From 0de46864a1ba5443e719043d718e7d3c1e523996 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 10 Oct 2004 13:34:02 +0000
Subject: [PATCH 01/99] - update some dates

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@8 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 log-test/test | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/log-test/test b/log-test/test
index 81e0e87f..30fc4868 100644
--- a/log-test/test
+++ b/log-test/test
@@ -425,7 +425,7 @@ Oct  7 01:03:12 [sshd] Failed password for illegal user tata from 128.178.164.52
                 - Last output repeated 2 times -
 Oct  7 01:03:20 [sshd] Failed password for illegal user tata from 128.178.164.52 port 37187 ssh2
                 - Last output repeated 2 times -
-Oct  8 11:47:08 [sshd] Failed password for illegal user test from 69.182.27.122 port 34015 ssh2
-Oct  8 11:47:09 [sshd] Failed password for illegal user guest from 69.182.27.122 port 34068 ssh2
-Oct  8 11:47:11 [sshd] Failed password for illegal user admin from 69.182.27.122 port 34127 ssh2
-Oct  9 21:54:11 yellow sshd[16069]: Failed password for cyril from 212.41.79.210 port 29404 ssh2
+Oct 11 11:47:08 [sshd] Failed password for illegal user test from 69.182.27.122 port 34015 ssh2
+Oct 11 11:47:09 [sshd] Failed password for illegal user guest from 69.182.27.122 port 34068 ssh2
+Oct 11 11:47:11 [sshd] Failed password for illegal user admin from 69.182.27.122 port 34127 ssh2
+Oct 12 21:54:11 yellow sshd[16069]: Failed password for cyril from 212.41.79.210 port 29404 ssh2

From 68ab4b0b26cee2c96ff8751e94b396692b0ecce4 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 10 Oct 2004 13:35:11 +0000
Subject: [PATCH 02/99] - a few changes and corrections

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@9 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/firewall.py | 38 ++++++++++++++++++++++++++++++++++----
 firewall/iptables.py | 14 +++++---------
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/firewall/firewall.py b/firewall/firewall.py
index 0a937d77..76632a75 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -24,24 +24,54 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
+import time
+
 class Firewall:
 	
 	banList = dict()
 	
-	def addBanIP(self, ip, time):
-		self.banList[ip] = time
+	def __init__(self, banTime):
+		self.banTime = banTime
+	
+	def addBanIP(self, ip):
+		if not self.inBanList(ip):
+			self.banList[ip] = time.time()
+			self.executeCmd(self.banIP(ip))
+		else:
+			print ip, "already in ban list"
 	
 	def delBanIP(self, ip):
-		del self.banList[ip]
+		if self.inBanList(ip):
+			del self.banList[ip]
+			self.executeCmd(self.unBanIP(ip))
+		else:
+			print ip, "not in ban list"
+	
+	def inBanList(self, ip):
+		return self.banList.has_key(ip)
+	
+	def checkForUnBan(self):
+		""" Check for user to remove from ban list.
+		"""
+		banListTemp = self.banList.copy()
+		iterBanList = banListTemp.iteritems()
+		for i in range(len(self.banList)):
+			element = iterBanList.next()
+			ip = element[0]
+			btime = element[1]
+			if btime < time.time()-self.banTime:
+				self.delBanIP(ip)
+				print '`->', time.time()
 	
 	def flushBanList(self):
 		iterBanList = self.banList.iteritems()
 		for i in range(len(self.banList)):
 			element = iterBanList.next()
 			ip = element[0]
-			self.unBanIP(ip)
+			self.delBanIP(ip)
 	
 	def executeCmd(self, cmd):
+		print cmd
 		return #os.system(cmd)
 		
 	def viewBanList(self):
diff --git a/firewall/iptables.py b/firewall/iptables.py
index fcee9652..8206e631 100644
--- a/firewall/iptables.py
+++ b/firewall/iptables.py
@@ -28,14 +28,10 @@ from firewall import Firewall
 
 class Iptables(Firewall):
 	
-	def banIP(self, ip, time):
-		query = 'iptables -I INPUT 1 -i eth0 -s '+str(ip)+' -j DROP'
-		self.addBanIP(ip, time)
-		self.executeCmd(query)
-		print query
+	def banIP(self, ip):
+		query = 'iptables -I INPUT 1 -i eth0 -s '+ip+' -j DROP'
+		return query
 	
 	def unBanIP(self, ip):
-		query = 'iptables -D INPUT -i eth0 -s '+str(ip)+' -j DROP'
-		self.delBanIP(ip)
-		self.executeCmd(query)
-		print query
+		query = 'iptables -D INPUT -i eth0 -s '+ip+' -j DROP'
+		return query

From 012301b64411850e449bbc7d0aa42b68553350fa Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 10 Oct 2004 13:35:52 +0000
Subject: [PATCH 03/99] - Complete rewrite to use the log-reader and firewall
 classes

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@10 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban | 127 +++++++------------------------------------------------
 1 file changed, 15 insertions(+), 112 deletions(-)

diff --git a/fail2ban b/fail2ban
index 278a118f..c2cae5df 100755
--- a/fail2ban
+++ b/fail2ban
@@ -26,10 +26,10 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import posix,sys,os
-import string,re,time
+import posix, time, sys
 
 from firewall.iptables import Iptables
+from logreader.metalog import Metalog
 
 def checkForRoot():
 	""" Check for root user.
@@ -40,132 +40,35 @@ def checkForRoot():
 	else:
 		return False
 
-# start: To be removed
-def executeCmd(cmd):
-	return #os.system(cmd)
-
-def unBanIP(ip):
-	iptables = 'iptables -D INPUT -i eth0 -s '+ip+' -j DROP'
-	executeCmd(iptables)
-	print iptables
-
-def banIP(ip):
-	iptables = 'iptables -I INPUT 1 -i eth0 -s '+ip+' -j DROP'
-	executeCmd(iptables)
-	print iptables
-# end:
-
-def checkForUnBan(banList, currentTime, banTime):
-	""" Check for user to remove from ban list.
-	"""
-	iterBanList = banList.iteritems()
-	for i in range(len(banList)):
-		element = iterBanList.next()
-		ip = element[0]
-		btime = element[1]
-		if btime < currentTime-banTime:
-			del banList[ip]
-			unBanIP(ip)
-			print '`->', currentTime
-	return banList
-
-def checkForBan(retryList, banList, currentTime):
-	iterRetry = retryList.iteritems()
-	for i in range(len(retryList)):
-		element = iterRetry.next()
-		retry = element[1][0]
-		ip = element[0]
-		if element[1][0] > 2 and not banList.has_key(ip):
-			banList[ip] = currentTime
-			banIP(ip)
-			print '`->', currentTime
-	return banList
-
-def flushBanList(banList):
-	iterBanList = banList.iteritems()
-	for i in range(len(banList)):
-		element = iterBanList.next()
-		ip = element[0]
-		unBanIP(ip)
-
-def parseLogLine(line):
-	""" Match sshd failed password log
-	"""
-	if re.search("Failed password", line):
-		matchIP = re.search("(?:\d{1,3}\.){3}\d{1,3}", line)
-		return matchIP
-
 if __name__ == "__main__":
 	
-	# start: For object oriented testing
-	f = Iptables()
-	f.banIP('11', 1231)
-	f.banIP('13', 1232)
-	f.banIP('13', 1233)
-	f.unBanIP('11')
-	f.viewBanList()
-	f.flushBanList()
-	# end:
+	fireWall = Iptables(600)
+	logFile = Metalog("./log-test/test", 600)
 	
 	if not checkForRoot():
 		print "You must be root."
 		#sys.exit(-1)
 	
