP
-#
-fwunban = iptables -D fail2ban-http -s <ip> -j DROP
-
 # Option:  timeregex
-# Notes.:  regex to match timestamp in Apache logfile.
+# Notes.:  regex to match timestamp in Apache logfile. For TAI64N format,
+#          use timeregex = @[0-9a-f]{24}
 # Values:  [Wed Jan 05 15:08:01 2005]
 # Default: \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
 #
@@ -236,7 +238,8 @@ timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
 
 # Option:  timepattern
 # Notes.:  format used in "timeregex" fields definition. Note that '%' must be
-#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
+#          For TAI64N format, use timepattern = tai64n
 # Values:  TEXT  Default:  %%a %%b %%d %%H:%%M:%%S %%Y
 #
 timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
@@ -248,6 +251,46 @@ timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
 failregex = authentication failure|user .* not found
 
 
+[VSFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/secure
+#
+logfile = /var/log/vsftpd.log
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ftp
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
+#
+failregex = FAIL LOGIN
+
+
 [SSH]
 # Option:  enabled
 # Notes.:  enable monitoring for this section.
@@ -261,53 +304,9 @@ enabled = true
 #
 logfile = /var/log/secure
 
-# Option:  fwstart
-# Notes.:  command executed once at the start of Fail2Ban
-# Values:  CMD  Default:
-#
-fwstart = iptables -N fail2ban-ssh
-          iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh
-          iptables -A fail2ban-ssh -j RETURN
-
-# Option:  fwend
-# Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD  Default:
-#
-fwend = iptables -D INPUT -p tcp --dport ssh -j fail2ban-ssh
-        iptables -F fail2ban-ssh
-        iptables -X fail2ban-ssh
-
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
-# Values:  CMD  Default:
-#
-fwcheck = iptables -L INPUT | grep -q fail2ban-ssh
-
-# Option:  fwbanrule
-# Notes.:  command executed when banning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <failures>  number of failures
-#          <failtime>  unix timestamp of the last failure
-#          <bantime>  unix timestamp of the ban time
-# Values:  CMD
-# Default: iptables -I INPUT 1 -s <ip> -j DROP
-#
-fwban = iptables -I fail2ban-ssh 1 -s <ip> -j DROP
-
-# Option:  fwunbanrule
-# Notes.:  command executed when unbanning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <bantime>  unix timestamp of the ban time
-#          <unbantime>  unix timestamp of the unban time
-# Values:  CMD
-# Default: iptables -D INPUT -s <ip> -j DROP
-#
-fwunban = iptables -D fail2ban-ssh -s <ip> -j DROP
-
 # Option:  timeregex
-# Notes.:  regex to match timestamp in SSH logfile.
+# Notes.:  regex to match timestamp in SSH logfile. For TAI64N format,
+#          use timeregex = @[0-9a-f]{24}
 # Values:  [Mar  7 17:53:28]
 # Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
 #
@@ -315,7 +314,8 @@ timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
 
 # Option:  timepattern
 # Notes.:  format used in "timeregex" fields definition. Note that '%' must be
-#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
+#          For TAI64N format, use timepattern = tai64n
 # Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
 #
 timepattern = %%b %%d %%H:%%M:%%S

