From 46fc4c461588118b0c617de0528f095ccf7d9e4f Mon Sep 17 00:00:00 2001
From: sebres <info@sebres.de>
Date: Thu, 18 Apr 2019 22:14:34 +0200
Subject: [PATCH] protocol and documentation

---
 MANIFEST              |  3 +++
 fail2ban/protocol.py  |  4 ++++
 man/fail2ban-client.1 | 18 ++++++++++++++++++
 man/jail.conf.5       |  8 ++++++++
 4 files changed, 33 insertions(+)

diff --git a/MANIFEST b/MANIFEST
index cb393096..892f33b7 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -145,6 +145,7 @@ config/filter.d/sshd.conf
 config/filter.d/stunnel.conf
 config/filter.d/suhosin.conf
 config/filter.d/tine20.conf
+config/filter.d/traefik-auth.conf
 config/filter.d/uwimap-auth.conf
 config/filter.d/vsftpd.conf
 config/filter.d/webmin-auth.conf
@@ -333,9 +334,11 @@ fail2ban/tests/files/logs/solid-pop3d
 fail2ban/tests/files/logs/squid
 fail2ban/tests/files/logs/squirrelmail
 fail2ban/tests/files/logs/sshd
+fail2ban/tests/files/logs/sshd-journal
 fail2ban/tests/files/logs/stunnel
 fail2ban/tests/files/logs/suhosin
 fail2ban/tests/files/logs/tine20
+fail2ban/tests/files/logs/traefik-auth
 fail2ban/tests/files/logs/uwimap-auth
 fail2ban/tests/files/logs/vsftpd
 fail2ban/tests/files/logs/webmin-auth
diff --git a/fail2ban/protocol.py b/fail2ban/protocol.py
index de9665f8..92b0dcc0 100644
--- a/fail2ban/protocol.py
+++ b/fail2ban/protocol.py
@@ -72,6 +72,8 @@ protocol = [
 ['', "DATABASE", ""],
 ["set dbfile <FILE>", "set the location of fail2ban persistent datastore. Set to \"None\" to disable"], 
 ["get dbfile", "get the location of fail2ban persistent datastore"], 
+["set dbmaxmatches <INT>", "sets the max number of matches stored in database per ticket"], 
+["get dbmaxmatches", "gets the max number of matches stored in database per ticket"], 
 ["set dbpurgeage <SECONDS>", "sets the max age in <SECONDS> that history of bans will be kept"], 
 ["get dbpurgeage", "gets the max age in seconds that history of bans will be kept"], 
 ['', "JAIL CONTROL", ""],
@@ -103,6 +105,7 @@ protocol = [
 ["set <JAIL> banip <IP> ... <IP>", "manually Ban <IP> for <JAIL>"], 
 ["set <JAIL> unbanip [--report-absent] <IP> ... <IP>", "manually Unban <IP> in <JAIL>"], 
 ["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"], 
+["set <JAIL> maxmatches <INT>", "sets the max number of matches stored in memory per ticket in <JAIL>"], 
 ["set <JAIL> maxlines <LINES>", "sets the number of <LINES> to buffer for regex search for <JAIL>"], 
 ["set <JAIL> addaction <ACT>[ <PYTHONFILE> <JSONKWARGS>]", "adds a new action named <ACT> for <JAIL>. Optionally for a Python based action, a <PYTHONFILE> and <JSONKWARGS> can be specified, else will be a Command Action"], 
 ["set <JAIL> delaction <ACT>", "removes the action <ACT> from <JAIL>"], 
@@ -130,6 +133,7 @@ protocol = [
 ["get <JAIL> datepattern", "gets the patern used to match date/times for <JAIL>"],
 ["get <JAIL> usedns", "gets the usedns setting for <JAIL>"],
 ["get <JAIL> maxretry", "gets the number of failures allowed for <JAIL>"],
+["get <JAIL> maxmatches", "gets the max number of matches stored in memory per ticket in <JAIL>"], 
 ["get <JAIL> maxlines", "gets the number of lines to buffer for <JAIL>"],
 ["get <JAIL> actions", "gets a list of actions for <JAIL>"],
 ["", "COMMAND ACTION INFORMATION",""],
diff --git a/man/fail2ban-client.1 b/man/fail2ban-client.1
index 22035f85..6c1ff7ef 100644
--- a/man/fail2ban-client.1
+++ b/man/fail2ban-client.1
@@ -168,6 +168,14 @@ persistent datastore. Set to
 get the location of fail2ban
 persistent datastore
 .TP
+\fBset dbmaxmatches <INT>\fR
+sets the max number of matches
+stored in database per ticket
+.TP
+\fBget dbmaxmatches\fR
+gets the max number of matches
+stored in database per ticket
+.TP
 \fBset dbpurgeage <SECONDS>\fR
 sets the max age in <SECONDS> that
 history of bans will be kept
@@ -286,6 +294,11 @@ sets the number of failures
 <RETRY> before banning the host
 for <JAIL>
 .TP
+\fBset <JAIL> maxmatches <INT>\fR
+sets the max number of matches
+stored in memory per ticket in
+<JAIL>
+.TP
 \fBset <JAIL> maxlines <LINES>\fR
 sets the number of <LINES> to
 buffer for regex search for <JAIL>
@@ -393,6 +406,11 @@ gets the usedns setting for <JAIL>
 gets the number of failures
 allowed for <JAIL>
 .TP
+\fBget <JAIL> maxmatches\fR
+gets the max number of matches
+stored in memory per ticket in
+<JAIL>
+.TP
 \fBget <JAIL> maxlines\fR
 gets the number of lines to buffer
 for <JAIL>
diff --git a/man/jail.conf.5 b/man/jail.conf.5
index 0f3a4aa7..4f5c48e0 100644
--- a/man/jail.conf.5
+++ b/man/jail.conf.5
@@ -156,6 +156,11 @@ Database filename. Default: /var/lib/fail2ban/fail2ban.sqlite3
 .br
 This defines where the persistent data for fail2ban is stored. This persistent data allows bans to be reinstated and continue reading log files from the last read position when fail2ban is restarted. A value of \fINone\fR disables this feature.
 .TP
+.B dbmaxmatches
+Max number of matches stored in database per ticket. Default: 10
+.br
+This option sets the max number of matched log-lines could be stored per ticket in the database. This also affects values resolvable via tags \fB<ipmatches>\fR and \fB<ipjailmatches>\fR in actions.
+.TP
 .B dbpurgeage
 Database purge age in seconds. Default: 86400 (24hours)
 .br
@@ -276,6 +281,9 @@ regex (Python \fBreg\fRular \fBex\fRpression) to be added to the filter's failre
 .TP
 .B ignoreregex
 regex which, if the log line matches, would cause Fail2Ban not consider that line.  This line will be ignored even if it matches a failregex of the jail or any of its filters.
+.TP
+.B maxmatches
+max number of matched log-lines the jail would hold in memory per ticket. By default it is the same value as \fBmaxretry\fR of jail (or default).  This option also affects values resolvable via tag \fB<matches>\fR in actions.
 
 .SS Backends
 Available options are listed below.