- Added "shorewall" action

- Use glob in setup.py

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@413 a942ae1a-1317-0410-a47c-b1dcaea8d605

CHANGELOG

@@ -15,6 +15,7 @@ ver. 0.7.4 (2006/??/??) - beta
 - Added "-s" option to specify the socket path and "socket"
   option in "fail2ban.conf"
 - Added "backend" option in "jail.conf"
+- Added more filters/actions and jail samples
 
 ver. 0.7.3 (2006/09/28) - beta
 ----------

MANIFEST

@@ -62,6 +62,7 @@ config/action.d/iptables.conf
 config/action.d/mail-whois.conf
 config/action.d/mail.conf
 config/action.d/hostsdeny.conf
+config/action.d/shorewall.conf
 config/fail2ban.conf
 man/fail2ban-client.1
 man/fail2ban-client.h2m

config/action.d/shorewall.conf

@@ -0,0 +1,47 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 394 $
+#
+
+[Definition]
+
+# Option:  fwstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = 
+
+# Option:  fwend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = 
+
+# Option:  fwcheck
+# Notes.:  command executed once before each fwban command
+# Values:  CMD
+#
+actioncheck = 
+
+# Option:  fwban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = shorewall reject <ip>
+
+# Option:  fwunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+#
+actionunban = shorewall allow <ip>

config/jail.conf

@@ -15,6 +15,10 @@ ignoreip = 127.0.0.1
 bantime  = 600
 maxretry = 3
 
+# "backend" specifies the backend used to get files modification. Available
+# options are "gamin", "polling" and "auto".
+backend = auto
+
 
 # This jail corresponds to the standard configuration in Fail2ban 0.6.
 # The mail-whois action send a notification e-mail with a whois request
@@ -38,10 +42,13 @@ action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
 logpath  = /var/log/proftpd/proftpd.log
 maxretry = 6
 
+# This jail forces the backend to "polling".
+
 [sasl-iptables]
 
 enabled  = false
 filter   = sasl
+backend  = polling
 action   = iptables[name=sasl, port=smtp, protocol=tcp]
            mail-whois[name=sasl, dest=yourmail@mail.com]
 logpath  = /var/log/mail.log
@@ -104,3 +111,13 @@ action   = mail-whois[name=VSFTPD, dest=yourmail@mail.com]
 logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800
+
+# Use shorewall instead of iptables.
+
+[apache-shorewall]
+
+enabled  = false
+filter   = apache-noscript
+action   = shorewall
+           mail[name=Postfix, dest=yourmail@mail.com]
+logpath  = /var/log/apache2/error_log

setup.py

@@ -30,6 +30,7 @@ from distutils.core import setup
 from version import version
 from os.path import isfile, join
 from sys import exit, argv
+from glob import glob
 
 longdesc = '''
 Fail2Ban scans log files like /var/log/pwdfail or
@@ -60,31 +61,13 @@ setup(
 				],
 	data_files =	[
 						('/etc/fail2ban',
-							[
-								'config/fail2ban.conf',
-								'config/jail.conf'
-							]
+							glob("config/*.conf")
 						),
 						('/etc/fail2ban/filter.d',
-							[
-								'config/filter.d/vsftpd.conf',
-								'config/filter.d/apache-auth.conf',
-								'config/filter.d/apache-noscript.conf',
-								'config/filter.d/proftpd.conf',
-								'config/filter.d/sasl.conf',
-								'config/filter.d/sshd.conf',
-								'config/filter.d/couriersmtp.conf',
-								'config/filter.d/postfix.conf',
-								'config/filter.d/qmail.conf'
-							]
+							glob("config/filter.d/*.conf")
 						),
 						('/etc/fail2ban/action.d',
-							[
-								'config/action.d/iptables.conf',
-								'config/action.d/mail-whois.conf',
-								'config/action.d/mail.conf',
-								'config/action.d/hostsdeny.conf'
-							]
+							glob("config/action.d/*.conf")
 						)
 					]
 )