From 9539012e1365bd216c8428fbe09047792947bce0 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 10 Dec 2006 16:37:22 +0000
Subject: [PATCH 01/24] - Added a "sleep 1". Thanks to Jim Wight

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@482 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 files/redhat-initd | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/redhat-initd b/files/redhat-initd
index 5909efeb..12867615 100755
--- a/files/redhat-initd
+++ b/files/redhat-initd
@@ -48,6 +48,7 @@ stop() {
     if [ -n "$pid" ]; then
         $FAIL2BAN stop > /dev/null
     fi
+    sleep 1
     getpid
     if [ -z "$pid" ]; then
         rm -f /var/lock/subsys/fail2ban

From a9b3f190efd8736d65bfac9498c7a47531fc164b Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 10 Dec 2006 16:46:54 +0000
Subject: [PATCH 02/24] - Prepared for next release

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@483 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG         | 6 +++++-
 README            | 2 +-
 common/version.py | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 90b4d506..3530ac3a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,9 +4,13 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.7.5)                           2006/12/07
+Fail2Ban (version 0.7.6)                           200?/??/??
 =============================================================
 
+ver. 0.7.6 (200?/??/??) - ???
+----------
+- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
+
 ver. 0.7.5 (2006/12/07) - beta
 ----------
 - Do not ban a host that is currently banned. Thanks to
diff --git a/README b/README
index f0f26801..0dedd93a 100644
--- a/README
+++ b/README
@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.7.5)                           2006/12/07
+Fail2Ban (version 0.7.6)                           200?/??/??
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
diff --git a/common/version.py b/common/version.py
index ee3b9df7..9e74d0e5 100644
--- a/common/version.py
+++ b/common/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.7.5"
+version = "0.7.5-SVN"

From 8ca367d609c3e6cf7804d15fb3d76d9c1a3ef021 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 13 Dec 2006 23:02:46 +0000
Subject: [PATCH 03/24] - Use /dev/log for SYSLOG output. Thanks to Joerg
 Sommrey

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@488 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG            | 1 +
 config/fail2ban.conf | 5 +++--
 server/server.py     | 4 +++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 3530ac3a..fc591814 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -10,6 +10,7 @@ Fail2Ban (version 0.7.6)                           200?/??/??
 ver. 0.7.6 (200?/??/??) - ???
 ----------
 - Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
+- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
diff --git a/config/fail2ban.conf b/config/fail2ban.conf
index 90439d0c..518c2ff4 100644
--- a/config/fail2ban.conf
+++ b/config/fail2ban.conf
@@ -18,8 +18,9 @@
 loglevel = 3
 
 # Option:  logtarget
-# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR.
-# Values:  STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
+#          Only one log target can be specified.
+# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
 #
 logtarget = /var/log/fail2ban.log
 
diff --git a/server/server.py b/server/server.py
index b93032b0..13d57669 100644
--- a/server/server.py
+++ b/server/server.py
@@ -306,7 +306,9 @@ class Server:
 			# Remove previous handler
 			logging.getLogger("fail2ban").handlers = []
 			if target == "SYSLOG":
-				hdlr = logging.handlers.SysLogHandler()
+				facility = logging.handlers.SysLogHandler.LOG_DAEMON
+				hdlr = logging.handlers.SysLogHandler("/dev/log",
+													  facility = facility)
 			elif target == "STDOUT":
 				hdlr = logging.StreamHandler(sys.stdout)
 			elif target == "STDERR":

From 6f7df2cc3c3f9a70c48189369268dd28ab285ec9 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Dec 2006 21:20:03 +0000
Subject: [PATCH 04/24] - Use numeric output for iptables in "actioncheck"

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@489 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG                     | 1 +
 config/action.d/iptables.conf | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index fc591814..fad0e412 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -11,6 +11,7 @@ ver. 0.7.6 (200?/??/??) - ???
 ----------
 - Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
 - Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
+- Use numeric output for iptables in "actioncheck"
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index 27809e13..d9be0202 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -27,7 +27,7 @@ actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
 # Notes.:  command executed once before each fwban command
 # Values:  CMD
 #
-actioncheck = iptables -L INPUT | grep -q fail2ban-<name>
+actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
 
 # Option:  fwban
 # Notes.:  command executed when banning an IP. Take care that the

From b8a522cf3f2fe4a2b73043703116101b53ab54d2 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 15 Dec 2006 23:02:12 +0000
Subject: [PATCH 05/24] - Added protocol output for Mediawiki

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@490 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 common/protocol.py | 51 +++++++++++++++++++++++++++++++++++-----------
 1 file changed, 39 insertions(+), 12 deletions(-)

diff --git a/common/protocol.py b/common/protocol.py
index 01c0c984..e53d121b 100644
--- a/common/protocol.py
+++ b/common/protocol.py
@@ -30,19 +30,23 @@ import textwrap
 # Describes the protocol used to communicate with the server.
 
 protocol = [
+['', "Basic", ""],
 ["start", "starts the server and the jails"], 
 ["reload", "reloads the configuration"], 
 ["stop", "stops all jails and terminate the server"], 
 ["status", "gets the current status of the server"], 
 ["ping", "tests if the server is alive"], 
-['', ''], 
+['', "Logging", ""],
 ["set loglevel <LEVEL>", "sets logging level to <LEVEL>. 0 is minimal, 4 is debug"], 
 ["get loglevel", "gets the logging level"], 
 ["set logtarget <TARGET>", "sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file"], 
 ["get logtarget", "gets logging target"], 
-['', ''], 
+['', "Jail control", ""],
 ["add <JAIL> <BACKEND>", "creates <JAIL> using <BACKEND>"], 
-['', ''], 
+["start <JAIL>", "starts the jail <JAIL>"], 
+["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"], 
+["status <JAIL>", "gets the current status of <JAIL>"],
+['', "Jail configuration", ""],
 ["set <JAIL> idle on|off", "sets the idle state of <JAIL>"], 
 ["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"], 
 ["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"], 
@@ -64,7 +68,7 @@ protocol = [
 ["set <JAIL> actioncheck <ACT> <CMD>", "sets the check command <CMD> of the action <ACT> for <JAIL>"], 
 ["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"],
 ["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"], 
-['', ''], 
+['', "Jail information", ""],
 ["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
 ["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
 ["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"],
@@ -80,10 +84,6 @@ protocol = [
 ["get <JAIL> actioncheck <ACT>", "gets the check command for the action <ACT> for <JAIL>"],
 ["get <JAIL> actionban <ACT>", "gets the ban command for the action <ACT> for <JAIL>"],
 ["get <JAIL> actionunban <ACT>", "gets the unban command for the action <ACT> for <JAIL>"],
-['', ''], 
-["start <JAIL>", "starts the jail <JAIL>"], 
-["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"], 
-["status <JAIL>", "gets the current status of <JAIL>"]
 ]
 
 ##
@@ -94,14 +94,41 @@ def printFormatted():
 	INDENT=4
 	MARGIN=41
 	WIDTH=34
+	firstHeading = False
 	for m in protocol:
-		if m[0] == '':
+		if m[0] == '' and firstHeading:
 			print
+		firstHeading = True
 		first = True
 		for n in textwrap.wrap(m[1], WIDTH):
 			if first:
-				n = ' ' * INDENT + m[0] + ' ' * (MARGIN - len(m[0])) + n
+				line = ' ' * INDENT + m[0] + ' ' * (MARGIN - len(m[0])) + n
 				first = False
 			else:
-				n = ' ' * (INDENT + MARGIN) + n
-			print n
+				line = ' ' * (INDENT + MARGIN) + n
+			print line
+
+##
+# Prints the protocol in a "mediawiki" format.
+
+def printWiki():
+	firstHeading = False
+	for m in protocol:
+		if m[0] == '':
+			if firstHeading:
+				print "|}"
+			__printWikiHeader(m[1], m[2])
+			firstHeading = True
+		else:
+			print "|-"
+			print "| <span style=\"white-space:nowrap;\"><tt>" + m[0] + "</tt></span> || || " + m[1]
+	print "|}"
+
+def __printWikiHeader(section, desc):
+	print
+	print "=== " + section + " ==="
+	print
+	print desc
+	print
+	print "{|"
+	print "| '''Command''' || || '''Description'''"

From b02394fd23176f94d95ca9e7fdd175546fbbe004 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 17 Dec 2006 22:32:40 +0000
Subject: [PATCH 06/24] - Fixed restart. Wait for the server to shutdown

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@491 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 files/gentoo-initd | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/files/gentoo-initd b/files/gentoo-initd
index 60ce443d..64a2105c 100755
--- a/files/gentoo-initd
+++ b/files/gentoo-initd
@@ -17,7 +17,7 @@
 #
 # Author: Sireyessire, Cyril Jaquier
 # 
-# $Revision: 1.2 $
+# $Revision$
 
 opts="start stop restart reload showlog"
 
@@ -41,6 +41,32 @@ stop() {
 	eend $? "Failed to stop fail2ban"
 }
 
+restart() {
+    if ! service_stopped "${SVCNAME}" ; then
+            svc_stop || return "$?"
+            einfon "Waiting for server to shutdown ."
+			cnt=0
+			while [ 1 ]; do
+				# Ping fail2ban-server
+				${FAIL2BAN} ping &> /dev/null
+				if [ ! "$?" == "0" ]; then
+					break
+				fi
+				cnt=`expr $cnt + 1`
+				if [ $cnt -gt 60 ] ; then
+					# We have waited 1 minute. Failed
+					echo
+					eend 1 "Failed"
+					break
+				fi
+				sleep 1
+				echo -n "."
+			done
+			echo
+    fi
+    svc_start
+}
+
 reload() {
 	ebegin "Reloading fail2ban"
 	${FAIL2BAN} reload > /dev/null

From 5dd2c5162ef42bad3b1403b1c0a24d8b734a717e Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 18 Dec 2006 22:30:30 +0000
Subject: [PATCH 07/24] - Reset logging handlers only if new handler succeeds