-	logPath = './log-test/test'
-	banTime = 60
-	ignoreIPs = '127.0.0.1'
+	logFile.addIgnoreIP("127.0.0.1")
 	
-	lastModTime = 0
-	banList = dict()
 	while True:
-		try:
-			currentTime = time.time()
+		try:			
+			fireWall.checkForUnBan()
 			
-			banList = checkForUnBan(banList, currentTime, banTime)
-			
-			try:
-				pwdFailStats = os.stat(logPath)
-			except OSError:
-				print "Unable to get stat on", logPath
-				sys.exit(-1)
-			
-			if lastModTime == pwdFailStats.st_mtime:
+			if not logFile.isModified():
 				time.sleep(1)
 				continue
 			
-			print logPath, 'has been modified'
-			lastModTime = pwdFailStats.st_mtime
+			failList = logFile.getPwdFailure()
 			
-			try:
-				pwdfail = open(logPath)
-			except OSError:
-				print "Unable to open", logPath
-				sys.exit(-1)
+			iterFailList = failList.iteritems()
+			for i in range(len(failList)):
+				element = iterFailList.next()
+				if element[1][0] > 2:
+					fireWall.addBanIP(element[0])
 			
-			retryList = dict()
-			for line in pwdfail.readlines():
-				match = parseLogLine(line)
-				if match:
-					ip = match.group()
-					date = list(time.strptime(line[0:15], "%b %d %H:%M:%S"))
-					date[0] = time.gmtime()[0]
-					unixTime = time.mktime(date)
-					if unixTime < currentTime-banTime:
-						continue
-					if re.search(ip, ignoreIPs):
-						print 'Ignore ', ip
-						continue
-					print 'Found', ip, 'at', unixTime
-					if retryList.has_key(`ip`):
-						retryList[`ip`] = (retryList[`ip`][0]+1,unixTime)
-					else:
-						retryList[`ip`] = (1,unixTime)
-		
-			pwdfail.close()
-		
-			banList = checkForBan(retryList, banList, currentTime)
 		except KeyboardInterrupt:
 			print 'Restoring iptables...'
-			flushBanList(banList)
+			fireWall.flushBanList()
 			print 'Exiting...'
 			sys.exit(0)

From 5fc0a651635377fe1faa5bdcdb56aa0835382636 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 10 Oct 2004 23:41:07 +0000
Subject: [PATCH 04/99] - removing this file. Replaced by fail2ban.py

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@11 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban | 74 --------------------------------------------------------
 1 file changed, 74 deletions(-)
 delete mode 100755 fail2ban

diff --git a/fail2ban b/fail2ban
deleted file mode 100755
index c2cae5df..00000000
--- a/fail2ban
+++ /dev/null
@@ -1,74 +0,0 @@
-#!/usr/bin/env python
-
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-# Author: Cyril Jaquier
-# 
-# $Revision$
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
-__license__ = "GPL"
-
-import posix, time, sys
-
-from firewall.iptables import Iptables
-from logreader.metalog import Metalog
-
-def checkForRoot():
-	""" Check for root user.
-	"""
-	uid = `posix.getuid()`
-	if uid == '0':
-		return True
-	else:
-		return False
-
-if __name__ == "__main__":
-	
-	fireWall = Iptables(600)
-	logFile = Metalog("./log-test/test", 600)
-	
-	if not checkForRoot():
-		print "You must be root."
-		#sys.exit(-1)
-	
-	logFile.addIgnoreIP("127.0.0.1")
-	
-	while True:
-		try:			
-			fireWall.checkForUnBan()
-			
-			if not logFile.isModified():
-				time.sleep(1)
-				continue
-			
-			failList = logFile.getPwdFailure()
-			
-			iterFailList = failList.iteritems()
-			for i in range(len(failList)):
-				element = iterFailList.next()
-				if element[1][0] > 2:
-					fireWall.addBanIP(element[0])
-			
-		except KeyboardInterrupt:
-			print 'Restoring iptables...'
-			fireWall.flushBanList()
-			print 'Exiting...'
-			sys.exit(0)

From 4602bb1bfc8ce9f63aaaa323e1b1b9ecd293cf30 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 10 Oct 2004 23:44:24 +0000
Subject: [PATCH 05/99] - Add this file with .py extension in order to by
 recognize as Python source file with pydev (Eclipse plugin) - Add command
 line options: -v (verbose mode), -h (help), -b (background) - Add daemon
 function found on aspn.activestate.com

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@14 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 176 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 176 insertions(+)
 create mode 100755 fail2ban.py

diff --git a/fail2ban.py b/fail2ban.py
new file mode 100755
index 00000000..4acae8e3
--- /dev/null
+++ b/fail2ban.py
@@ -0,0 +1,176 @@
+#!/usr/bin/env python
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import posix, time, sys, getopt, os, signal
+
+from firewall.iptables import Iptables
+from logreader.metalog import Metalog
+
+def usage():
+	print "fail2ban [-h][-v][-b]"
+	sys.exit(0)
+
+def checkForRoot():
+	""" Check for root user.
+	"""
+	uid = `posix.getuid()`
+	if uid == '0':
+		return True
+	else:
+		return False
+
+def createDaemon():
+	"""Detach a process from the controlling terminal and run it in the
+	background as a daemon.
+	
+	http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/278731
+	"""
+
+	try:
+		# Fork a child process so the parent can exit.  This will return control
+		# to the command line or shell.  This is required so that the new process
+		# is guaranteed not to be a process group leader.  We have this guarantee
+		# because the process GID of the parent is inherited by the child, but
+		# the child gets a new PID, making it impossible for its PID to equal its
+		# PGID.
+		pid = os.fork()
+	except OSError, e:
+		return((e.errno, e.strerror))	 # ERROR (return a tuple)
+
+	if (pid == 0):	   # The first child.
+
+		# Next we call os.setsid() to become the session leader of this new
+		# session.  The process also becomes the process group leader of the
+		# new process group.  Since a controlling terminal is associated with a
+		# session, and this new session has not yet acquired a controlling
+		# terminal our process now has no controlling terminal.  This shouldn't
+		# fail, since we're guaranteed that the child is not a process group
+		# leader.
+		os.setsid()
+	
+		# When the first child terminates, all processes in the second child
+		# are sent a SIGHUP, so it's ignored.
+		signal.signal(signal.SIGHUP, signal.SIG_IGN)
+	
+		try:
+			# Fork a second child to prevent zombies.  Since the first child is
+			# a session leader without a controlling terminal, it's possible for
+			# it to acquire one by opening a terminal in the future.  This second
+			# fork guarantees that the child is no longer a session leader, thus
+			# preventing the daemon from ever acquiring a controlling terminal.
+			pid = os.fork()		# Fork a second child.
+		except OSError, e:
+			return((e.errno, e.strerror))  # ERROR (return a tuple)
+	
+		if (pid == 0):	  # The second child.
+			# Ensure that the daemon doesn't keep any directory in use.  Failure
+			# to do this could make a filesystem unmountable.
+			#os.chdir("/")
+			# Give the child complete control over permissions.
+			os.umask(0)
+		else:
+			os._exit(0)	  # Exit parent (the first child) of the second child.
+	else:
+		os._exit(0)		 # Exit parent of the first child.
+
+	# Close all open files.  Try the system configuration variable, SC_OPEN_MAX,
+	# for the maximum number of open files to close.  If it doesn't exist, use
+	# the default value (configurable).
+	try:
+		maxfd = os.sysconf("SC_OPEN_MAX")
+	except (AttributeError, ValueError):
+		maxfd = 256	   # default maximum
+
+	for fd in range(0, maxfd):
+		try:
+			os.close(fd)
+		except OSError:   # ERROR (ignore)
+			pass
+
+	# Redirect the standard file descriptors to /dev/null.
+   	os.open("/dev/null", os.O_RDONLY)	# standard input (0)
+	#os.open("/dev/null", os.O_RDWR)	   # standard output (1)
+	os.open("/tmp/fail2ban.log", os.O_CREAT|os.O_APPEND|os.O_RDWR)	   # standard output (1)
+	#os.open("/dev/null", os.O_RDWR)	   # standard error (2)
+	os.open("/tmp/fail2ban.log", os.O_CREAT|os.O_APPEND|os.O_RDWR)	   # standard error (2)
+
+	return(0)
+
+
+if __name__ == "__main__":
+	
+	try:
+		optList, args = getopt.getopt(sys.argv[1:], 'hvb')
+	except getopt.GetoptError:
+		usage()
+
+	verbose = False
+	for opt in optList:
+		if opt[0] == "-h":
+			usage()
+		if opt[0] == "-v":
+			verbose = True
+		if opt[0] == "-b":
+			retCode = createDaemon()
+			if retCode != 0:
+				print "Unable to start daemon"
+				sys.exit(-1)
+	
+	if not checkForRoot():
+		print "You must be root."
+		#sys.exit(-1)
+	
+	fireWall = Iptables(600, verbose = verbose)
+	logFile = Metalog("./log-test/test", 600, verbose = verbose)
+	
+	logFile.addIgnoreIP("127.0.0.1")
+	
+	while True:
+		try:
+			sys.stdout.flush()
+			sys.stderr.flush()
+			
+			fireWall.checkForUnBan()
+			
+			if not logFile.isModified():
+				time.sleep(1)
+				continue
+			
+			failList = logFile.getPwdFailure()
+						
+			iterFailList = failList.iteritems()
+			for i in range(len(failList)):
+				element = iterFailList.next()
+				if element[1][0] > 2:
+					fireWall.addBanIP(element[0])
+			
+		except KeyboardInterrupt:
+			print 'Restoring iptables...'
+			fireWall.flushBanList()
+			print 'Exiting...'
+			sys.exit(0)