config/fail2ban.conf.iptables

@@ -0,0 +1,361 @@
+# Fail2Ban configuration file
+#
+# $Revision: 1.2.2.1 $
+#
+# 2005.06.21  modified for readability  Iain Lea  iain@bricbrac.de
+
+[DEFAULT]
+# Option:  background
+# Notes.:  start fail2ban as a daemon. Output is redirect to logfile.
+# Values:  [true | false]  Default:  false
+#
+background = false
+
+# Option:  logtargets
+# Notes.:  log targets. Space separated list of logging targets.
+# Values:  STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+#
+logtargets = /var/log/fail2ban.log
+
+# Option:  syslog-target
+# Notes.:  where to find syslog facility if logtarget SYSLOG.
+# Values:  SOCKET HOST HOST:PORT  Default: /dev/log
+#
+syslog-target = /dev/log
+
+# Option:  syslog-facility
+# Notes.:  which syslog facility to use if logtarget SYSLOG.
+# Values:  NUM  Default: 1
+#
+syslog-facility = 1
+
+# Option:  pidlock
+# Notes.:  path of the PID lock file (must be able to write to file).
+# Values:  FILE  Default:  /var/run/fail2ban.pid
+#
+pidlock = /var/run/fail2ban.pid
+
+# Option:  maxfailures
+# Notes.:  number of failures before IP gets banned.
+# Values:  NUM  Default:  5
+#
+maxfailures = 5
+
+# Option:  bantime
+# Notes.:  number of seconds an IP will be banned. If set to a negative
+#          value, IP will never be unbanned (permanent banning).
+# Values:  NUM  Default:  600
+#
+bantime = 600
+
+# Option:  findtime
+# Notes.:  lifetime in seconds of a "failed" log entry.
+# Values:  NUM  Default:  600
+#
+findtime = 600
+
+# Option:  ignoreip
+# Notes.:  space separated list of IP's to be ignored by fail2ban.
+#          You can use CIDR mask in order to specify a range.
+#          Example:  ignoreip = 192.168.0.1/24 123.45.235.65
+# Values:  IP  Default:  
+#
+ignoreip = 
+
+# Option:  cmdstart
+# Notes.:  command executed once at the start of Fail2Ban
+# Values:  CMD  Default:
+#
+cmdstart = 
+
+# Option:  cmdend
+# Notes.:  command executed once at the end of Fail2Ban.
+# Values:  CMD  Default:
+#
+cmdend = 
+
+# Option:  polltime
+# Notes.:  number of seconds fail2ban sleeps between iterations.
+# Values:  NUM  Default:  1
+#
+polltime = 1
+
+# Option:  reinittime
+# Notes.:  minimal number of seconds between the re-initialization of
+#          firewalls due to external changes in their rules (see fwcheck)
+# Values:  NUM  Default:  100
+#
+reinittime = 10
+
+# Option:  maxreinits
+# Notes.:  maximal number of re-initialization of firewalls due to external
+#          changes. -1 stays for infinite, so only reinittime is of importance
+# Values:  NUM  Default:  -1
+#
+maxreinits = -1
+
+# NOTE: Interpolations
+#
+# fwstart, as well as fwend, fwcheck, fwban, fwunban, use interpolations
+# so %(__name__)s  will be substituted by a name of each section
+# (unless the option is overriden in a section).
+# If you are going to use interpolations in your setup, please make
+# sure that you specified options port and protocol (which also has
+# an option in DEFAULT).
+#
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  fwstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD  Default:
+#
+fwstart = iptables -N fail2ban-%(__name__)s
+          iptables -A fail2ban-%(__name__)s -j RETURN
+          iptables -I INPUT -p %(protocol)s --dport %(port)s -j fail2ban-%(__name__)s
+
+# Option:  fwend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD  Default:
+#
+fwend = iptables -D INPUT -p %(protocol)s --dport %(port)s -j fail2ban-%(__name__)s
+        iptables -F fail2ban-%(__name__)s
+        iptables -X fail2ban-%(__name__)s
+
+# Option:  fwcheck
+# Notes.:  command executed once before each fwban command
+# Values:  CMD  Default:
+#
+fwcheck = iptables -L INPUT | grep -q fail2ban-%(__name__)s
+
+# Option:  fwban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+# Default: iptables -I INPUT 1 -s <ip> -j DROP
+#
+fwban = iptables -I fail2ban-%(__name__)s 1 -s <ip> -j DROP
+
+# Option:  fwunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+# Default: iptables -D INPUT -s <ip> -j DROP
+#
+fwunban = iptables -D fail2ban-%(__name__)s -s <ip> -j DROP
+
+[MAIL]
+# Option:  enabled
+# Notes.:  enable mail notification when banning an IP address.