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@493 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 server/server.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/server/server.py b/server/server.py
index 13d57669..c71708d7 100644
--- a/server/server.py
+++ b/server/server.py
@@ -300,14 +300,18 @@ class Server:
 		finally:
 			self.__loggingLock.release()
 	
+	##
+	# Sets the logging target.
+	#
+	# target can be a file, SYSLOG, STDOUT or STDERR.
+	# @param target the logging target
+	
 	def setLogTarget(self, target):
 		try:
 			self.__loggingLock.acquire()
-			# Remove previous handler
-			logging.getLogger("fail2ban").handlers = []
 			if target == "SYSLOG":
 				facility = logging.handlers.SysLogHandler.LOG_DAEMON
-				hdlr = logging.handlers.SysLogHandler("/dev/log",
+				hdlr = logging.handlers.SysLogHandler("/dev/log", 
 													  facility = facility)
 			elif target == "STDOUT":
 				hdlr = logging.StreamHandler(sys.stdout)
@@ -320,8 +324,11 @@ class Server:
 					hdlr = logging.FileHandler(target)
 				except IOError:
 					logSys.error("Unable to log to " + target)
+					logSys.info("Logging to previous target " + self.__logTarget)
 					return False
 			self.__logTarget = target
+			# Remove previous handler
+			logging.getLogger("fail2ban").handlers = []
 			# set a format which is simpler for console use
 			formatter = logging.Formatter("%(asctime)s %(name)-16s: %(levelname)-6s %(message)s")
 			# tell the handler to use this format

From 0c40adda4bd6e980071258f3a468131d495fc3d1 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 18 Dec 2006 22:33:01 +0000
Subject: [PATCH 08/24] - Fixed some comments

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@494 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/action.d/dummy.conf      | 12 ++++++------
 config/action.d/hostsdeny.conf  | 12 ++++++------
 config/action.d/ipfw.conf       | 16 ++++++++--------
 config/action.d/iptables.conf   | 12 ++++++------
 config/action.d/mail-whois.conf | 12 ++++++------
 config/action.d/mail.conf       | 12 ++++++------
 config/action.d/shorewall.conf  | 12 ++++++------
 config/fail2ban.conf            |  5 +++--
 config/jail.conf                | 19 +++++++++++++++----
 9 files changed, 62 insertions(+), 50 deletions(-)

diff --git a/config/action.d/dummy.conf b/config/action.d/dummy.conf
index 5737c372..cc729fdd 100644
--- a/config/action.d/dummy.conf
+++ b/config/action.d/dummy.conf
@@ -7,26 +7,26 @@
 
 [Definition]
 
-# Option:  fwstart
+# Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = touch /tmp/fail2ban.dummy
               echo "<init>" >> /tmp/fail2ban.dummy
 
-# Option:  fwend
+# Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = rm -f /tmp/fail2ban.dummy
 
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 
-# Option:  fwban
+# Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@@ -36,7 +36,7 @@ actioncheck =
 #
 actionban = echo "+<ip>" >> /tmp/fail2ban.dummy
 
-# Option:  fwunban
+# Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf
index 7f63ff9b..784fddc5 100644
--- a/config/action.d/hostsdeny.conf
+++ b/config/action.d/hostsdeny.conf
@@ -7,25 +7,25 @@
 
 [Definition]
 
-# Option:  fwstart
+# Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = touch <tmpfile>
 
-# Option:  fwend
+# Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = rm -f <tmpfile>
 
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 
-# Option:  fwban
+# Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@@ -36,7 +36,7 @@ actioncheck =
 actionban = IP=<ip> &&
             echo "ALL: $IP" >> <file>
 
-# Option:  fwunban
+# Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf
index 1828eef9..5ae00cae 100644
--- a/config/action.d/ipfw.conf
+++ b/config/action.d/ipfw.conf
@@ -8,28 +8,28 @@
 
 [Definition]
 
-# Option:  fwstart
+# Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = 
 
 
-# Option:  fwend
+# Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = 
 
 
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 
 
-# Option:  fwban
+# Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@@ -37,10 +37,10 @@ actioncheck =
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = ipfw add deny tcp from <ip> to <localhost> <port>
+actionban = ipaction add deny tcp from <ip> to <localhost> <port>
 
 
-# Option:  fwunban
+# Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@@ -48,7 +48,7 @@ actionban = ipfw add deny tcp from <ip> to <localhost> <port>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = ipfw delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
+actionunban = ipaction delete `ipfw list | grep -i <ip> | awk '{print $1;}'`
 
 [Init]
 
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index d9be0202..de3646f6 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -7,7 +7,7 @@
 
 [Definition]
 
-# Option:  fwstart
+# Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
@@ -15,7 +15,7 @@ actionstart = iptables -N fail2ban-<name>
               iptables -A fail2ban-<name> -j RETURN
               iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
 
-# Option:  fwend
+# Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
@@ -23,13 +23,13 @@ actionstop = iptables -D INPUT -p <protocol> --dport <port> -j fail2ban-<name>
              iptables -F fail2ban-<name>
              iptables -X fail2ban-<name>
 
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
 
-# Option:  fwban
+# Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@@ -39,7 +39,7 @@ actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
 #
 actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
-# Option:  fwunban
+# Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
index fdff74af..6055d98b 100644
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@@ -7,7 +7,7 @@
 
 [Definition]
 
-# Option:  fwstart
+# Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
@@ -16,7 +16,7 @@ actionstart = echo -en "Hi,\n
               Regards,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
 
-# Option:  fwend
+# Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
@@ -25,13 +25,13 @@ actionstop = echo -en "Hi,\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
 
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 
-# Option:  fwban
+# Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@@ -47,7 +47,7 @@ actionban = echo -en "Hi,\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
 
-# Option:  fwunban
+# Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
index c33487b8..61522b27 100644
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@@ -7,7 +7,7 @@
 
 [Definition]
 
-# Option:  fwstart
+# Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
@@ -16,7 +16,7 @@ actionstart = echo -en "Hi,\n
               Regards,\n
               Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
 
-# Option:  fwend
+# Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
@@ -25,13 +25,13 @@ actionstop = echo -en "Hi,\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: stopped" <dest>
 
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 
-# Option:  fwban
+# Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@@ -45,7 +45,7 @@ actionban = echo -en "Hi,\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip>" <dest>
 
-# Option:  fwunban
+# Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf
index f0da70ee..446c8a4b 100644
--- a/config/action.d/shorewall.conf
+++ b/config/action.d/shorewall.conf
@@ -7,25 +7,25 @@
 
 [Definition]
 
-# Option:  fwstart
+# Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = 
 
-# Option:  fwend
+# Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = 
 
-# Option:  fwcheck
-# Notes.:  command executed once before each fwban command
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 
-# Option:  fwban
+# Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
@@ -35,7 +35,7 @@ actioncheck =
 #
 actionban = shorewall reject <ip>
 
-# Option:  fwunban
+# Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
diff --git a/config/fail2ban.conf b/config/fail2ban.conf
index 518c2ff4..8001285d 100644
--- a/config/fail2ban.conf
+++ b/config/fail2ban.conf
@@ -25,8 +25,9 @@ loglevel = 3
 logtarget = /var/log/fail2ban.log
 
 # Option: socket
-# Notes.: Set the socket file. This is used to communication with the
-#         daemon.
+# Notes.: Set the socket file. This is used to communicate with the daemon. Do
+#         not remove this file when Fail2ban runs. It will not be possible to
+#         communicate with the server afterwards.
 # Values: FILE  Default:  /tmp/fail2ban.sock
 #
 socket = /tmp/fail2ban.sock
diff --git a/config/jail.conf b/config/jail.conf
index 15befe5b..b3985363 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -10,18 +10,29 @@
 
 [DEFAULT]
 
-# "ignoreip" can be an IP address, a CIDR mask or a DNS host.
+# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
+# ban a host which matches an address in this list. Several addresses can be
+# defined using space separator.
 ignoreip = 127.0.0.1
+
 # "bantime" is the number of seconds that a host is banned.
 bantime  = 600
-# A host is banned if it has generated "maxretry" during the
-# last "findtime" seconds.
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
 findtime  = 600
+
 # "maxretry" is the number of failures before a host get banned.
 maxretry = 3
 
 # "backend" specifies the backend used to get files modification. Available
-# options are "gamin", "polling" and "auto".
+# options are "gamin", "polling" and "auto". This option can be overridden in
+# each jail too (use "gamin" for a jail and "polling" for another).
+#
+# gamin:   requires Gamin (a file alteration monitor) to be installed. If Gamin
+#          is not installed, Fail2ban will use polling.
+# polling: uses a polling algorithm which does not require external libraries.
+# auto:    will choose Gamin if available and polling otherwise.
 backend = auto
 
 

From 840b9fff0f3707d2c529f1136fbc1eca1aba0c84 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 18 Dec 2006 22:35:34 +0000
Subject: [PATCH 09/24] - Fixed some comments