From e561e39583ad4b866dbd2153e001b6dbf8201264 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 10 Oct 2004 23:46:58 +0000
Subject: [PATCH 06/99] - Add verbose option

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@15 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/firewall.py   | 15 ++++++++++-----
 logreader/logreader.py |  6 ++++--
 logreader/metalog.py   |  6 ++++--
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/firewall/firewall.py b/firewall/firewall.py
index 76632a75..09e9ccae 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -30,22 +30,25 @@ class Firewall:
 	
 	banList = dict()
 	
-	def __init__(self, banTime):
+	def __init__(self, banTime, verbose = False):
 		self.banTime = banTime
+		self.verbose = verbose
 	
 	def addBanIP(self, ip):
 		if not self.inBanList(ip):
 			self.banList[ip] = time.time()
 			self.executeCmd(self.banIP(ip))
 		else:
-			print ip, "already in ban list"
+			if self.verbose:
+				print ip, "already in ban list"
 	
 	def delBanIP(self, ip):
 		if self.inBanList(ip):
 			del self.banList[ip]
 			self.executeCmd(self.unBanIP(ip))
 		else:
-			print ip, "not in ban list"
+			if self.verbose:
+				print ip, "not in ban list"
 	
 	def inBanList(self, ip):
 		return self.banList.has_key(ip)
@@ -61,7 +64,8 @@ class Firewall:
 			btime = element[1]
 			if btime < time.time()-self.banTime:
 				self.delBanIP(ip)
-				print '`->', time.time()
+				if self.verbose:
+					print '`->', time.time()
 	
 	def flushBanList(self):
 		iterBanList = self.banList.iteritems()
@@ -71,7 +75,8 @@ class Firewall:
 			self.delBanIP(ip)
 	
 	def executeCmd(self, cmd):
-		print cmd
+		if self.verbose:
+			print cmd
 		return #os.system(cmd)
 		
 	def viewBanList(self):
diff --git a/logreader/logreader.py b/logreader/logreader.py
index 492ed76d..f17711f8 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -28,11 +28,12 @@ import os, sys
 
 class LogReader:
 	
-	def __init__(self, logPath, findTime = 3600):
+	def __init__(self, logPath, findTime = 3600, verbose = False):
 		self.logPath = logPath
 		self.findTime = findTime
 		self.ignoreIpList = []
 		self.lastModTime = 0
+		self.verbose = verbose
 	
 	def addIgnoreIP(self, ip):
 		self.ignoreIpList.append(ip)
@@ -58,7 +59,8 @@ class LogReader:
 		if self.lastModTime == logStats.st_mtime:
 			return False
 		else:
-			print self.logPath, 'has been modified'
+			if self.verbose:
+				print self.logPath, 'has been modified'
 			self.lastModTime = logStats.st_mtime
 			return True
 	
diff --git a/logreader/metalog.py b/logreader/metalog.py
index 20a64766..c8e3db12 100644
--- a/logreader/metalog.py
+++ b/logreader/metalog.py
@@ -41,9 +41,11 @@ class Metalog(LogReader):
 				if unixTime < time.time()-self.findTime:
 					continue
 				if self.inIgnoreIPList(ip):
-					print 'Ignore', ip
+					if self.verbose:
+						print 'Ignore', ip
 					continue
-				print 'Found', ip, 'at', unixTime
+				if self.verbose:
+					print 'Found', ip, 'at', unixTime
 				if ipList.has_key(ip):
 					ipList[ip] = (ipList[ip][0]+1, unixTime)
 				else:

From be1755cac12afb93d9c74ce9c5e0295c8ba1a090 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 11 Oct 2004 10:21:56 +0000
Subject: [PATCH 07/99] - Change quoting style

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@16 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/iptables.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/firewall/iptables.py b/firewall/iptables.py
index 8206e631..c06a2dd3 100644
--- a/firewall/iptables.py
+++ b/firewall/iptables.py
@@ -29,9 +29,9 @@ from firewall import Firewall
 class Iptables(Firewall):
 	
 	def banIP(self, ip):
-		query = 'iptables -I INPUT 1 -i eth0 -s '+ip+' -j DROP'
+		query = "iptables -I INPUT 1 -i eth0 -s "+ip+" -j DROP"
 		return query
 	
 	def unBanIP(self, ip):
-		query = 'iptables -D INPUT -i eth0 -s '+ip+' -j DROP'
+		query = "iptables -D INPUT -i eth0 -s "+ip+" -j DROP"
 		return query

From c286d568555896e33cade457d870630e35ea16c4 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 11 Oct 2004 10:22:41 +0000
Subject: [PATCH 08/99] - Add log4py support - Remove old verbose mode - Add
 debug feature

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@17 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/firewall.py | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/firewall/firewall.py b/firewall/firewall.py
index 09e9ccae..72ecc7cd 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -24,36 +24,36 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import time
+import time, os
 
 class Firewall:
 	
 	banList = dict()
 	