+# Values:  [true | false]  Default:  false
+#
+enabled = false
+
+# Option:  host
+# Notes.:  host running the mail server.
+# Values:  STR  Default:  localhost
+#
+host = localhost
+
+# Option:  port
+# Notes.:  port of the mail server.
+# Values:  INT  Default:  25
+#
+port = 25
+
+# Option:  user
+# Notes.:  the username for smtp-server if authentification is required.
+#          if user is empty, no authentification is done.
+# Values:  STR  Default:  
+#
+user = 
+
+# Option:  password
+# Notes.:  the smtp-user's password if authentification is required.
+# Values:  STR  Default:  
+#
+password = 
+
+# Option:  from
+# Notes.:  e-mail address of the sender.
+# Values:  MAIL  Default:  fail2ban
+#
+from = fail2ban
+
+# Option:  to
+# Notes.:  e-mail addresses of the receiver. Addresses are space
+#          separated.
+# Values:  MAIL  Default:  root
+#
+to = root
+
+# Option:  localtime
+# Notes.:  report local time (including timezone) or GMT
+# Values:  [true | false]  Default:  false
+#
+localtime = true
+
+# Option:  subject
+# Notes.:  subject of the e-mail.
+# Tags:    <section> active section (eg ssh, apache, etc)
+#          <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+# Values:  TEXT  Default:  [Fail2Ban] <section>: Banned <ip>
+#
+subject = [Fail2Ban] <section>: Banned <ip>
+
+# Option:  message
+# Notes.:  message of the e-mail.
+# Tags:    <section> active section (eg ssh, apache, etc)
+#          <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <br>  new line
+# Values:  TEXT  Default:
+#
+message = Hi,<br>
+          The IP <ip> has just been banned by Fail2Ban after
+          <failures> attempts against <section>.<br>
+          Regards,<br>
+          Fail2Ban
+
+# You can define a new section for each log file to check for
+# password failure. Each section has to define the following
+# options: logfile, fwban, fwunban, timeregex, timepattern,
+# failregex.
+
+
+[Apache]
+# Option:  enabled
+# Notes.:  enable monitoring for this section.
+# Values:  [true | false]  Default:  false
+#
+enabled = false
+
+# Option:  logfile
+# Notes.:  logfile to monitor.
+# Values:  FILE  Default:  /var/log/httpd/access_log
+#
+logfile = /var/log/httpd/access_log
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = http
+
+# Option:  timeregex
+# Notes.:  regex to match timestamp in Apache logfile. For TAI64N format,
+#          use timeregex = @[0-9a-f]{24}
+# Values:  [Wed Jan 05 15:08:01 2005]
+# Default: \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
+#
+timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
+
+# Option:  timepattern
+# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
+#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
+#          For TAI64N format, use timepattern = tai64n
+# Values:  TEXT  Default:  %%a %%b %%d %%H:%%M:%%S %%Y
+#
+timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile.
+# Values:  TEXT  Default:  authentication failure|user .* not found
+#
+failregex = authentication failure|user .* not found
+
+
+[VSFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/secure
+#
+logfile = /var/log/vsftpd.log
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ftp
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
+#
+failregex = FAIL LOGIN
+
+
+[SSH]
+# Option:  enabled
+# Notes.:  enable monitoring for this section.
+# Values:  [true | false]  Default:  true
+#
+enabled = true
+
+# Option:  logfile
+# Notes.:  logfile to monitor.
+# Values:  FILE  Default:  /var/log/secure
+#
+logfile = /var/log/secure
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  timeregex
+# Notes.:  regex to match timestamp in SSH logfile. For TAI64N format,
+#          use timeregex = @[0-9a-f]{24}
+# Values:  [Mar  7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option:  timepattern
+# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
+#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
+#          For TAI64N format, use timepattern = tai64n
+# Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile.
+# Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
+#
+failregex = Authentication failure|Failed password|Invalid user