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@495 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/filter.d/apache-auth.conf     | 3 ++-
 config/filter.d/apache-noscript.conf | 3 ++-
 config/filter.d/courierlogin.conf    | 3 ++-
 config/filter.d/couriersmtp.conf     | 3 ++-
 config/filter.d/postfix.conf         | 3 ++-
 config/filter.d/proftpd.conf         | 3 ++-
 config/filter.d/qmail.conf           | 3 ++-
 config/filter.d/sasl.conf            | 3 ++-
 config/filter.d/sshd.conf            | 3 ++-
 config/filter.d/vsftpd.conf          | 3 ++-
 10 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf
index 501e3d68..87d6edef 100644
--- a/config/filter.d/apache-auth.conf
+++ b/config/filter.d/apache-auth.conf
@@ -10,7 +10,8 @@
 # Option:  failregex
 # Notes.:  regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 failregex = [[]client <HOST>[]] user .*(?:: authentication failure|not found)
diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf
index 45366867..280f72b9 100644
--- a/config/filter.d/apache-noscript.conf
+++ b/config/filter.d/apache-noscript.conf
@@ -10,7 +10,8 @@
 # Option:  failregex
 # Notes.:  regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 failregex = [[]client <HOST>[]] File does not exist: .*(\.php|\.asp)
diff --git a/config/filter.d/courierlogin.conf b/config/filter.d/courierlogin.conf
index 0e6b7a11..90e55ce2 100644
--- a/config/filter.d/courierlogin.conf
+++ b/config/filter.d/courierlogin.conf
@@ -11,7 +11,8 @@
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 failregex = LOGIN FAILED, ip=\[<HOST>\]$
diff --git a/config/filter.d/couriersmtp.conf b/config/filter.d/couriersmtp.conf
index d67a61ea..b695a707 100644
--- a/config/filter.d/couriersmtp.conf
+++ b/config/filter.d/couriersmtp.conf
@@ -10,7 +10,8 @@
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 failregex = error,relay=<HOST>,.*550 User unknown
diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf
index a0e0a974..90b19d55 100644
--- a/config/filter.d/postfix.conf
+++ b/config/filter.d/postfix.conf
@@ -10,7 +10,8 @@
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 failregex = reject: RCPT from (.*)\[<HOST>\]: 554
diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf
index 28921a01..65ff59b7 100644
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@@ -10,7 +10,8 @@
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
 failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
diff --git a/config/filter.d/qmail.conf b/config/filter.d/qmail.conf
index 3e4ae215..854d4ee2 100644
--- a/config/filter.d/qmail.conf
+++ b/config/filter.d/qmail.conf
@@ -10,7 +10,8 @@
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST>
diff --git a/config/filter.d/sasl.conf b/config/filter.d/sasl.conf
index 3602b594..ad4fe463 100644
--- a/config/filter.d/sasl.conf
+++ b/config/filter.d/sasl.conf
@@ -10,7 +10,8 @@
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
 failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 3c2c5db6..9659fa16 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -10,7 +10,8 @@
 # Option:  failregex
 # Notes.:  regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
diff --git a/config/filter.d/vsftpd.conf b/config/filter.d/vsftpd.conf
index 384fa36b..4955fcfc 100644
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@@ -10,7 +10,8 @@
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching.
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
 failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>

From 2e197487a2195176f6d9ded8e5b2a33986d44ce1 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 19 Dec 2006 21:51:14 +0000
Subject: [PATCH 10/24] =?UTF-8?q?-=20Fixed=20removal=20of=20host=20in=20ho?=
 =?UTF-8?q?sts.deny.=20Thanks=20to=20Ren=C3=A9=20Berber?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@496 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG                      |  1 +
 README                         |  3 ++-
 config/action.d/hostsdeny.conf | 11 +----------
 3 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index fad0e412..c29412b3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,7 @@ ver. 0.7.6 (200?/??/??) - ???
 - Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
 - Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
 - Use numeric output for iptables in "actioncheck"
+- Fixed removal of host in hosts.deny. Thanks to René Berber
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
diff --git a/README b/README
index 0dedd93a..911ba62e 100644
--- a/README
+++ b/README
@@ -72,7 +72,8 @@ Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
 Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
 Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
 Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
-Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand
+Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
+René Berber
 
 License:
 --------
diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf
index 784fddc5..3282a4cb 100644
--- a/config/action.d/hostsdeny.conf
+++ b/config/action.d/hostsdeny.conf
@@ -44,9 +44,7 @@ actionban = IP=<ip> &&
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = IP=<ip> &&
-              grep -v "ALL: $IP" <file> > <tmpfile> &&
-              mv <tmpfile> <file>
+actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
 
 [Init]
 
@@ -55,10 +53,3 @@ actionunban = IP=<ip> &&
 # Values:  STR  Default:  /etc/hosts.deny
 #
 file = /etc/hosts.deny
-
-# Option:  file
-# Notes.:  hosts.deny temporary file path.
-# Values:  STR  Default:  /etc/hostsdeny.failban
-#
-tmpfile = /tmp/hosts.deny.tmp
-

From 1ac00d062a3736d1d32b9b081604681dedecab07 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Dec 2006 09:48:49 +0000
Subject: [PATCH 11/24] - Regular expression should be more correct now

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@498 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/filter.d/courierlogin.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/filter.d/courierlogin.conf b/config/filter.d/courierlogin.conf
index 90e55ce2..e92301d7 100644
--- a/config/filter.d/courierlogin.conf
+++ b/config/filter.d/courierlogin.conf
@@ -15,7 +15,7 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = LOGIN FAILED, ip=\[<HOST>\]$
+failregex = LOGIN FAILED, .*, ip=\[<HOST>\]$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

From 3a344557ecbfdeb82e3f7ae7852b01bd72d37f02 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Dec 2006 09:49:19 +0000
Subject: [PATCH 12/24] - Exim4 filter. Thanks to mEDI

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@499 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/filter.d/exim.conf | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 config/filter.d/exim.conf

diff --git a/config/filter.d/exim.conf b/config/filter.d/exim.conf
new file mode 100644
index 00000000..564bb9a8
--- /dev/null
+++ b/config/filter.d/exim.conf
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision: 267 $
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = \[<HOST>\] .*(?:rejected by local_scan|Unrouteable address)
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 

From 812a47cc4a5693576fc92d70ac40a3c71940bc0b Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Dec 2006 09:50:03 +0000
Subject: [PATCH 13/24] - Added new date pattern (Exim4). Thanks to mEDI

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@500 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 server/datedetector.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/datedetector.py b/server/datedetector.py
index 1c886427..8c5f618a 100644
--- a/server/datedetector.py
+++ b/server/datedetector.py
@@ -66,6 +66,12 @@ class DateDetector:
 		template.setRegex("\d{2}/\S{3}/\d{4}:\d{2}:\d{2}:\d{2}")
 		template.setPattern("%d/%b/%Y:%H:%M:%S")
 		self.__templates.append(template)
+		# Exim 2006-12-21 06:43:20
+		template = DateStrptime()
+		template.setName("Year-Month-Day Hour:Minute:Second")
+		template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
+		template.setPattern("%Y-%m-%d %H:%M:%S")
+		self.__templates.append(template)
 		# TAI64N
 		template = DateTai64n()
 		template.setName("TAI64N")

From 071474089bdb9ccb28f7b4a02402a09957ef8670 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Dec 2006 09:50:51 +0000
Subject: [PATCH 14/24] - Improved regular expression checking

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@501 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 server/filter.py | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/server/filter.py b/server/filter.py
index f19cf732..7b17397b 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -435,10 +435,18 @@ class Filter(JailThread):
 							 + "this format")
 			else:
 				try:
-					ipMatch = DNSUtils.textToIp(match.group("host"))
-					if ipMatch:
-						for ip in ipMatch:
-							failList.append([ip, date])
+					matchGroup = match.group("host")
+					# For strange reasons, match.group can return None with some
+					# regular expressions. However, these expressions can be
+					# compiled successfully.
+					if matchGroup == None:
+						logSys.error("Unexpected error. Please correct your "
+									 + "configuration.")
+					else:
+						ipMatch = DNSUtils.textToIp(match.group("host"))
+						if ipMatch:
+							for ip in ipMatch:
+								failList.append([ip, date])
 				except IndexError:
 					logSys.error("There is no 'host' group in the rule. " +
 								 "Please correct your configuration.")

From 34a48157dccde2509de922675fa2d190e18e6370 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Dec 2006 09:51:41 +0000
Subject: [PATCH 15/24] - Updated

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@502 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG | 3 +++
 README    | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index c29412b3..75540cfe 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,9 @@ ver. 0.7.6 (200?/??/??) - ???
 - Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
 - Use numeric output for iptables in "actioncheck"
 - Fixed removal of host in hosts.deny. Thanks to René Berber
+- Added new date format (2006-12-21 06:43:20) and Exim4
+  filter. Thanks to mEDI
+- Improved regular expression checking a bit
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
diff --git a/README b/README
index 911ba62e..db025b72 100644
--- a/README
+++ b/README
@@ -73,7 +73,7 @@ Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
 Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
 Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
 Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
-René Berber
+René Berber, mEDI
 
 License:
 --------

From 0f31cc0feb1a393452664aff83c596f139185b52 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Dec 2006 16:31:00 +0000
Subject: [PATCH 16/24] - Added support for several "failregex" and
 "ignoreregex". This should simplify the configuration files. - Configuration
 files are backward-compatible but need to be updated in order to take
 advantage of this feature.