-	def __init__(self, banTime, verbose = False):
+	def __init__(self, banTime, logSys):
 		self.banTime = banTime
-		self.verbose = verbose
+		self.logSys = logSys
 	
-	def addBanIP(self, ip):
+	def addBanIP(self, ip, debug):
 		if not self.inBanList(ip):
+			self.logSys.info("Ban "+ip)
 			self.banList[ip] = time.time()
-			self.executeCmd(self.banIP(ip))
+			self.executeCmd(self.banIP(ip), debug)
 		else:
-			if self.verbose:
-				print ip, "already in ban list"
+			self.logSys.info(ip+" already in ban list")
 	
-	def delBanIP(self, ip):
+	def delBanIP(self, ip, debug):
 		if self.inBanList(ip):
+			self.logSys.info("Unban "+ip)
 			del self.banList[ip]
-			self.executeCmd(self.unBanIP(ip))
+			self.executeCmd(self.unBanIP(ip), debug)
 		else:
-			if self.verbose:
-				print ip, "not in ban list"
+			self.logSys.info(ip+" not in ban list")
 	
 	def inBanList(self, ip):
 		return self.banList.has_key(ip)
 	
-	def checkForUnBan(self):
+	def checkForUnBan(self, debug):
 		""" Check for user to remove from ban list.
 		"""
 		banListTemp = self.banList.copy()
@@ -63,21 +63,21 @@ class Firewall:
 			ip = element[0]
 			btime = element[1]
 			if btime < time.time()-self.banTime:
-				self.delBanIP(ip)
-				if self.verbose:
-					print '`->', time.time()
+				self.delBanIP(ip, debug)
 	
-	def flushBanList(self):
+	def flushBanList(self, debug):
 		iterBanList = self.banList.iteritems()
 		for i in range(len(self.banList)):
 			element = iterBanList.next()
 			ip = element[0]
-			self.delBanIP(ip)
+			self.delBanIP(ip, debug)
 	
-	def executeCmd(self, cmd):
-		if self.verbose:
-			print cmd
-		return #os.system(cmd)
+	def executeCmd(self, cmd, debug):
+		self.logSys.debug(cmd)
+		if not debug:
+			return os.system(cmd)
+		else:
+			return None
 		
 	def viewBanList(self):
 		iterBanList = self.banList.iteritems()

From a2ea1164b3ed987c8ef9e30874a1c7e4adf079bc Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 11 Oct 2004 10:23:53 +0000
Subject: [PATCH 09/99] - Add log4py support - Remove old verbose mode

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@18 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 11 +++++------
 logreader/metalog.py   |  6 ++----
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index f17711f8..9c134307 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -28,12 +28,12 @@ import os, sys
 
 class LogReader:
 	
-	def __init__(self, logPath, findTime = 3600, verbose = False):
+	def __init__(self, logPath, logSys, findTime = 3600):
 		self.logPath = logPath
 		self.findTime = findTime
 		self.ignoreIpList = []
 		self.lastModTime = 0
-		self.verbose = verbose
+		self.logSys = logSys
 	
 	def addIgnoreIP(self, ip):
 		self.ignoreIpList.append(ip)
@@ -45,7 +45,7 @@ class LogReader:
 		try:
 			fileHandler = open(self.logPath)
 		except OSError:
-			print "Unable to open", self.logPath
+			self.logSys.error("Unable to open "+self.logPath)
 			sys.exit(-1)
 		return fileHandler
 		
@@ -53,14 +53,13 @@ class LogReader:
 		try:
 			logStats = os.stat(self.logPath)
 		except OSError:
-			print "Unable to get stat on", logPath
+			self.logSys.error("Unable to get stat on "+self.logPath)
 			sys.exit(-1)
 		
 		if self.lastModTime == logStats.st_mtime:
 			return False
 		else:
-			if self.verbose:
-				print self.logPath, 'has been modified'
+			self.logSys.debug(self.logPath+" has been modified")
 			self.lastModTime = logStats.st_mtime
 			return True
 	
diff --git a/logreader/metalog.py b/logreader/metalog.py
index c8e3db12..31b4d564 100644
--- a/logreader/metalog.py
+++ b/logreader/metalog.py
@@ -41,11 +41,9 @@ class Metalog(LogReader):
 				if unixTime < time.time()-self.findTime:
 					continue
 				if self.inIgnoreIPList(ip):
-					if self.verbose:
-						print 'Ignore', ip
+					self.logSys.debug("Ignore "+ip)
 					continue
-				if self.verbose:
-					print 'Found', ip, 'at', unixTime
+				self.logSys.debug("Found "+ip)
 				if ipList.has_key(ip):
 					ipList[ip] = (ipList[ip][0]+1, unixTime)
 				else:

From 8eb470019c3884af2f9196a149974f0fd91270e1 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 11 Oct 2004 10:26:39 +0000
Subject: [PATCH 10/99] - Add log4py support - Remove old verbose mode - Add
 debug feature - Add option -f <pwdfail file>. This is the log file to read
 from - Add option -l <log file>. This is the file to log fail2ban messages -
 Add option -d. Allow fail2ban to run without root permissions. Do not execute
 OS command

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@19 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 57 +++++++++++++++++++++++++++++++++++------------------
 1 file changed, 38 insertions(+), 19 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index 4acae8e3..895d2092 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -27,12 +27,13 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
 import posix, time, sys, getopt, os, signal
+import log4py
 
 from firewall.iptables import Iptables
 from logreader.metalog import Metalog
 
 def usage():
-	print "fail2ban [-h][-v][-b]"
+	print "fail2ban [-h][-v][-b][-d][-f <pwdfail file>][-l <log file>]"
 	sys.exit(0)
 
 def checkForRoot():
@@ -90,7 +91,7 @@ def createDaemon():
 		if (pid == 0):	  # The second child.
 			# Ensure that the daemon doesn't keep any directory in use.  Failure
 			# to do this could make a filesystem unmountable.
-			#os.chdir("/")
+			os.chdir("/")
 			# Give the child complete control over permissions.
 			os.umask(0)
 		else:
@@ -114,39 +115,57 @@ def createDaemon():
 
 	# Redirect the standard file descriptors to /dev/null.
    	os.open("/dev/null", os.O_RDONLY)	# standard input (0)
-	#os.open("/dev/null", os.O_RDWR)	   # standard output (1)
-	os.open("/tmp/fail2ban.log", os.O_CREAT|os.O_APPEND|os.O_RDWR)	   # standard output (1)
-	#os.open("/dev/null", os.O_RDWR)	   # standard error (2)
-	os.open("/tmp/fail2ban.log", os.O_CREAT|os.O_APPEND|os.O_RDWR)	   # standard error (2)
+	os.open("/dev/null", os.O_RDWR)		# standard output (1)
+	os.open("/dev/null", os.O_RDWR)		# standard error (2)
 
 	return(0)
 
 
 if __name__ == "__main__":
 	
+	logSys = log4py.Logger().get_instance()
+	logSys.set_formatstring("%T %L %M")
+	
 	try:
-		optList, args = getopt.getopt(sys.argv[1:], 'hvb')
+		optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:')
 	except getopt.GetoptError:
 		usage()
 