config/fail2ban.conf.shorewall

@@ -0,0 +1,314 @@
+# Fail2Ban configuration file
+#
+# $Revision: 1.2 $
+#
+# 2005.06.21  modified for readability  Iain Lea  iain@bricbrac.de
+
+[DEFAULT]
+# Option:  background
+# Notes.:  start fail2ban as a daemon. Output is redirect to logfile.
+# Values:  [true | false]  Default:  false
+#
+background = false
+
+# Option:  logtargets
+# Notes.:  log targets. Space separated list of logging targets.
+# Values:  STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+#
+logtargets = /var/log/fail2ban.log
+
+# Option:  syslog-target
+# Notes.:  where to find syslog facility if logtarget SYSLOG.
+# Values:  SOCKET HOST HOST:PORT  Default: /dev/log
+#
+syslog-target = /dev/log
+
+# Option:  syslog-facility
+# Notes.:  which syslog facility to use if logtarget SYSLOG.
+# Values:  NUM  Default: 1
+#
+syslog-facility = 1
+
+# Option:  pidlock
+# Notes.:  path of the PID lock file (must be able to write to file).
+# Values:  FILE  Default:  /var/run/fail2ban.pid
+#
+pidlock = /var/run/fail2ban.pid
+
+# Option:  maxfailures
+# Notes.:  number of failures before IP gets banned.
+# Values:  NUM  Default:  5
+#
+maxfailures = 5
+
+# Option:  bantime
+# Notes.:  number of seconds an IP will be banned. If set to a negative
+#          value, IP will never be unbanned (permanent banning).
+# Values:  NUM  Default:  600
+#
+bantime = 600
+
+# Option:  findtime
+# Notes.:  lifetime in seconds of a "failed" log entry.
+# Values:  NUM  Default:  600
+#
+findtime = 600
+
+# Option:  ignoreip
+# Notes.:  space separated list of IP's to be ignored by fail2ban.
+#          You can use CIDR mask in order to specify a range.
+#          Example:  ignoreip = 192.168.0.1/24 123.45.235.65
+# Values:  IP  Default:  
+#
+ignoreip = 
+
+# Option:  cmdstart
+# Notes.:  command executed once at the start of Fail2Ban
+# Values:  CMD  Default:
+#
+cmdstart = 
+
+# Option:  cmdend
+# Notes.:  command executed once at the end of Fail2Ban.
+# Values:  CMD  Default:
+#
+cmdend = 
+
+# Option:  polltime
+# Notes.:  number of seconds fail2ban sleeps between iterations.
+# Values:  NUM  Default:  1
+#
+polltime = 1
+
+# Option:  reinittime
+# Notes.:  minimal number of seconds between the re-initialization of
+#          firewalls due to external changes in their rules (see fwcheck)
+# Values:  NUM  Default:  100
+#
+reinittime = 10
+
+# Option:  maxreinits
+# Notes.:  maximal number of re-initialization of firewalls due to external
+#          changes. -1 stays for infinite, so only reinittime is of importance
+# Values:  NUM  Default:  -1
+#
+maxreinits = -1
+
+# NOTE: Interpolations
+#
+# fwstart, as well as fwend, fwcheck, fwban, fwunban, use interpolations
+# so %(__name__)s  will be substituted by a name of each section
+# (unless the option is overriden in a section).
+# If you are going to use interpolations in your setup, please make
+# sure that you specified options port and protocol (which also has
+# an option in DEFAULT).
+#
+
+# Option:  fwban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+# Default: iptables -I INPUT 1 -s <ip> -j DROP
+#
+fwban = shorewall drop <ip>
+
+# Option:  fwunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+# Default: iptables -D INPUT -s <ip> -j DROP
+#
+fwunban = shorewall allow <ip>
+
+[MAIL]
+# Option:  enabled
+# Notes.:  enable mail notification when banning an IP address.
+# Values:  [true | false]  Default:  false
+#
+enabled = false
+
+# Option:  host
+# Notes.:  host running the mail server.
+# Values:  STR  Default:  localhost
+#
+host = localhost
+
+# Option:  port
+# Notes.:  port of the mail server.
+# Values:  INT  Default:  25
+#
+port = 25
+
+# Option:  user
+# Notes.:  the username for smtp-server if authentification is required.
+#          if user is empty, no authentification is done.
+# Values:  STR  Default:  
+#
+user = 
+
+# Option:  password
+# Notes.:  the smtp-user's password if authentification is required.
+# Values:  STR  Default:  
+#
+password = 
+
+# Option:  from
+# Notes.:  e-mail address of the sender.
+# Values:  MAIL  Default:  fail2ban
+#