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@503 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG                   |   3 +-
 MANIFEST                    |   2 +
 client/beautifier.py        |  13 +++-
 client/filterreader.py      |   6 +-
 common/protocol.py          |  10 +--
 fail2ban-regex              |  14 ++--
 man/fail2ban-client.1       |  61 +++++++++++------
 man/fail2ban-regex.1        |   4 +-
 man/fail2ban-server.1       |   4 +-
 server/failregex.py         |  62 +++++++++++++++++
 server/filter.py            | 129 ++++++++++++++++++------------------
 server/regex.py             |  88 ++++++++++++++++++++++++
 server/server.py            |  14 ++--
 server/transmitter.py       |  16 +++--
 testcases/filtertestcase.py |  41 ++++++++++--
 15 files changed, 349 insertions(+), 118 deletions(-)
 create mode 100644 server/failregex.py
 create mode 100644 server/regex.py

diff --git a/CHANGELOG b/CHANGELOG
index 75540cfe..c9460d61 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -15,7 +15,8 @@ ver. 0.7.6 (200?/??/??) - ???
 - Fixed removal of host in hosts.deny. Thanks to René Berber
 - Added new date format (2006-12-21 06:43:20) and Exim4
   filter. Thanks to mEDI
-- Improved regular expression checking a bit
+- Several "failregex" and "ignoreregex" are now accepted.
+  Creation of rules should be easier now.
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
diff --git a/MANIFEST b/MANIFEST
index db392e40..9908c9f1 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -39,6 +39,8 @@ server/dateepoch.py
 server/banmanager.py
 server/datetemplate.py
 server/mytime.py
+server/regex.py
+server/failregex.py
 testcases/banmanagertestcase.py
 testcases/failmanagertestcase.py
 testcases/clientreadertestcase.py
diff --git a/client/beautifier.py b/client/beautifier.py
index 2ef8d515..abe562a6 100644
--- a/client/beautifier.py
+++ b/client/beautifier.py
@@ -109,7 +109,18 @@ class Beautifier:
 					msg = "These IP addresses/networks are ignored:\n"
 					for ip in response[:-1]:
 						msg = msg + "|- " + ip + "\n"
-					msg = msg + "`- " + response[len(response)-1]				
+					msg = msg + "`- " + response[len(response)-1]
+			elif inC[2] in ("failregex", "addfailregex", "delfailregex",
+							"ignoreregex", "addignoreregex", "delignoreregex"):
+				if len(response) == 0:
+					msg = "No regular expression is defined"
+				else:
+					msg = "The following regular expression are defined:\n"
+					c = 0
+					for ip in response[:-1]:
+						msg = msg + "|- [" + str(c) + "]: " + ip + "\n"
+						c += 1
+					msg = msg + "`- [" + str(c) + "]: " + response[len(response)-1]
 		except Exception:
 			logSys.warn("Beautifier error. Please report the error")
 			logSys.error("Beautify " + `response` + " with " + `self.__inputCmd` +
diff --git a/client/filterreader.py b/client/filterreader.py
index 14ffbb91..30cca818 100644
--- a/client/filterreader.py
+++ b/client/filterreader.py
@@ -67,8 +67,10 @@ class FilterReader(ConfigReader):
 			elif opt == "timepattern":
 				stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
 			elif opt == "failregex":
-				stream.append(["set", self.__name, "failregex", self.__opts[opt]])
+				for regex in self.__opts[opt].split('\n'):
+					stream.append(["set", self.__name, "addfailregex", regex])
 			elif opt == "ignoreregex":
-				stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])		
+				for regex in self.__opts[opt].split('\n'):
+					stream.append(["set", self.__name, "addignoreregex", regex])		
 		return stream
 		
\ No newline at end of file
diff --git a/common/protocol.py b/common/protocol.py
index e53d121b..d9312f9b 100644
--- a/common/protocol.py
+++ b/common/protocol.py
@@ -54,8 +54,10 @@ protocol = [
 ["set <JAIL> dellogpath <FILE>", "removes <FILE> to the monitoring list of <JAIL>"], 
 ["set <JAIL> timeregex <REGEX>", "sets the regular expression <REGEX> to match the date format for <JAIL>. This will disable the autodetection feature."], 
 ["set <JAIL> timepattern <PATTERN>", "sets the pattern <PATTERN> to match the date format for <JAIL>. This will disable the autodetection feature."], 
-["set <JAIL> failregex <REGEX>", "sets the regular expression <REGEX> which must match failures for <JAIL>"], 
-["set <JAIL> ignoreregex <REGEX>", "sets the regular expression <REGEX> which should match pattern to exclude for <JAIL>"], 
+["set <JAIL> addfailregex <REGEX>", "adds the regular expression <REGEX> which must match failures for <JAIL>"], 
+["set <JAIL> delfailregex <INDEX>", "removes the regular expression at <INDEX> for failregex"], 
+["set <JAIL> addignoreregex <REGEX>", "adds the regular expression <REGEX> which should match pattern to exclude for <JAIL>"],
+["set <JAIL> delignoreregex <INDEX>", "removes the regular expression at <INDEX> for ignoreregex"], 
 ["set <JAIL> findtime <TIME>", "sets the number of seconds <TIME> for which the filter will look back for <JAIL>"], 
 ["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"], 
 ["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"], 
@@ -73,8 +75,8 @@ protocol = [
 ["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
 ["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"],
 ["get <JAIL> timepattern", "gets the pattern used for the time detection for <JAIL>"],
-["get <JAIL> failregex", "gets the regular expression which matches the failures for <JAIL>"],
-["get <JAIL> ignoreregex", "gets the regular expression which matches patterns to ignore for <JAIL>"],
+["get <JAIL> failregex", "gets the list of regular expressions which matches the failures for <JAIL>"],
+["get <JAIL> ignoreregex", "gets the list of regular expressions which matches patterns to ignore for <JAIL>"],
 ["get <JAIL> findtime", "gets the time for which the filter will look back for failures for <JAIL>"],
 ["get <JAIL> bantime", "gets the time a host is banned for <JAIL>"],
 ["get <JAIL> maxretry", "gets the number of failures allowed for <JAIL>"],
diff --git a/fail2ban-regex b/fail2ban-regex
index 6f4849ad..dc497e0a 100755
--- a/fail2ban-regex
+++ b/fail2ban-regex
@@ -33,6 +33,7 @@ sys.path.insert(1, "/usr/lib/fail2ban")
 
 from common.version import version
 from server.filter import Filter
+from server.regex import RegexException
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.regex")
@@ -83,17 +84,17 @@ class Fail2banRegex:
 	 			self.dispVersion()
 	 			sys.exit(0)
 	
-	def setRegex(self, value):
-		print
-		self.__filter.setFailRegex(value)
-	
-	def testRegex(self, line):
+	def testRegex(self, line, regex):
 		print
 		try:
 			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
+			self.__filter.addFailRegex(regex)
 			ret = self.__filter.findFailure(line)
 			print
 			logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
+		except RegexException, e:
+			print e
+			return False
 		except IndexError:
 			print "Sorry, but no <host> found in regex"
 			return False
@@ -156,8 +157,7 @@ if __name__ == "__main__":
 		regex.dispUsage()
 		sys.exit(-1)
 	else:
-		regex.setRegex(sys.argv[2])
-		ret = regex.testRegex(sys.argv[1])
+		ret = regex.testRegex(sys.argv[1], sys.argv[2])
 		if ret:
 			sys.exit(0)
 		else:
diff --git a/man/fail2ban-client.1 b/man/fail2ban-client.1
index d52e990a..b905634d 100644
--- a/man/fail2ban-client.1
+++ b/man/fail2ban-client.1
@@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-CLIENT "1" "December 2006" "fail2ban-client v0.7.4-SVN" "User Commands"
+.TH FAIL2BAN-CLIENT "1" "December 2006" "fail2ban-client v0.7.5-SVN" "User Commands"
 .SH NAME
 fail2ban-client \- configure and control the server
 .SH SYNOPSIS
 .B fail2ban-client
 [\fIOPTIONS\fR]... \fI<COMMAND>\fR
 .SH DESCRIPTION
-Fail2Ban v0.7.4\-SVN reads log file that contains password failure report
+Fail2Ban v0.7.5\-SVN reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .SH OPTIONS
 .TP
@@ -37,6 +37,8 @@ display this help message
 \fB\-V\fR, \fB\-\-version\fR
 print the version
 .SH COMMAND
+.IP
+Basic
 .TP
 \fBstart\fR
 starts the server and the jails
@@ -54,6 +56,8 @@ server
 .TP
 \fBping\fR
 tests if the server is alive
+.IP
+Logging
 .TP
 \fBset loglevel <LEVEL>\fR
 sets logging level to <LEVEL>. 0
@@ -69,10 +73,24 @@ file
 .TP
 \fBget logtarget\fR
 gets logging target
+.IP
+Jail control
 .TP
 \fBadd <JAIL> <BACKEND>\fR
 creates <JAIL> using <BACKEND>
 .TP
+\fBstart <JAIL>\fR
+starts the jail <JAIL>
+.TP
+\fBstop <JAIL>\fR
+stops the jail <JAIL>. The jail is
+removed
+.TP
+\fBstatus <JAIL>\fR
+gets the current status of <JAIL>
+.IP
+Jail configuration
+.TP
 \fBset <JAIL> idle on|off\fR
 sets the idle state of <JAIL>
 .TP
@@ -104,16 +122,24 @@ match the date format for <JAIL>.
 This will disable the
 autodetection feature.
 .TP
-\fBset <JAIL> failregex <REGEX>\fR
-sets the regular expression
+\fBset <JAIL> addfailregex <REGEX>\fR
+adds the regular expression
 <REGEX> which must match failures
 for <JAIL>
 .TP
-\fBset <JAIL> ignoreregex <REGEX>\fR
-sets the regular expression
+\fBset <JAIL> delfailregex <INDEX>\fR
+removes the regular expression at
+<INDEX> for failregex
+.TP
+\fBset <JAIL> addignoreregex <REGEX>\fR
+adds the regular expression
 <REGEX> which should match pattern
 to exclude for <JAIL>
 .TP
+\fBset <JAIL> delignoreregex <INDEX>\fR
+removes the regular expression at
+<INDEX> for ignoreregex
+.TP
 \fBset <JAIL> findtime <TIME>\fR
 sets the number of seconds <TIME>
 for which the filter will look
@@ -163,6 +189,8 @@ action <ACT> for <JAIL>
 \fBset <JAIL> actionunban <ACT> <CMD>\fR
 sets the unban command <CMD> of
 the action <ACT> for <JAIL>
+.IP
+Jail information
 .TP
 \fBget <JAIL> logpath\fR
 gets the list of the monitored
@@ -181,13 +209,14 @@ gets the pattern used for the time
 detection for <JAIL>
 .TP
 \fBget <JAIL> failregex\fR
-gets the regular expression which
-matches the failures for <JAIL>
+gets the list of regular
+expressions which matches the
+failures for <JAIL>
 .TP
 \fBget <JAIL> ignoreregex\fR
-gets the regular expression which
-matches patterns to ignore for
-<JAIL>
+gets the list of regular
+expressions which matches patterns
+to ignore for <JAIL>
 .TP
 \fBget <JAIL> findtime\fR
 gets the time for which the filter
@@ -225,16 +254,6 @@ action <ACT> for <JAIL>
 \fBget <JAIL> actionunban <ACT>\fR
 gets the unban command for the
 action <ACT> for <JAIL>
-.TP
-\fBstart <JAIL>\fR
-starts the jail <JAIL>
-.TP
-\fBstop <JAIL>\fR
-stops the jail <JAIL>. The jail is
-removed
-.TP
-\fBstatus <JAIL>\fR
-gets the current status of <JAIL>
 .SH FILES
 \fI/etc/fail2ban/*\fR
 .SH AUTHOR
diff --git a/man/fail2ban-regex.1 b/man/fail2ban-regex.1
index e122b7a8..a1352142 100644
--- a/man/fail2ban-regex.1
+++ b/man/fail2ban-regex.1
@@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-REGEX "1" "December 2006" "fail2ban-regex v0.7.4-SVN" "User Commands"
+.TH FAIL2BAN-REGEX "1" "December 2006" "fail2ban-regex v0.7.5-SVN" "User Commands"
 .SH NAME
 fail2ban-regex \- test Fail2ban "failregex" option
 .SH SYNOPSIS
 .B fail2ban-regex
 \fI<logline> <failregex>\fR
 .SH DESCRIPTION
-Fail2Ban v0.7.4\-SVN reads log file that contains password failure report
+Fail2Ban v0.7.5\-SVN reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 This tools can test and benchmark your regular expressions for the "failregex"
diff --git a/man/fail2ban-server.1 b/man/fail2ban-server.1
index 415d6155..d58ba373 100644
--- a/man/fail2ban-server.1
+++ b/man/fail2ban-server.1
@@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-SERVER "1" "December 2006" "fail2ban-server v0.7.4-SVN" "User Commands"
+.TH FAIL2BAN-SERVER "1" "December 2006" "fail2ban-server v0.7.5-SVN" "User Commands"
 .SH NAME
 fail2ban-server \- start the server
 .SH SYNOPSIS
 .B fail2ban-server
 [\fIOPTIONS\fR]
 .SH DESCRIPTION
-Fail2Ban v0.7.4\-SVN reads log file that contains password failure report
+Fail2Ban v0.7.5\-SVN reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 Only use this command for debugging purpose. Start the server with
diff --git a/server/failregex.py b/server/failregex.py
new file mode 100644
index 00000000..275380b9
--- /dev/null
+++ b/server/failregex.py
@@ -0,0 +1,62 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+from regex import Regex, RegexException
+
+##
+# Regular expression class.
+#
+# This class represents a regular expression with its compiled version.
+
+class FailRegex(Regex):
+
+	##
+	# Constructor.
+	#
+	# Creates a new object. This method can throw RegexException in order to
+	# avoid construction of invalid object.
+	# @param value the regular expression
+	
+	def __init__(self, value):
+		# Replace "<HOST>" with default regular expression for host.
+		regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+		# Initializes the parent.
+		Regex.__init__(self, regex)
+		# Check for group "host"
+		if "host" not in self._regexObj.groupindex:
+			raise RegexException("No 'host' group in '%s'" % self._regex)
+	
+	##
+	# Returns the matched host.
+	#
+	# This corresponds to the pattern matched by the named group "host".
+	# @return the matched host
+	
+	def getHost(self):
+		host = self._matchCache.group("host")
+		if host == None:
+			raise RegexException("Unexpected error. Please check your regex")
+		return host
diff --git a/server/filter.py b/server/filter.py
index 7b17397b..4736ff92 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -29,8 +29,10 @@ from failticket import FailTicket
 from jailthread import JailThread
 from datedetector import DateDetector
 from mytime import MyTime
+from regex import Regex, RegexException
+from failregex import FailRegex
 