-	verbose = False
+	debug = False
+	logFilePath = "/var/log/pwdfail/current"
+	
 	for opt in optList:
 		if opt[0] == "-h":
 			usage()
 		if opt[0] == "-v":
-			verbose = True
+			logSys.set_loglevel(log4py.LOGLEVEL_VERBOSE)
 		if opt[0] == "-b":
 			retCode = createDaemon()
+			logSys.set_target("/tmp/fail2ban.log")
 			if retCode != 0:
-				print "Unable to start daemon"
+				logSys.error("Unable to start daemon")
 				sys.exit(-1)
+		if opt[0] == "-d":
+			debug = True
+			logSys.set_loglevel(log4py.LOGLEVEL_DEBUG)
+			logSys.set_formatstring(log4py.FMT_DEBUG)
+		if opt[0] == "-f":
+			logFilePath = opt[1]
+		if opt[0] == "-l":
+			try:
+				open(opt[1], "a")
+				logSys.set_target(opt[1])
+			except IOError:
+				logSys.error("Unable to log to "+opt[1])
+				logSys.error("Use default output for logging")
 	
 	if not checkForRoot():
-		print "You must be root."
-		#sys.exit(-1)
+		logSys.error("You must be root")
+		if not debug:
+			sys.exit(-1)
 	
-	fireWall = Iptables(600, verbose = verbose)
-	logFile = Metalog("./log-test/test", 600, verbose = verbose)
+	fireWall = Iptables(600, logSys)
+	logFile = Metalog(logFilePath, logSys, 600)
 	
 	logFile.addIgnoreIP("127.0.0.1")
 	
@@ -155,7 +174,7 @@ if __name__ == "__main__":
 			sys.stdout.flush()
 			sys.stderr.flush()
 			
-			fireWall.checkForUnBan()
+			fireWall.checkForUnBan(debug)
 			
 			if not logFile.isModified():
 				time.sleep(1)
@@ -167,10 +186,10 @@ if __name__ == "__main__":
 			for i in range(len(failList)):
 				element = iterFailList.next()
 				if element[1][0] > 2:
-					fireWall.addBanIP(element[0])
+					fireWall.addBanIP(element[0], debug)
 			
 		except KeyboardInterrupt:
-			print 'Restoring iptables...'
-			fireWall.flushBanList()
-			print 'Exiting...'
+			logSys.info("Restoring iptables...")
+			fireWall.flushBanList(debug)
+			logSys.info("Exiting...")
 			sys.exit(0)

From bb896fb391ed6fcb63d256eb4c87702b3b323442 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 12 Oct 2004 21:40:50 +0000
Subject: [PATCH 11/99] - Add a debug message when adding ip to ignore list

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@20 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index 9c134307..1e52ace2 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -36,6 +36,7 @@ class LogReader:
 		self.logSys = logSys
 	
 	def addIgnoreIP(self, ip):
+		self.logSys.debug("Add "+ip+" to ignore list")
 		self.ignoreIpList.append(ip)
 		
 	def inIgnoreIPList(self, ip):

From 4eeb61c0e163a429ffeccfa10fb1270e6af98bd4 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 12 Oct 2004 21:44:09 +0000
Subject: [PATCH 12/99] - Update help message - Add -i option: ignore ip list.
 Space separated ip list - Add -t option: ban time in seconds. 600 to ban ip
 for 10 minutes - Add a info message saying that fail2ban is running

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@21 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 44 +++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 39 insertions(+), 5 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index 895d2092..5b813a3a 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -29,11 +29,28 @@ __license__ = "GPL"
 import posix, time, sys, getopt, os, signal
 import log4py
 
+# Appends our own modules path
+sys.path.append('/usr/lib/fail2ban')
+
 from firewall.iptables import Iptables
 from logreader.metalog import Metalog
+from version import version
 
 def usage():
-	print "fail2ban [-h][-v][-b][-d][-f <pwdfail file>][-l <log file>]"
+	print "Usage: fail2ban.py [OPTIONS]"
+	print
+	print "Fail2Ban v"+version+" reads log file that contains password failure report"
+	print "and bans the corresponding IP address using iptables."
+	print
+	print "  -b         start fail2ban in background"
+	print "  -d         start fail2ban in debug mode"
+	print "  -f <FILE>  read password failure from FILE"
+	print "  -h         display this help message"
+	print "  -l <FILE>  log message in FILE"
+	print "  -t <TIME>  ban IP for TIME seconds"
+	print "  -v         verbose"
+	print
+	print "Report bugs to <lostcontrol@users.sourceforge.net>"
 	sys.exit(0)
 
 def checkForRoot():
@@ -127,12 +144,14 @@ if __name__ == "__main__":
 	logSys.set_formatstring("%T %L %M")
 	
 	try:
-		optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:')
+		optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:t:i:')
 	except getopt.GetoptError:
 		usage()
 
 	debug = False
 	logFilePath = "/var/log/pwdfail/current"
+	banTime = 600
+	ignoreIPList = {}
 	
 	for opt in optList:
 		if opt[0] == "-h":
@@ -157,18 +176,33 @@ if __name__ == "__main__":
 				logSys.set_target(opt[1])
 			except IOError:
 				logSys.error("Unable to log to "+opt[1])
-				logSys.error("Use default output for logging")
+				logSys.error("Using default output for logging")
+		if opt[0] == "-t":
+			try:
+				banTime = int(opt[1])
+			except ValueError:
+				logSys.error("banTime must be an integer")
+				logSys.error("Using default value")
+		if opt[0] == "-i":
+			ignoreIPList = opt[1].split(' ')
 	
 	if not checkForRoot():
 		logSys.error("You must be root")
 		if not debug:
 			sys.exit(-1)
 	
-	fireWall = Iptables(600, logSys)
-	logFile = Metalog(logFilePath, logSys, 600)
+	logSys.debug("logFilePath is "+logFilePath)
+	logSys.debug("BanTime is "+`banTime`)
+	
+	fireWall = Iptables(banTime, logSys)
+	logFile = Metalog(logFilePath, logSys, banTime)
 	
 	logFile.addIgnoreIP("127.0.0.1")
+	while len(ignoreIPList) > 0:
+		ip = ignoreIPList.pop()
+		logFile.addIgnoreIP(ip)
 	
+	logSys.info("Fail2Ban v"+version+" is running")
 	while True:
 		try:
 			sys.stdout.flush()

From 03d73b78f84f717c1c221315f2ed53a4f59b6629 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 12 Oct 2004 21:45:41 +0000
Subject: [PATCH 13/99] - Setup and dist files

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@22 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG  |  12 ++++++
 MANIFEST   |  12 ++++++
 README     | 116 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 setup.cfg  |   5 +++
 setup.py   |  42 +++++++++++++++++++
 version.py |  27 +++++++++++++
 6 files changed, 214 insertions(+)
 create mode 100644 CHANGELOG
 create mode 100644 MANIFEST
 create mode 100644 README
 create mode 100644 setup.cfg
 create mode 100755 setup.py
 create mode 100644 version.py