+from = fail2ban
+
+# Option:  to
+# Notes.:  e-mail addresses of the receiver. Addresses are space
+#          separated.
+# Values:  MAIL  Default:  root
+#
+to = root
+
+# Option:  localtime
+# Notes.:  report local time (including timezone) or GMT
+# Values:  [true | false]  Default:  false
+#
+localtime = true
+
+# Option:  subject
+# Notes.:  subject of the e-mail.
+# Tags:    <section> active section (eg ssh, apache, etc)
+#          <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+# Values:  TEXT  Default:  [Fail2Ban] <section>: Banned <ip>
+#
+subject = [Fail2Ban] <section>: Banned <ip>
+
+# Option:  message
+# Notes.:  message of the e-mail.
+# Tags:    <section> active section (eg ssh, apache, etc)
+#          <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <br>  new line
+# Values:  TEXT  Default:
+#
+message = Hi,<br>
+          The IP <ip> has just been banned by Fail2Ban after
+          <failures> attempts against <section>.<br>
+          Regards,<br>
+          Fail2Ban
+
+# You can define a new section for each log file to check for
+# password failure. Each section has to define the following
+# options: logfile, fwban, fwunban, timeregex, timepattern,
+# failregex.
+
+
+[Apache]
+# Option:  enabled
+# Notes.:  enable monitoring for this section.
+# Values:  [true | false]  Default:  false
+#
+enabled = false
+
+# Option:  logfile
+# Notes.:  logfile to monitor.
+# Values:  FILE  Default:  /var/log/httpd/access_log
+#
+logfile = /var/log/httpd/access_log
+
+# Option:  timeregex
+# Notes.:  regex to match timestamp in Apache logfile. For TAI64N format,
+#          use timeregex = @[0-9a-f]{24}
+# Values:  [Wed Jan 05 15:08:01 2005]
+# Default: \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
+#
+timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
+
+# Option:  timepattern
+# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
+#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
+#          For TAI64N format, use timepattern = tai64n
+# Values:  TEXT  Default:  %%a %%b %%d %%H:%%M:%%S %%Y
+#
+timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
+
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile.
+# Values:  TEXT  Default:  authentication failure|user .* not found
+#
+failregex = authentication failure|user .* not found
+
+[VSFTPD]
+# Option: enabled
+# Notes.: enable monitoring for this section.
+# Values: [true | false] Default: false
+#
+enabled = false
+
+# Option: logfile
+# Notes.: logfile to monitor.
+# Values: FILE Default: /var/log/secure
+#
+logfile = /var/log/vsftpd.log
+
+# Option: timeregex
+# Notes.: regex to match timestamp in VSFTPD logfile.
+# Values: [Mar 7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option: timepattern
+# Notes.: format used in "timeregex" fields definition. Note that '%' must be
+# escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values: TEXT Default: %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option: failregex
+# Notes.: regex to match the password failures messages in the logfile.
+# Values: TEXT Default: Authentication failure|Failed password|Invalid user
+#
+failregex = FAIL LOGIN
+
+
+[SSH]
+# Option:  enabled
+# Notes.:  enable monitoring for this section.
+# Values:  [true | false]  Default:  true
+#
+enabled = true
+
+# Option:  logfile
+# Notes.:  logfile to monitor.
+# Values:  FILE  Default:  /var/log/secure
+#
+logfile = /var/log/secure
+
+# Option:  timeregex
+# Notes.:  regex to match timestamp in SSH logfile. For TAI64N format,
+#          use timeregex = @[0-9a-f]{24}
+# Values:  [Mar  7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# Option:  timepattern
+# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
+#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule).
+#          For TAI64N format, use timepattern = tai64n
+# Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
+#
+timepattern = %%b %%d %%H:%%M:%%S
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile.
+# Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
+#
+failregex = Authentication failure|Failed password|Invalid user