-import logging, re, sre_constants
+import logging, re
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.filter")
@@ -61,12 +63,10 @@ class Filter(JailThread):
 		self.__crtFilename = None
 		## The log file path.
 		self.__logPath = []
-		## The regular expression matching the failure.
-		self.__failRegex = ''
-		self.__failRegexObj = None
-		## The regular expression with expression to ignore.
-		self.__ignoreRegex = ''
-		self.__ignoreRegexObj = None
+		## The regular expression list matching the failures.
+		self.__failRegex = list()
+		## The regular expression list with expressions to ignore.
+		self.__ignoreRegex = list()
 		## The amount of time to look back.
 		self.__findTime = 6000
 		## The ignore IP list.
@@ -158,26 +158,26 @@ class Filter(JailThread):
 		return self.dateDetector.getDefaultPattern()
 	
 	##
-	# Set the regular expression which matches the failure.
+	# Add a regular expression which matches the failure.
 	#
 	# The regular expression can also match any other pattern than failures
 	# and thus can be used for many purporse.
 	# @param value the regular expression
 	
-	def setFailRegex(self, value):
+	def addFailRegex(self, value):
 		try:
-			if value.lstrip() == '':
-				self.__failRegex = value
-				self.__failRegexObj = None
-			else:
-				# Replace "<HOST>" with default regular expression for host.
-				regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
-				self.__failRegex = regex
-				self.__failRegexObj = re.compile(regex)
-			logSys.info("Set failregex = %s" % self.__failRegex)
-		except sre_constants.error:
-			logSys.error("Unable to compile regular expression " +
-						self.__failRegex)
+			regex = FailRegex(value)
+			self.__failRegex.append(regex)
+		except RegexException, e:
+			logSys.error(e)
+	
+
+	def delFailRegex(self, index):
+		try:
+			del self.__failRegex[index]
+		except IndexError:
+			logSys.error("Cannot remove regular expression. Index %d is not "
+						 "valid" % index)
 	
 	##
 	# Get the regular expression which matches the failure.
@@ -185,25 +185,31 @@ class Filter(JailThread):
 	# @return the regular expression
 	
 	def getFailRegex(self):
-		return self.__failRegex
+		failRegex = list()
+		for regex in self.__failRegex:
+			failRegex.append(regex.getRegex())
+		return failRegex
 	
 	##
-	# Set the regular expression which matches the failure.
+	# Add the regular expression which matches the failure.
 	#
 	# The regular expression can also match any other pattern than failures
 	# and thus can be used for many purporse.
 	# @param value the regular expression
 	
-	def setIgnoreRegex(self, value):
+	def addIgnoreRegex(self, value):
 		try:
-			if value.lstrip() == '':
-				self.__ignoreRegexObj = None
-			else:
-				self.__ignoreRegexObj = re.compile(value)
-			self.__ignoreRegex = value
-			logSys.info("Set ignoreregex = %s" % value)
-		except sre_constants.error:
-			logSys.error("Unable to compile regular expression " + value)
+			regex = Regex(value)
+			self.__ignoreRegex.append(regex)
+		except RegexException, e:
+			logSys.error(e)
+	
+	def delIgnoreRegex(self, index):
+		try:
+			del self.__ignoreRegex[index]
+		except IndexError:
+			logSys.error("Cannot remove regular expression. Index %d is not "
+						 "valid" % index)
 	
 	##
 	# Get the regular expression which matches the failure.
@@ -211,7 +217,10 @@ class Filter(JailThread):
 	# @return the regular expression
 	
 	def getIgnoreRegex(self):
-		return self.__ignoreRegex
+		ignoreRegex = list()
+		for regex in self.__ignoreRegex:
+			ignoreRegex.append(regex.getRegex())
+		return ignoreRegex
 	
 	##
 	# Set the time needed to find a failure.
@@ -413,43 +422,35 @@ class Filter(JailThread):
 
 	def findFailure(self, line):
 		failList = list()
-		# Checks if failregex is defined.
-		if self.__failRegexObj == None:
-			logSys.error("No failregex is set")
-			return failList
-		# Checks if ignoreregex is defined.
-		if not self.__ignoreRegexObj == None:
-			match = self.__ignoreRegexObj.search(line)
-			if match:
+		# Checks if we must ignore this line.
+		for ignoreRegex in self.__ignoreRegex:
+			ignoreRegex.search(line)
+			if ignoreRegex.hasMatched():
 				# The ignoreregex matched. Return.
 				logSys.debug("Ignoring this line")
 				return failList
-		match = self.__failRegexObj.search(line)
-		if match:
-			# The failregex matched.
-			date = self.dateDetector.getUnixTime(match.string)
-			if date == None:
-				logSys.debug("Found a match but no valid date/time found "
-							 + "for " + match.string + ". Please contact "
-							 + "the author in order to get support for "
-							 + "this format")
-			else:
-				try:
-					matchGroup = match.group("host")
-					# For strange reasons, match.group can return None with some
-					# regular expressions. However, these expressions can be
-					# compiled successfully.
-					if matchGroup == None:
-						logSys.error("Unexpected error. Please correct your "
-									 + "configuration.")
-					else:
-						ipMatch = DNSUtils.textToIp(match.group("host"))
+		# Iterates over all the regular expressions.
+		for failRegex in self.__failRegex:
+			failRegex.search(line)
+			if failRegex.hasMatched():
+				# The failregex matched.
+				date = self.dateDetector.getUnixTime(line)
+				if date == None:
+					logSys.debug("Found a match but no valid date/time found "
+								 + "for " + line + ". Please contact the "
+								 + "author in order to get support for this "
+								 + "format")
+				else:
+					try:
+						host = failRegex.getHost()
+						ipMatch = DNSUtils.textToIp(host)
 						if ipMatch:
 							for ip in ipMatch:
 								failList.append([ip, date])
-				except IndexError:
-					logSys.error("There is no 'host' group in the rule. " +
-								 "Please correct your configuration.")
+							# We matched a regex, it is enough to stop.
+							break
+					except RegexException, e:
+						logSys.error(e)
 		return failList
 	