diff --git a/CHANGELOG b/CHANGELOG
new file mode 100644
index 00000000..23a93525
--- /dev/null
+++ b/CHANGELOG
@@ -0,0 +1,12 @@
+               __      _ _ ___ _               
+              / _|__ _(_) |_  ) |__  __ _ _ _  
+             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
+             |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+=============================================================
+Fail2Ban (version 0.1.0)                           10/12/2004
+=============================================================
+
+ver. 0.1.0 (10/12/2004) - alpha
+----------
+- Initial release
diff --git a/MANIFEST b/MANIFEST
new file mode 100644
index 00000000..233eed8b
--- /dev/null
+++ b/MANIFEST
@@ -0,0 +1,12 @@
+README
+CHANGELOG
+setup.cfg
+setup.py
+version.py
+fail2ban.py
+firewall/__init__.py
+firewall/firewall.py
+firewall/iptables.py
+logreader/__init__.py
+logreader/logreader.py
+logreader/metalog.py
diff --git a/README b/README
new file mode 100644
index 00000000..60c077ef
--- /dev/null
+++ b/README
@@ -0,0 +1,116 @@
+               __      _ _ ___ _               
+              / _|__ _(_) |_  ) |__  __ _ _ _  
+             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
+             |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+=============================================================
+Fail2Ban (version 0.1.0)                           10/12/2004
+=============================================================
+
+Fail2Ban scans log files like /var/log/pwdfail and bans IP
+that makes too much password failures. It updates firewall
+rules to reject the IP address. Currently metalog and
+iptables are supported but it should work with other syslog
+daemons. It needs log4py.
+
+This is my first Python program. I began learning Python for
+less than one week so please be understanding ;-) English is
+not either my mother tongue...
+
+
+More details:
+-------------
+
+Fail2Ban is rather simple. I have a home server connected to
+the Internet which runs apache, samba, sshd, ... I see in my
+logs that people are trying to log into my box using "manual"
+brute force or scripts. They try 10, 20 and sometimes more
+user/password (without success anyway). In order to
+discourage these script kiddies, I wanted that sshd refuse
+login from a specific ip after 3 password failures. After
+some google searches, I found that sshd was not able of that.
+So I search for a script or program that do it. Found
+nothing :-( So I decide to write mine and to learn Python :-)
+
+I read the log file (/var/log/pwdfail/current on metalog) and
+search for line with "Failed password". Then get the ip and
+if it has already done 3 or more password failure in the last
+banTime, I ban the ip for banTime using a iptable rule. After
+banTime, the rule is deleted.
+
+Runs on my server and does its job rather well :-) The idea
+is to make fail2ban usable with most syslog daemons and
+services that require a login (sshd, telnetd, ...). It should
+also support others firewalls than iptables.
+
+
+Installation:
+-------------
+
+Require: python-2.? (http://www.python.org)
+         log4py-1.1 (http://sourceforge.net/projects/log4py)
+
+To install, just do:
+
+> tar xvfj fail2ban-0.1.0.tar.bz2
+> cd fail2ban-0.1.0
+> python setup.py install
+
+Fail2Ban should now be correctly installed. Just type:
+
+> fail2ban.py -h
+
+to see if everything is alright.
+
+
+Configuration:
+--------------
+
+For the time, there is no configuration file. You must use
+commande line options instead. Here are the options:
+
+  -b         start fail2ban in background
+  -d         start fail2ban in debug mode
+  -f <FILE>  read password failure from FILE
+  -h         display this help message
+  -l <FILE>  log message in FILE
+  -t <TIME>  ban IP for TIME seconds
+  -v         verbose
+
+
+Contact:
+--------
+
+You need some new features, you found bugs or you just
+appreciate this program, you can contact me at :
+
+Website: http://www.sourceforge.net/projects/fail2ban
+
+Cyril Jaquier: <lostcontrol@users.sourceforge.net>
+
+
+Thanks:
+-------
+
+Kévin Drapel, Marvin Rouge
+
+
+License:
+--------
+
+Fail2Ban is free software; you can redistribute it
+and/or modify it under the terms of the GNU General Public
+License as published by the Free Software Foundation; either
+version 2 of the License, or (at your option) any later
+version.
+
+Fail2Ban is distributed in the hope that it will be
+useful, but WITHOUT ANY WARRANTY; without even the implied
+warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public
+License along with Fail2Ban; if not, write to the Free
+Software Foundation, Inc., 59 Temple Place, Suite 330,
+Boston, MA  02111-1307  USA
diff --git a/setup.cfg b/setup.cfg
new file mode 100644
index 00000000..fba97f88
--- /dev/null
+++ b/setup.cfg
@@ -0,0 +1,5 @@
+[install]
+install-purelib=/usr/lib/fail2ban
+
+[sdist]
+formats=bztar
diff --git a/setup.py b/setup.py
new file mode 100755
index 00000000..b1eafeda
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+from distutils.core import setup
+from version import version
+
+setup(
+        name = "fail2ban",
+        version = version,
+        description = "Ban IPs that make too much password failure",
+        author = "Cyril Jaquier",
+        author_email = "lostcontrol@users.sourceforge.net",
+        url = "http://www.sourceforge.net/projects/fail2ban",
+        scripts = ['fail2ban.py'],
+        py_modules = ['version'],
+        packages = ['firewall', 'logreader']
+)
\ No newline at end of file
diff --git a/version.py b/version.py
new file mode 100644
index 00000000..41ddf79c
--- /dev/null
+++ b/version.py
@@ -0,0 +1,27 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+version = "0.1.0"
\ No newline at end of file

From 28c1d658a4ae6509efc728381babaa833f0d27bd Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:26:17 +0000
Subject: [PATCH 14/99] - Change to CVS version

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@24 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 version.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.py b/version.py
index 41ddf79c..70ccfc7b 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.1.0"
\ No newline at end of file
+version = "0.1.0-CVS"
\ No newline at end of file

From 1786004c3d67a0426e97b47066e43839c2594afe Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:27:27 +0000
Subject: [PATCH 15/99] - Add logreader/parser.py and logreader/sshd.py -
 Remove logreader/metalog.py

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@25 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 MANIFEST | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/MANIFEST b/MANIFEST
index 233eed8b..a29e9fd1 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -9,4 +9,5 @@ firewall/firewall.py
 firewall/iptables.py
 logreader/__init__.py
 logreader/logreader.py
-logreader/metalog.py
+logreader/parser.py
+logreader/sshd.py

From 3fa88d60a63c80c5ad5a346c28b72210418bb326 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:28:04 +0000
Subject: [PATCH 16/99] - Some small update about current work

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@26 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG | 11 +++++++++++
 README    | 11 +++++++----
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 23a93525..76de70c3 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,17 @@
 Fail2Ban (version 0.1.0)                           10/12/2004
 =============================================================
 
+ver. 0.1.1 (??/??/????) - alpha
+----------
+- Add -r option which allows to set the maximum number of
+  login failures
+- Remove the Metalog class as the log file are not so syslog
+  daemon specific
+- Rewrite log reader to be service centered. Sshd support
+  added. Match "Failed password" and "Illegal user"
+- Code documentation
+
+
 ver. 0.1.0 (10/12/2004) - alpha
 ----------
 - Initial release
diff --git a/README b/README
index 60c077ef..317b34e7 100644
--- a/README
+++ b/README
@@ -9,9 +9,8 @@ Fail2Ban (version 0.1.0)                           10/12/2004
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
 that makes too much password failures. It updates firewall
-rules to reject the IP address. Currently metalog and
-iptables are supported but it should work with other syslog
-daemons. It needs log4py.
+rules to reject the IP address. Currently sshd and iptables
+are supported. It needs log4py.
 