fail2ban

@@ -18,18 +18,26 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 1.5 $
+# $Revision: 1.7 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.5 $"
+__version__ = "$Revision: 1.7 $"
-__date__ = "$Date: 2005/11/20 17:07:47 $"
+__date__ = "$Date: 2005/12/27 15:09:50 $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import sys, traceback, logging
+import sys, traceback, logging, locale
 
-# Appends our own modules path.
+# Set the locale with the user's default setting
-sys.path.append("/usr/lib/fail2ban")
+try:
+	locale.setlocale(locale.LC_ALL, '')
+except Exception:
+	print "Unable to set locale to " + `locale.getdefaultlocale()`
+	sys.exit(-1)
+
+# Inserts our own modules path first in the list
+# fix for bug #343821
+sys.path.insert(1, "/usr/lib/fail2ban")
 
 # Now we can import our modules.
 import fail2ban
@@ -41,8 +49,9 @@ logSys = logging.getLogger("fail2ban")
 # Get PID lock file instance
 pidLock = PIDLock()
 
-# Start the application. Handle all the unhandled exceptions
+# Handle all the unhandled exceptions
 try:
+	# Start the application
 	fail2ban.main()
 except SystemExit:
 	# We called sys.exit(). Nothing wrong so just pass

fail2ban.py

@@ -17,11 +17,11 @@
 # Author: Cyril Jaquier
 # Modified by: Yaroslav Halchenko (SYSLOG, findtime)
 # 
-# $Revision: 1.21 $
+# $Revision: 1.24 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.21 $"
+__version__ = "$Revision: 1.24 $"
-__date__ = "$Date: 2005/11/20 17:07:47 $"
+__date__ = "$Date: 2006/01/22 11:10:29 $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -56,7 +56,6 @@ def dispUsage():
 	print "and bans the corresponding IP addresses using firewall rules."
 	print
 	print "  -b         start in background"
-	print "  -d         start in debug mode"
 	print "  -c <FILE>  read configuration file FILE"
 	print "  -p <FILE>  create PID lock in FILE"
 	print "  -h         display this help message"
@@ -186,6 +185,7 @@ def main():
 	stdout.setFormatter(formatter)
 	
 	conf["kill"] = False
+	conf["debug"] = False
 	conf["verbose"] = 0
 	conf["conffile"] = "/etc/fail2ban.conf"
 	
@@ -208,7 +208,7 @@ def main():
 	
 	# Reads the config file and create a LogReader instance for
 	# each log file to check.
-	confReader = ConfigReader(conf["conffile"]);
+	confReader = ConfigReader(conf["conffile"])
 	confReader.openConf()
 	