 
diff --git a/server/regex.py b/server/regex.py
new file mode 100644
index 00000000..c4e9c8ec
--- /dev/null
+++ b/server/regex.py
@@ -0,0 +1,88 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import re, sre_constants
+
+##
+# Regular expression class.
+#
+# This class represents a regular expression with its compiled version.
+
+class Regex:
+
+	##
+	# Constructor.
+	#
+	# Creates a new object. This method can throw RegexException in order to
+	# avoid construction of invalid object.
+	# @param value the regular expression
+	
+	def __init__(self, regex):
+		self._matchCache = None
+		try:
+			self._regexObj = re.compile(regex)
+			self._regex = regex
+		except sre_constants.error:
+			raise RegexException("Unable to compile regular expression '%s'" %
+								 regex)
+	
+	##
+	# Gets the regular expression.
+	#
+	# The effective regular expression used is returned.
+	# @return the regular expression
+	
+	def getRegex(self):
+		return self._regex
+	
+	##
+	# Searches the regular expression.
+	#
+	# Sets an internal cache (match object) in order to avoid searching for
+	# the pattern again. This method must be called before calling any other
+	# method of this object.
+	# @param value the line
+	
+	def search(self, value):
+		self._matchCache = self._regexObj.search(value)
+	
+	##
+	# Checks if the previous call to search() matched.
+	#
+	# @return True if a match was found, False otherwise
+	
+	def hasMatched(self):
+		if self._matchCache:
+			return True
+		else:
+			return False
+
+
+##
+# Exception dedicated to the class Regex.
+
+class RegexException(Exception):
+	pass
diff --git a/server/server.py b/server/server.py
index c71708d7..aa481045 100644
--- a/server/server.py
+++ b/server/server.py
@@ -165,14 +165,20 @@ class Server:
 	def getFindTime(self, name):
 		return self.__jails.getFilter(name).getFindTime()
 
-	def setFailRegex(self, name, value):
-		self.__jails.getFilter(name).setFailRegex(value)
+	def addFailRegex(self, name, value):
+		self.__jails.getFilter(name).addFailRegex(value)
+	
+	def delFailRegex(self, name, index):
+		self.__jails.getFilter(name).delFailRegex(index)
 	
 	def getFailRegex(self, name):
 		return self.__jails.getFilter(name).getFailRegex()
 	
-	def setIgnoreRegex(self, name, value):
-		self.__jails.getFilter(name).setIgnoreRegex(value)
+	def addIgnoreRegex(self, name, value):
+		self.__jails.getFilter(name).addIgnoreRegex(value)
+	
+	def delIgnoreRegex(self, name, index):
+		self.__jails.getFilter(name).delIgnoreRegex(index)
 	
 	def getIgnoreRegex(self, name):
 		return self.__jails.getFilter(name).getIgnoreRegex()
diff --git a/server/transmitter.py b/server/transmitter.py
index e08e40e0..98c55756 100644
--- a/server/transmitter.py
+++ b/server/transmitter.py
@@ -143,13 +143,21 @@ class Transmitter:
 			value = command[2]
 			self.__server.setTimePattern(name, value)
 			return self.__server.getTimePattern(name)
-		elif command[1] == "failregex":
+		elif command[1] == "addfailregex":
 			value = command[2]
-			self.__server.setFailRegex(name, value)
+			self.__server.addFailRegex(name, value)
 			return self.__server.getFailRegex(name)
-		elif command[1] == "ignoreregex":
+		elif command[1] == "delfailregex":
+			value = int(command[2])
+			self.__server.delFailRegex(name, value)
+			return self.__server.getFailRegex(name)
+		elif command[1] == "addignoreregex":
 			value = command[2]
-			self.__server.setIgnoreRegex(name, value)
+			self.__server.addIgnoreRegex(name, value)
+			return self.__server.getIgnoreRegex(name)
+		elif command[1] == "delignoreregex":
+			value = int(command[2])
+			self.__server.delIgnoreRegex(name, value)
 			return self.__server.getIgnoreRegex(name)
 		elif command[1] == "findtime":
 			value = command[2]
diff --git a/testcases/filtertestcase.py b/testcases/filtertestcase.py
index 91c5a592..520b1ef3 100644
--- a/testcases/filtertestcase.py
+++ b/testcases/filtertestcase.py
@@ -99,7 +99,7 @@ class GetFailures(unittest.TestCase):
 		output = ('193.168.0.128', 3, 1124013599.0)
 		
 		self.__filter.addLogPath(GetFailures.FILENAME_01)
-		self.__filter.setFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")
+		self.__filter.addFailRegex("(?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)")
 
 		self.__filter.getFailures(GetFailures.FILENAME_01)
 		
@@ -116,7 +116,7 @@ class GetFailures(unittest.TestCase):
 		output = ('141.3.81.106', 4, 1124013539.0)
 
 		self.__filter.addLogPath(GetFailures.FILENAME_02)
-		self.__filter.setFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)")
+		self.__filter.addFailRegex("Failed .* (?:::f{4,6}:)(?P<host>\S*)")
 		
 		self.__filter.getFailures(GetFailures.FILENAME_02)
 		
@@ -127,13 +127,13 @@ class GetFailures(unittest.TestCase):
 		ip = ticket.getIP()
 		found = (ip, attempts, date)
 		
-		self.assertEqual(found, output)	
+		self.assertEqual(found, output)
 
 	def testGetFailures03(self):
 		output = ('203.162.223.135', 6, 1124013544.0)
 
 		self.__filter.addLogPath(GetFailures.FILENAME_03)
-		self.__filter.setFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
+		self.__filter.addFailRegex("error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown")
 		
 		self.__filter.getFailures(GetFailures.FILENAME_03)
 		
@@ -151,7 +151,7 @@ class GetFailures(unittest.TestCase):
 				  ('212.41.96.185', 4, 1124013598.0)]
 
 		self.__filter.addLogPath(GetFailures.FILENAME_04)
-		self.__filter.setFailRegex("Invalid user .* (?P<host>\S*)")
+		self.__filter.addFailRegex("Invalid user .* (?P<host>\S*)")
 		
 		self.__filter.getFailures(GetFailures.FILENAME_04)
 
@@ -165,4 +165,33 @@ class GetFailures(unittest.TestCase):
 				self.assertEqual(found, output[i])
 		except FailManagerEmpty:
 			pass
-		
\ No newline at end of file
+		
+	def testGetFailuresMultiRegex(self):
+		output = ('141.3.81.106', 8, 1124013541.0)
+
+		self.__filter.addLogPath(GetFailures.FILENAME_02)
+		self.__filter.addFailRegex("Failed .* from <HOST>")
+		self.__filter.addFailRegex("Accepted .* from <HOST>")
+		
+		self.__filter.getFailures(GetFailures.FILENAME_02)
+		
+		ticket = self.__filter.failManager.toBan()
+
+		attempts = ticket.getAttempt()
+		date = ticket.getTime()
+		ip = ticket.getIP()
+		found = (ip, attempts, date)
+		
+		self.assertEqual(found, output)
+	
+	def testGetFailuresIgnoreRegex(self):
+		output = ('141.3.81.106', 8, 1124013541.0)
+
+		self.__filter.addLogPath(GetFailures.FILENAME_02)
+		self.__filter.addFailRegex("Failed .* from <HOST>")
+		self.__filter.addFailRegex("Accepted .* from <HOST>")
+		self.__filter.addIgnoreRegex("for roehl")
+		
+		self.__filter.getFailures(GetFailures.FILENAME_02)
+		
+		self.assertRaises(FailManagerEmpty, self.__filter.failManager.toBan)

From cd012dda85b3fda9b6debe0e90c97cb2a261b758 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Dec 2006 16:37:17 +0000
Subject: [PATCH 17/24] - Added svn:keywords