 This is my first Python program. I began learning Python for
 less than one week so please be understanding ;-) English is
@@ -47,7 +46,7 @@ also support others firewalls than iptables.
 Installation:
 -------------
 
-Require: python-2.? (http://www.python.org)
+Require: python-2.2 (http://www.python.org)
          log4py-1.1 (http://sourceforge.net/projects/log4py)
 
 To install, just do:
@@ -56,6 +55,9 @@ To install, just do:
 > cd fail2ban-0.1.0
 > python setup.py install
 
+This will install Fail2Ban into /usr/lib/fail2ban. The
+fail2ban.py executable is placed into /usr/bin.
+
 Fail2Ban should now be correctly installed. Just type:
 
 > fail2ban.py -h
@@ -74,6 +76,7 @@ commande line options instead. Here are the options:
   -f <FILE>  read password failure from FILE
   -h         display this help message
   -l <FILE>  log message in FILE
+  -r <VALUE> allow a max of VALUE password failure
   -t <TIME>  ban IP for TIME seconds
   -v         verbose
 

From 18029d4426dfc2d7818cbd6b48d2bde5efebc533 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:30:25 +0000
Subject: [PATCH 17/99] - Add log4py import exception handling - Remove metalog
 class. Now use LogReader - Add -r option: you can specifie the maximum number
 of login failure before ban - Code comments

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@27 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 54 +++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 44 insertions(+), 10 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index 5b813a3a..5e498085 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -27,13 +27,19 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
 import posix, time, sys, getopt, os, signal
-import log4py
+
+# Checks if log4py is present.
+try:
+	import log4py
+except:
+	print "log4py is needed (see README)"
+	sys.exit(-1)
 
 # Appends our own modules path
 sys.path.append('/usr/lib/fail2ban')
 
 from firewall.iptables import Iptables
-from logreader.metalog import Metalog
+from logreader.logreader import LogReader
 from version import version
 
 def usage():
@@ -47,6 +53,7 @@ def usage():
 	print "  -f <FILE>  read password failure from FILE"
 	print "  -h         display this help message"
 	print "  -l <FILE>  log message in FILE"
+	print "  -r <VALUE> allow a max of VALUE password failure"
 	print "  -t <TIME>  ban IP for TIME seconds"
 	print "  -v         verbose"
 	print
@@ -140,18 +147,22 @@ def createDaemon():
 
 if __name__ == "__main__":
 	
+	# Gets an instance of log4py.
 	logSys = log4py.Logger().get_instance()
 	logSys.set_formatstring("%T %L %M")
 	
-	try:
-		optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:t:i:')
-	except getopt.GetoptError:
-		usage()
-
+	# Initializes some variables.
 	debug = False
 	logFilePath = "/var/log/pwdfail/current"
 	banTime = 600
 	ignoreIPList = {}
+	retryAllowed = 3
+	
+	# Reads the command line options.
+	try:
+		optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:t:i:r:')
+	except getopt.GetoptError:
+		usage()
 	
 	for opt in optList:
 		if opt[0] == "-h":
@@ -185,7 +196,15 @@ if __name__ == "__main__":
 				logSys.error("Using default value")
 		if opt[0] == "-i":
 			ignoreIPList = opt[1].split(' ')
+		if opt[0] == "-r":
+			try:
+				retryAllowed = int(opt[1])
+			except ValueError:
+				logSys.error("retryAllowed must be an integer")
+				logSys.error("Using default value")
 	
+	# Checks for root user. This is necessary because log files
+	# are owned by root and firewall needs root access.
 	if not checkForRoot():
 		logSys.error("You must be root")
 		if not debug:
@@ -193,36 +212,51 @@ if __name__ == "__main__":
 	
 	logSys.debug("logFilePath is "+logFilePath)
 	logSys.debug("BanTime is "+`banTime`)
+	logSys.debug("retryAllowed is "+`retryAllowed`)
 	
+	# Creates one instance of Iptables and one of LogReader.
 	fireWall = Iptables(banTime, logSys)
-	logFile = Metalog(logFilePath, logSys, banTime)
+	logFile = LogReader(logFilePath, logSys, banTime)
 	
+	# We add 127.0.0.1 to the ignore list has we do not want
+	# to be ban ourself.
 	logFile.addIgnoreIP("127.0.0.1")
 	while len(ignoreIPList) > 0:
 		ip = ignoreIPList.pop()
 		logFile.addIgnoreIP(ip)
 	
 	logSys.info("Fail2Ban v"+version+" is running")
+	# Main loop
 	while True:
 		try:
 			sys.stdout.flush()
 			sys.stderr.flush()
 			
+			# Checks if some IP have to be remove from ban
+			# list.
 			fireWall.checkForUnBan(debug)
 			
+			# If the log file has not been modified since the
+			# last time, we sleep for 1 second. This is active
+			# polling so not very effective.
 			if not logFile.isModified():
 				time.sleep(1)
 				continue
 			
+			# Gets the failure list from the log file.
 			failList = logFile.getPwdFailure()
-						
+			
+			# We iterate the failure list and ban IP that make
+			# *retryAllowed* login failures.
 			iterFailList = failList.iteritems()
 			for i in range(len(failList)):
 				element = iterFailList.next()
-				if element[1][0] > 2:
+				if element[1][0] >= retryAllowed:
 					fireWall.addBanIP(element[0], debug)
 			
 		except KeyboardInterrupt:
+			# When the user press <ctrl>+<c> we flush the ban list
+			# and exit nicely.
 			logSys.info("Restoring iptables...")
 			fireWall.flushBanList(debug)
 			logSys.info("Exiting...")

From 3331c9dccbeb6a5b95e8f3a8e2e84e8af5cbda14 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:31:32 +0000
Subject: [PATCH 18/99] - Change executeCmd to private - Code comments

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@28 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/firewall.py | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/firewall/firewall.py b/firewall/firewall.py
index 72ecc7cd..c65fe57c 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -27,6 +27,9 @@ __license__ = "GPL"
 import time, os
 
 class Firewall:
+	""" Manages the ban list and executes the command that ban
+		the IP.
+	"""
 	
 	banList = dict()
 	
@@ -35,26 +38,32 @@ class Firewall:
 		self.logSys = logSys
 	
 	def addBanIP(self, ip, debug):
+		""" Bans an IP.
+		"""
 		if not self.inBanList(ip):
 			self.logSys.info("Ban "+ip)
 			self.banList[ip] = time.time()
-			self.executeCmd(self.banIP(ip), debug)
+			self.__executeCmd(self.banIP(ip), debug)
 		else:
 			self.logSys.info(ip+" already in ban list")
 	
 	def delBanIP(self, ip, debug):
+		""" Unban an IP.
+		"""
 		if self.inBanList(ip):
 			self.logSys.info("Unban "+ip)
 			del self.banList[ip]
-			self.executeCmd(self.unBanIP(ip), debug)
+			self.__executeCmd(self.unBanIP(ip), debug)
 		else:
 			self.logSys.info(ip+" not in ban list")
 	
 	def inBanList(self, ip):
+		""" Checks if IP is in ban list.
+		"""
 		return self.banList.has_key(ip)
 	
 	def checkForUnBan(self, debug):
-		""" Check for user to remove from ban list.
+		""" Check for IP to remove from ban list.
 		"""
 		banListTemp = self.banList.copy()
 		iterBanList = banListTemp.iteritems()
@@ -66,13 +75,18 @@ class Firewall:
 				self.delBanIP(ip, debug)
 	
 	def flushBanList(self, debug):
+		""" Flushes the ban list and of course the firewall rules.
+			Called when fail2ban exits.
+		"""
 		iterBanList = self.banList.iteritems()
 		for i in range(len(self.banList)):
 			element = iterBanList.next()
 			ip = element[0]
 			self.delBanIP(ip, debug)
 	