 	# Options
@@ -216,7 +216,6 @@ def main():
 					["str", "logtargets", "/var/log/fail2ban.log"],
 					["str", "syslog-target", "/dev/log"],
 					["int", "syslog-facility", 1],
-					["bool", "debug", False],
 					["str", "pidlock", "/var/run/fail2ban.pid"],
 					["int", "maxfailures", 5],
 					["int", "bantime", 600],
@@ -294,8 +293,8 @@ def main():
 						port = int(syslogtargets[3])
 					syslogtarget = (syslogtargets[1], port)
 				hdlr = logging.handlers.SysLogHandler(syslogtarget, facility)
-			tformatter = logging.Formatter("fail2ban[%(process)d]: " +
+			tformatter = logging.Formatter("%(asctime)s %(name)s " +
-										   formatterstring);
+										    formatterstring, "%b %e %T");
 		else:
 			# Target should be a file
 			try:
@@ -315,14 +314,14 @@ def main():
 			logSys.setLevel(logging.INFO)
 		elif conf["verbose"] > 1:
 			logSys.setLevel(logging.DEBUG)
-		
+		if conf["verbose"] > 2:
-	# Set debug log level
+			formatterstring = ('%(levelname)s: [%(filename)s (%(lineno)d)] ' +
-	if conf["debug"]:
-		logSys.setLevel(logging.DEBUG)
-		formatterstring = ('%(levelname)s: [%(filename)s (%(lineno)d)] ' +
 						   '%(message)s')
-		formatter = logging.Formatter("%(asctime)s " + formatterstring)
+			formatter = logging.Formatter("%(asctime)s " + formatterstring)
-		stdout.setFormatter(formatter)
+			stdout.setFormatter(formatter)
+	
+	# Debug mode. Should only be used by developers
+	if conf["debug"]:
 		logSys.warn("DEBUG MODE: FIREWALL COMMANDS ARE _NOT_ EXECUTED BUT " +
 					"ONLY DISPLAYED IN THE LOG MESSAGES")
 	
@@ -358,6 +357,8 @@ def main():
 					["int", "port", "25"],
 					["str", "from", "root"],
 					["str", "to", "root"],
+					["str", "user", ''],
+					["str", "password", ''],
 					["bool", "localtime", False],
 					["str", "subject", "[Fail2Ban] Banned <ip>"],
 					["str", "message", "Fail2Ban notification"])
@@ -370,6 +371,8 @@ def main():
 		logSys.debug("Mail enabled")
 		mail = Mail(mailConf["host"], mailConf["port"])
 		mail.setFromAddr(mailConf["from"])
+		mail.setUser(mailConf["user"])
+		mail.setPassword(mailConf["password"])
 		mail.setToAddr(mailConf["to"])
 		mail.setLocalTimeFlag(mailConf["localtime"])
 		logSys.debug("to: " + mailConf["to"] + " from: " + mailConf["from"])
@@ -420,7 +423,25 @@ def main():
 		else:
 			logSys.warn(ip + " is not a valid IP address")
 	
-	initializeFwRules()
+	# Startup loop -- necessary to avoid crash if it takes time for iptables
+	# to startup. To avoid introduction of new config options, reusing
+	# maxreinits and polltime.
+	reinits = 0
+	while True:
+		try:
+			initializeFwRules()
+			break
+		except ExternalError, e:
+			reinits += 1
+			logSys.warn(e)
+			if conf["maxreinits"] < 0 or (reinits < conf["maxreinits"]):
+				logSys.warn("#%d attempt to initialize the firewalls" % reinits)
+			else:
+				logSys.error("Exiting: Too many attempts to initialize the " +
+							 "firewall")
+				killApp()
+			time.sleep(conf["polltime"])
+
 	# try to reinit once if it fails immediately
 	lastReinitTime = time.time() - conf["reinittime"] - 1
 	reinits = 0

firewall/firewall.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 1.9 $
+# $Revision: 1.10 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.9 $"
+__version__ = "$Revision: 1.10 $"
-__date__ = "$Date: 2005/11/20 17:07:47 $"
+__date__ = "$Date: 2005/12/16 23:48:52 $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -86,7 +86,11 @@ class Firewall:
 		ip = aInfo["ip"]
 		if not self.inBanList(ip):
 			crtTime = time.time()
-			logSys.warn("%s: Ban "%self.section + ip)
+			if self.banTime < 0:
+				banMsg = "Ban (permanent)"
+			else:
+				banMsg = "Ban (%d s)"%self.banTime
+			logSys.warn("%s: %s "%(self.section, banMsg) + ip)
 			self.banList[ip] = crtTime
 			aInfo["bantime"] = crtTime
 			self.runCheck(debug)
@@ -138,8 +142,12 @@ class Firewall:
 			return None
 