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@504 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 client/beautifier.py              | 6 +++---
 common/__init__.py                | 6 +++---
 common/protocol.py                | 6 +++---
 fail2ban-regex                    | 6 +++---
 server/datedetector.py            | 6 +++---
 server/dateepoch.py               | 6 +++---
 server/datestrptime.py            | 6 +++---
 server/datetai64n.py              | 6 +++---
 server/datetemplate.py            | 6 +++---
 server/filterpoll.py              | 6 +++---
 server/jails.py                   | 6 +++---
 server/mytime.py                  | 6 +++---
 testcases/actiontestcase.py       | 6 +++---
 testcases/clientreadertestcase.py | 6 +++---
 testcases/datedetectortestcase.py | 6 +++---
 15 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/client/beautifier.py b/client/beautifier.py
index abe562a6..c017c5a2 100644
--- a/client/beautifier.py
+++ b/client/beautifier.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 288 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 288 $"
-__date__ = "$Date: 2006-08-22 23:59:51 +0200 (Tue, 22 Aug 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/common/__init__.py b/common/__init__.py
index cf63d1b6..dc25edd6 100644
--- a/common/__init__.py
+++ b/common/__init__.py
@@ -16,10 +16,10 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 433 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
diff --git a/common/protocol.py b/common/protocol.py
index d9312f9b..543e08e4 100644
--- a/common/protocol.py
+++ b/common/protocol.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 456 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 456 $"
-__date__ = "$Date: 2006-11-12 11:56:40 +0100 (Sun, 12 Nov 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban-regex b/fail2ban-regex
index dc497e0a..a5f28780 100755
--- a/fail2ban-regex
+++ b/fail2ban-regex
@@ -17,11 +17,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 300 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 300 $"
-__date__ = "$Date: 2006-08-23 21:53:09 +0200 (Wed, 23 Aug 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/server/datedetector.py b/server/datedetector.py
index 8c5f618a..951aba6f 100644
--- a/server/datedetector.py
+++ b/server/datedetector.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 321 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 321 $"
-__date__ = "$Date: 2006-09-04 21:19:58 +0200 (Mon, 04 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/server/dateepoch.py b/server/dateepoch.py
index bc0ca667..b6ee14d0 100644
--- a/server/dateepoch.py
+++ b/server/dateepoch.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 321 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 321 $"
-__date__ = "$Date: 2006-09-04 21:19:58 +0200 (Mon, 04 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/server/datestrptime.py b/server/datestrptime.py
index a4b8ad25..bd2d351a 100644
--- a/server/datestrptime.py
+++ b/server/datestrptime.py
@@ -17,11 +17,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 321 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 321 $"
-__date__ = "$Date: 2006-09-04 21:19:58 +0200 (Mon, 04 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/server/datetai64n.py b/server/datetai64n.py
index d40a7f08..dd0ffa77 100644
--- a/server/datetai64n.py
+++ b/server/datetai64n.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 321 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 321 $"
-__date__ = "$Date: 2006-09-04 21:19:58 +0200 (Mon, 04 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/server/datetemplate.py b/server/datetemplate.py
index dccd58f6..9aca63e5 100644
--- a/server/datetemplate.py
+++ b/server/datetemplate.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 321 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 321 $"
-__date__ = "$Date: 2006-09-04 21:19:58 +0200 (Mon, 04 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/server/filterpoll.py b/server/filterpoll.py
index 374d957d..3afd587f 100644
--- a/server/filterpoll.py
+++ b/server/filterpoll.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 354 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 354 $"
-__date__ = "$Date: 2006-09-13 23:31:22 +0200 (Wed, 13 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/server/jails.py b/server/jails.py
index 6a327e1c..8dbde9c8 100644
--- a/server/jails.py
+++ b/server/jails.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 354 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 354 $"
-__date__ = "$Date: 2006-09-13 23:31:22 +0200 (Wed, 13 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/server/mytime.py b/server/mytime.py
index a7930813..57fee41e 100644
--- a/server/mytime.py
+++ b/server/mytime.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 321 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 321 $"
-__date__ = "$Date: 2006-09-04 21:19:58 +0200 (Mon, 04 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/testcases/actiontestcase.py b/testcases/actiontestcase.py
index 8a66320e..bc6f39ad 100644
--- a/testcases/actiontestcase.py
+++ b/testcases/actiontestcase.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 382 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 382 $"
-__date__ = "$Date: 2006-09-25 19:03:48 +0200 (Mon, 25 Sep 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/testcases/clientreadertestcase.py b/testcases/clientreadertestcase.py
index c1b1eddf..39ab80bf 100644
--- a/testcases/clientreadertestcase.py
+++ b/testcases/clientreadertestcase.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 253 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 253 $"
-__date__ = "$Date: 2006-07-17 00:21:58 +0200 (Mon, 17 Jul 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/testcases/datedetectortestcase.py b/testcases/datedetectortestcase.py
index 5f2f0b26..14af9b27 100644
--- a/testcases/datedetectortestcase.py
+++ b/testcases/datedetectortestcase.py
@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 253 $
+# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 253 $"
-__date__ = "$Date: 2006-07-17 00:21:58 +0200 (Mon, 17 Jul 2006) $"
+__version__ = "$Revision$"
+__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 

From b8f0ce7155c4a9748c6e49e9678a8d9e65735400 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Dec 2006 23:20:16 +0000
Subject: [PATCH 18/24] - Do not accept empty regular expression - Do not send
 an empty string if the option is not defined

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@505 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 client/filterreader.py | 8 ++++++--
 client/jailreader.py   | 4 +++-
 server/regex.py        | 2 ++
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/client/filterreader.py b/client/filterreader.py
index 30cca818..4bb36fda 100644
--- a/client/filterreader.py
+++ b/client/filterreader.py
@@ -68,9 +68,13 @@ class FilterReader(ConfigReader):
 				stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
 			elif opt == "failregex":
 				for regex in self.__opts[opt].split('\n'):
-					stream.append(["set", self.__name, "addfailregex", regex])
+					# Do not send a command if the rule is empty.
+					if regex != '':
+						stream.append(["set", self.__name, "addfailregex", regex])
 			elif opt == "ignoreregex":
 				for regex in self.__opts[opt].split('\n'):
-					stream.append(["set", self.__name, "addignoreregex", regex])		
+					# Do not send a command if the rule is empty.
+					if regex != '':
+						stream.append(["set", self.__name, "addignoreregex", regex])		
 		return stream
 		
\ No newline at end of file
diff --git a/client/jailreader.py b/client/jailreader.py
index bb408876..aa26d789 100644
--- a/client/jailreader.py
+++ b/client/jailreader.py
@@ -112,7 +112,9 @@ class JailReader(ConfigReader):
 				stream.append(["set", self.__name, "maxretry", self.__opts[opt]])
 			elif opt == "ignoreip":
 				for ip in self.__opts[opt].split():
-					stream.append(["set", self.__name, "addignoreip", ip])
+					# Do not send a command if the rule is empty.
+					if ip != '':
+						stream.append(["set", self.__name, "addignoreip", ip])
 			elif opt == "findtime":
 				stream.append(["set", self.__name, "findtime", self.__opts[opt]])
 			elif opt == "bantime":
diff --git a/server/regex.py b/server/regex.py
index c4e9c8ec..d3d6eee4 100644
--- a/server/regex.py
+++ b/server/regex.py
@@ -42,6 +42,8 @@ class Regex:
 	
 	def __init__(self, regex):
 		self._matchCache = None
+		if regex.lstrip() == '':
+			raise RegexException("Cannot add empty regex")
 		try:
 			self._regexObj = re.compile(regex)
 			self._regex = regex

From ba833a57adb2be7f087e36dd4599287bec927876 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 3 Jan 2007 18:15:55 +0000
Subject: [PATCH 19/24] - Added license file. Thanks to Axel Thimm

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@506 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG |   1 +
 COPYING   | 339 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 MANIFEST  |   1 +
 3 files changed, 341 insertions(+)
 create mode 100644 COPYING

diff --git a/CHANGELOG b/CHANGELOG
index c9460d61..70962aba 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -17,6 +17,7 @@ ver. 0.7.6 (200?/??/??) - ???
   filter. Thanks to mEDI
 - Several "failregex" and "ignoreregex" are now accepted.
   Creation of rules should be easier now.
+- Added license in COPYING. Thanks to Axel Thimm
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
diff --git a/COPYING b/COPYING
new file mode 100644
index 00000000..d511905c
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,339 @@
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
diff --git a/MANIFEST b/MANIFEST
index 9908c9f1..57911033 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,6 +1,7 @@
 README
 CHANGELOG
 TODO
+COPYING
 fail2ban-client
 fail2ban-server
 fail2ban-testcases

From 7719c00d3711663814fb7e298fad088a512efd11 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 4 Jan 2007 11:58:58 +0000
Subject: [PATCH 20/24] - Allow comma in action options. The value of the
 option must be escaped with " or '. Thanks to Yaroslav Halchenko

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@509 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG            |  2 ++
 TODO                 |  2 ++
 client/jailreader.py | 26 +++++++++++++++++++++++++-
 config/jail.conf     |  6 ++++--
 4 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 70962aba..c822d3d8 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -18,6 +18,8 @@ ver. 0.7.6 (200?/??/??) - ???
 - Several "failregex" and "ignoreregex" are now accepted.
   Creation of rules should be easier now.
 - Added license in COPYING. Thanks to Axel Thimm
+- Allow comma in action options. The value of the option must
+  be escaped with " or '. Thanks to Yaroslav Halchenko
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
diff --git a/TODO b/TODO
index 23a34875..0348a3e1 100644
--- a/TODO
+++ b/TODO
@@ -13,6 +13,8 @@ Legend:
 # partially done
 * done
 
+- Improve parsing of the action parameters in jailreader.py
+
 - Better handling of the protocol in transmitter.py
 
 - Add gettext support (I18N)
diff --git a/client/jailreader.py b/client/jailreader.py
index aa26d789..3588daab 100644
--- a/client/jailreader.py
+++ b/client/jailreader.py
@@ -134,7 +134,31 @@ class JailReader(ConfigReader):
 		m = JailReader.actionCRE.match(action)
 		d = dict()
 		if not m.group(2) == None:
-			for param in m.group(2).split(','):
+			# Huge bad hack :( This method really sucks. TODO Reimplement it.
+			actions = ""
+			escapeChar = None
+			allowComma = False
+			for c in m.group(2):
+				if c in ('"', "'") and not allowComma:
+					# Start
+					escapeChar = c
+					allowComma = True
+				elif c == escapeChar:
+					# End
+					escapeChar = None
+					allowComma = False
+				else:
+					if c == ',' and allowComma:
+						actions += "<COMMA>"
+					else:
+						actions += c
+			
+			# Split using ,
+			actionsSplit = actions.split(',')
+			# Replace the tag <COMMA> with ,
+			actionsSplit = [n.replace("<COMMA>", ',') for n in actionsSplit]
+			
+			for param in actionsSplit:
 				p = param.split('=')
 				try:
 					d[p[0].strip()] = p[1].strip()
diff --git a/config/jail.conf b/config/jail.conf
index b3985363..5c4628f0 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -141,13 +141,15 @@ action   = shorewall
 logpath  = /var/log/apache2/error_log
 
 # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
-# option is overridden in this jail.
+# option is overridden in this jail. Moreover, the action "mail-whois" defines
+# the variable "name" which contains a comma using "". The characters '' are
+# valid too.
 
 [ssh-ipfw]
 
 enabled  = false
 filter   = sshd
 action   = ipfw[localhost=192.168.0.1]
-           mail-whois[name=SSH, dest=yourmail@mail.com]
+           mail-whois[name="SSH,IPFW", dest=yourmail@mail.com]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1

From 44d75eb54f3cd9f76a13f387691a880a37fec1bd Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 4 Jan 2007 12:21:44 +0000
Subject: [PATCH 21/24] - Added missing svn:keywords - Split failregex in
 sshd.conf - Added sshd-ddos.conf. Thanks to Yaroslav Halchenko

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@510 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/action.d/ipfw.conf            |  2 +-
 config/action.d/mail-whois.conf      |  2 +-
 config/action.d/mail.conf            |  2 +-
 config/action.d/shorewall.conf       |  2 +-
 config/filter.d/apache-noscript.conf |  2 +-
 config/filter.d/courierlogin.conf    |  2 +-
 config/filter.d/couriersmtp.conf     |  2 +-
 config/filter.d/exim.conf            |  2 +-
 config/filter.d/postfix.conf         |  2 +-
 config/filter.d/proftpd.conf         |  2 +-
 config/filter.d/qmail.conf           |  2 +-
 config/filter.d/sasl.conf            |  2 +-
 config/filter.d/sshd-ddos.conf       | 23 +++++++++++++++++++++++
 config/filter.d/sshd.conf            |  3 ++-
 14 files changed, 37 insertions(+), 13 deletions(-)
 create mode 100644 config/filter.d/sshd-ddos.conf

diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf
index 5ae00cae..0d5f1bbb 100644
--- a/config/action.d/ipfw.conf
+++ b/config/action.d/ipfw.conf
@@ -3,7 +3,7 @@
 # Author: Nick Munger
 # Modified by: Cyril Jaquier
 #
-# $Revision: 254 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
index 6055d98b..044aa05b 100644
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 254 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
index 61522b27..2757aa74 100644
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 254 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf
index 446c8a4b..83e66975 100644
--- a/config/action.d/shorewall.conf
+++ b/config/action.d/shorewall.conf
@@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 394 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf
index 280f72b9..6f57cc8c 100644
--- a/config/filter.d/apache-noscript.conf
+++ b/config/filter.d/apache-noscript.conf
@@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 394 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/courierlogin.conf b/config/filter.d/courierlogin.conf
index e92301d7..a5b6d161 100644
--- a/config/filter.d/courierlogin.conf
+++ b/config/filter.d/courierlogin.conf
@@ -3,7 +3,7 @@
 # Author: Christoph Haas
 # Modified by: Cyril Jaquier
 #
-# $Revision: 267 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/couriersmtp.conf b/config/filter.d/couriersmtp.conf
index b695a707..a035e285 100644
--- a/config/filter.d/couriersmtp.conf
+++ b/config/filter.d/couriersmtp.conf
@@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 267 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/exim.conf b/config/filter.d/exim.conf
index 564bb9a8..98b589be 100644
--- a/config/filter.d/exim.conf
+++ b/config/filter.d/exim.conf
@@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 267 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf
index 90b19d55..c808b109 100644
--- a/config/filter.d/postfix.conf
+++ b/config/filter.d/postfix.conf
@@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 267 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf
index 65ff59b7..1fc31ef5 100644
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@@ -2,7 +2,7 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision: 331 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/qmail.conf b/config/filter.d/qmail.conf
index 854d4ee2..0ae518fc 100644
--- a/config/filter.d/qmail.conf
+++ b/config/filter.d/qmail.conf
@@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 267 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/sasl.conf b/config/filter.d/sasl.conf
index ad4fe463..c25aca6b 100644
--- a/config/filter.d/sasl.conf
+++ b/config/filter.d/sasl.conf
@@ -2,7 +2,7 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision: 331 $
+# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/sshd-ddos.conf b/config/filter.d/sshd-ddos.conf
new file mode 100644
index 00000000..2a907e88
--- /dev/null
+++ b/config/filter.d/sshd-ddos.conf
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 9659fa16..fe46dd86 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -14,7 +14,8 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
+failregex = (?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid))? user .*(?: from|FROM) <HOST>
+            ROOT LOGIN REFUSED .*(?: from|FROM) <HOST>
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

From ab3d2d1b9adf8909c26f28f7b672cd5e6fec3c9a Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 4 Jan 2007 12:58:21 +0000
Subject: [PATCH 22/24] - Now Fail2ban goes in /usr/share/fail2ban instead of
 /usr/lib/fail2ban. This is more compliant with FHS. Thanks to Axel Thimm and
 Yaroslav Halchenko

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@511 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG          | 7 +++++--
 fail2ban-client    | 2 +-
 fail2ban-regex     | 2 +-
 fail2ban-server    | 2 +-
 fail2ban-testcases | 2 +-
 setup.cfg          | 2 +-
 setup.py           | 9 ++++++++-
 7 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index c822d3d8..71983906 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,10 +4,10 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.7.6)                           200?/??/??
+Fail2Ban (version 0.7.6)                           2007/01/04
 =============================================================
 
-ver. 0.7.6 (200?/??/??) - ???
+ver. 0.7.6 (2007/01/04) - beta
 ----------
 - Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
 - Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
@@ -20,6 +20,9 @@ ver. 0.7.6 (200?/??/??) - ???
 - Added license in COPYING. Thanks to Axel Thimm
 - Allow comma in action options. The value of the option must
   be escaped with " or '. Thanks to Yaroslav Halchenko
+- Now Fail2ban goes in /usr/share/fail2ban instead of
+  /usr/lib/fail2ban. This is more compliant with FHS. Thanks
+  to Axel Thimm and Yaroslav Halchenko
 
 ver. 0.7.5 (2006/12/07) - beta
 ----------
diff --git a/fail2ban-client b/fail2ban-client
index dbb84616..14aeabd0 100755
--- a/fail2ban-client
+++ b/fail2ban-client
@@ -30,7 +30,7 @@ import getopt, time, readline, shlex, socket
 
 # Inserts our own modules path first in the list
 # fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
 
 # Now we can import our modules
 from common.version import version
diff --git a/fail2ban-regex b/fail2ban-regex
index a5f28780..8074a853 100755
--- a/fail2ban-regex
+++ b/fail2ban-regex
@@ -29,7 +29,7 @@ import locale, getopt, sys, time, logging, gc
 
 # Inserts our own modules path first in the list
 # fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
 
 from common.version import version
 from server.filter import Filter
diff --git a/fail2ban-server b/fail2ban-server
index 7602bd85..bdb7455f 100755
--- a/fail2ban-server
+++ b/fail2ban-server
@@ -29,7 +29,7 @@ import getopt, sys
 
 # Inserts our own modules path first in the list
 # fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
 
 from common.version import version
 from server.server import Server
diff --git a/fail2ban-testcases b/fail2ban-testcases
index 91c34317..38ab89d7 100755
--- a/fail2ban-testcases
+++ b/fail2ban-testcases
@@ -30,7 +30,7 @@ import unittest, logging, sys
 
 # Inserts our own modules path first in the list
 # fix for bug #343821
-sys.path.insert(1, "/usr/lib/fail2ban")
+sys.path.insert(1, "/usr/share/fail2ban")
 
 from common.version import version
 from testcases import banmanagertestcase
diff --git a/setup.cfg b/setup.cfg
index fba97f88..cdc25b29 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,5 +1,5 @@
 [install]
-install-purelib=/usr/lib/fail2ban
+install-purelib=/usr/share/fail2ban
 
 [sdist]
 formats=bztar
diff --git a/setup.py b/setup.py
index 9ad1ece5..12da08f3 100755
--- a/setup.py
+++ b/setup.py
@@ -28,7 +28,7 @@ __license__ = "GPL"
 
 from distutils.core import setup
 from common.version import version
-from os.path import isfile, join
+from os.path import isfile, join, isdir
 from sys import argv
 from glob import glob
 
@@ -113,6 +113,13 @@ if obsoleteFiles:
 		print "\t" + f
 	print
 
+if isdir("/usr/lib/fail2ban"):
+	print
+	print "Fail2ban is not installed under /usr/lib anymore. The new " \
+		  "location is under /usr/share. Please remove the directory " \
+		  "/usr/lib/fail2ban and everything under this directory."
+	print
+
 # Update config file
 if argv[1] == "install":
 	print

From c377739f994f9ecd6597d5f29f9d894e4e027f5b Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 4 Jan 2007 12:59:09 +0000
Subject: [PATCH 23/24] - Prepared for releasing (0.7.6)

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@512 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 README            | 10 +++++-----
 common/version.py |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README b/README
index db025b72..6ff995c2 100644
--- a/README
+++ b/README
@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.7.6)                           200?/??/??
+Fail2Ban (version 0.7.6)                           2007/01/04
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -28,11 +28,11 @@ Optional:
 
 To install, just do:
 
-> tar xvfj fail2ban-0.7.5.tar.bz2
-> cd fail2ban-0.7.5
+> tar xvfj fail2ban-0.7.6.tar.bz2
+> cd fail2ban-0.7.6
 > python setup.py install
 
-This will install Fail2Ban into /usr/lib/fail2ban. The
+This will install Fail2Ban into /usr/share/fail2ban. The
 executable scripts are placed into /usr/bin.
 
 Gentoo: ebuilds are available on the website.
@@ -73,7 +73,7 @@ Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
 Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
 Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
 Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
-René Berber, mEDI
+René Berber, mEDI, Axel Thimm
 
 License:
 --------
diff --git a/common/version.py b/common/version.py
index 9e74d0e5..e913d1c0 100644
--- a/common/version.py
+++ b/common/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.7.5-SVN"
+version = "0.7.6"

From 6cf814245e9e04f3053ee72d41989d0e65d5492b Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 4 Jan 2007 13:07:04 +0000
Subject: [PATCH 24/24] - Fixed missing regular expression

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@513 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/filter.d/sshd.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index fe46dd86..f3dd29f8 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -15,7 +15,8 @@
 # Values:  TEXT
 #
 failregex = (?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid))? user .*(?: from|FROM) <HOST>
-            ROOT LOGIN REFUSED .*(?: from|FROM) <HOST>
+            ROOT LOGIN REFUSED .* FROM <HOST>
+            [iI](?:llegal|nvalid) user .* from <HOST>
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.