 	def checkForUnBan(self, debug):
-		""" Check for IP to remove from ban list.
+		""" Check for IP to remove from ban list. If banTime is smaller than
+			zero, IP will be never removed.
 		"""
+		if self.banTime < 0:
+			# Permanent banning
+			return
 		banListTemp = self.banList.copy()
 		for element in banListTemp.iteritems():
 			btime = element[1]

logreader/logreader.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 1.14 $
+# $Revision: 1.16 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.14 $"
+__version__ = "$Revision: 1.16 $"
-__date__ = "$Date: 2005/11/20 17:07:47 $"
+__date__ = "$Date: 2006/01/03 15:13:04 $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -201,7 +201,18 @@ class LogReader:
 			Pattern should describe the date construction of
 			value.
 		"""
-		date = list(time.strptime(value, self.timepattern))
+		try:
+			# Check if the parsed value is in TAI64N format
+			if not self.timepattern.lower() == "tai64n":
+				date = list(time.strptime(value, self.timepattern))
+			else:
+				# extract part of format which represents seconds since epoch
+				seconds_since_epoch = value[2:17]
+				date = list(time.gmtime(int(seconds_since_epoch, 16)))
+		except ValueError, e:
+			logSys.error(e)
+			logSys.error("Please check the format and your locale settings.")
+			return None
 		if date[0] < 2000:
 			# There is probably no year field in the logs
 			date[0] = time.gmtime()[0]

man/fail2ban.8

@@ -14,9 +14,6 @@ firewall rules to reject the IP address.
 \fB\-b\fR
 start in background
 .TP 
-\fB\-d\fR
-start in debug mode. Commands are NOT executed but only displayed
-.TP 
 \fB\-c\fR \fIFILE\fR
 read configuration file \fIFILE\fR
 .TP 

setup.py

@@ -18,11 +18,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 1.5 $
+# $Revision: 1.6 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.5 $"
+__version__ = "$Revision: 1.6 $"
-__date__ = "$Date: 2005/11/20 17:07:47 $"
+__date__ = "$Date: 2006/01/22 11:08:42 $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -78,5 +78,5 @@ if obsoleteFiles:
 if argv[1] == "install":
 	print
 	print "Please do not forget to update your configuration file."
-	print "Use config/fail2ban.conf.default as example."
+	print "Use config/fail2ban.conf.* as example."
 	print

utils/mail.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 1.2 $
+# $Revision: 1.3 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.2 $"
+__version__ = "$Revision: 1.3 $"
-__date__ = "$Date: 2005/11/20 17:07:47 $"
+__date__ = "$Date: 2006/01/03 15:13:41 $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -44,6 +44,16 @@ class Mail:
 		""" Set from: address
 		"""
 		self.fromAddr = fromAddr
+
+	def setUser(self, user):
+		""" Set smtpuser
+		"""
+		self.user = user
+
+	def setPassword(self, password):
+		""" Set smtppassword
+		"""
+		self.password = password
 	
 	def setToAddr(self, toAddr):
 		""" Set to: address
@@ -69,6 +79,8 @@ class Mail:
 		try:
 			server = smtplib.SMTP(self.host, self.port)
 			#server.set_debuglevel(1)
+			if not self.user == '':
+				server.login(self.user, self.password)
 			server.sendmail(self.fromAddr, self.toAddr, mail)
 			logSys.debug("Email sent to " + `self.toAddr`)
 			server.quit()	

version.py

@@ -16,12 +16,12 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 1.13 $
+# $Revision: 1.15 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 1.13 $"
+__version__ = "$Revision: 1.15 $"
-__date__ = "$Date: 2005/11/20 17:07:47 $"
+__date__ = "$Date: 2006/03/15 23:07:12 $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.6.0"
+version = "0.6.1"