-	def executeCmd(self, cmd, debug):
+	def __executeCmd(self, cmd, debug):
+		""" Executes an OS command.
+		"""
 		self.logSys.debug(cmd)
 		if not debug:
 			return os.system(cmd)
@@ -80,6 +94,8 @@ class Firewall:
 			return None
 		
 	def viewBanList(self):
+		""" Prints the ban list on screen. Usefull for debugging.
+		"""
 		iterBanList = self.banList.iteritems()
 		for i in range(len(self.banList)):
 			element = iterBanList.next()

From 1070273151dd700dd776fa31e186adaf9f199be1 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:31:53 +0000
Subject: [PATCH 19/99] - Code comments

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@29 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/iptables.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/firewall/iptables.py b/firewall/iptables.py
index c06a2dd3..9983c27a 100644
--- a/firewall/iptables.py
+++ b/firewall/iptables.py
@@ -27,11 +27,22 @@ __license__ = "GPL"
 from firewall import Firewall
 
 class Iptables(Firewall):
+	""" This class contains specific methods and variables for the
+		iptables firewall. Must implements the 'abstracts' methods
+		banIP(ip) and unBanIP(ip).
+		
+		Must adds abstract methods definition:
+		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/266468
+	"""
 	
 	def banIP(self, ip):
+		""" Returns query to ban IP.
+		"""
 		query = "iptables -I INPUT 1 -i eth0 -s "+ip+" -j DROP"
 		return query
 	
 	def unBanIP(self, ip):
+		""" Returns query to unban IP.
+		"""
 		query = "iptables -D INPUT -i eth0 -s "+ip+" -j DROP"
 		return query

From ded1b1492b358dd040f93aeaa6019cb2704913cf Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:34:25 +0000
Subject: [PATCH 20/99] - Remove metalog class. Use now the "service" classes
 (Sshd for the moment) - Code comments

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@30 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 56 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 55 insertions(+), 1 deletion(-)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index 1e52ace2..12a24d85 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -24,9 +24,15 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import os, sys
+import os, sys, time
+
+from sshd import Sshd
 
 class LogReader:
+	""" Reads a log file and reports information about IP that make password
+		failure, bad user or anything else that is considered as doubtful login
+		attempt.	
+	"""
 	
 	def __init__(self, logPath, logSys, findTime = 3600):
 		self.logPath = logPath
@@ -34,15 +40,22 @@ class LogReader:
 		self.ignoreIpList = []
 		self.lastModTime = 0
 		self.logSys = logSys
+		self.parserList = ["Sshd"]
 	
 	def addIgnoreIP(self, ip):
+		""" Adds an IP to the ignore list.
+		"""
 		self.logSys.debug("Add "+ip+" to ignore list")
 		self.ignoreIpList.append(ip)
 		
 	def inIgnoreIPList(self, ip):
+		""" Checks if IP is in the ignore list.
+		"""
 		return ip in self.ignoreIpList
 	
 	def openLogFile(self):
+		""" Opens the log file specified on init.
+		"""
 		try:
 			fileHandler = open(self.logPath)
 		except OSError:
@@ -51,6 +64,8 @@ class LogReader:
 		return fileHandler
 		
 	def isModified(self):
+		""" Checks if the log file has been modified using os.stat().
+		"""
 		try:
 			logStats = os.stat(self.logPath)
 		except OSError:
@@ -64,6 +79,45 @@ class LogReader:
 			self.lastModTime = logStats.st_mtime
 			return True
 	
+	def matchLine(self, line):
+		""" Checks if the line contains a pattern. It does this for all
+			classes specified in *parserList*. We use a singleton to avoid
+			creating/destroying objects too much.
+			
+			Return a dict with the IP and number of retries.
+		"""
+		for i in self.parserList:
+			match = eval(i).getInstance().parseLogLine(line)
+			if match:
+				return match
+		return None
+	
+	def getFailInfo(self, findTime):
+		""" Gets the failed login attempt. Returns a dict() which contains
+			IP and the number of retries.
+		"""
+		ipList = dict()
+		logFile = self.openLogFile()
+		for line in logFile.readlines():
+			match = self.matchLine(line)
+			if match:
+				ip = match[0]
+				unixTime = match[1]
+				if unixTime < time.time()-self.findTime:
+					continue
+				if self.inIgnoreIPList(ip):
+					self.logSys.debug("Ignore "+ip)
+					continue
+				self.logSys.debug("Found "+ip)
+				if ipList.has_key(ip):
+					ipList[ip] = (ipList[ip][0]+1, unixTime)
+				else:
+					ipList[ip] = (1, unixTime)
+		logFile.close()
+		return ipList
+	
 	def getPwdFailure(self):
+		""" Executes the getFailInfo method. Not very usefull...
+		"""
 		failList = self.getFailInfo(self.findTime)
 		return failList

From 052f35eccb2b5294b2f8312dc3f94d55f347a1e1 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:38:22 +0000
Subject: [PATCH 21/99] - Initial import

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@31 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/parser.py | 67 +++++++++++++++++++++++++++++++++++++++++++++
 logreader/sshd.py   | 55 +++++++++++++++++++++++++++++++++++++
 2 files changed, 122 insertions(+)
 create mode 100644 logreader/parser.py
 create mode 100644 logreader/sshd.py

diff --git a/logreader/parser.py b/logreader/parser.py
new file mode 100644
index 00000000..d3067543
--- /dev/null
+++ b/logreader/parser.py
@@ -0,0 +1,67 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import time, re
+
+class Parser:
+    """ This class is the main log parser class. It should be inherited
+        by all the service specific classes.
+    """
+    
+    def getLogMatch(self, pattern, line):
+        """ Returns a match if pattern is found in line.
+        """
+        return re.search(pattern, line)
+        
+    def getLogIPv4(self, line):
+        """ Returns IP if one is found in line. Match IPv4 string.
+        """
+        matchIP = re.search("(?:\d{1,3}\.){3}\d{1,3}", line)
+        if matchIP:
+            return matchIP.group()
+        else:
+            return None
+        
+    def getLogIP(self, line):
+        """ Returns IP if one is found in line.
+        """
+        return self.getLogIPv4(line)
+    
+    def getLogTimeStandard(self, line):
+        """ Returns the log time of line using a standard log format.
+            
+            Format: Oct 14 11:47:08
+        """
+        date = list(time.strptime(line[0:15], "%b %d %H:%M:%S"))
+        date[0] = time.gmtime()[0]
+        unixTime = time.mktime(date)
+        return unixTime
+        
+    def getLogTime(self, line):
+        """ Returns the log time of line.
+        """
+        return self.getLogTimeStandard(line)
+    
\ No newline at end of file
diff --git a/logreader/sshd.py b/logreader/sshd.py
new file mode 100644
index 00000000..2adc87f3
--- /dev/null
+++ b/logreader/sshd.py
@@ -0,0 +1,55 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+from parser import Parser
+
+class Sshd(Parser):
+    """ OpenSSH daemon log parser. Contains specific code for sshd.
+    """
+    
+    _instance = None
+    # This is the pattern to look for.
+    pattern = "Failed password|Illegal user"
+    
+    def getInstance():
+        """ We use a singleton.
+        """
+        if not Sshd._instance:
+            Sshd._instance = Sshd()
+        return Sshd._instance
+                   
+    getInstance = staticmethod(getInstance)
+    
+    def parseLogLine(self, line):
+        """ Matches sshd bad login attempt. Returns the IP and the
+            log time.
+        """
+        if self.getLogMatch(self.pattern, line):
+            matchIP = self.getLogIP(line)
+            if matchIP:
+                return [matchIP, self.getLogTime(line)]
+            else:
+                return False

From d50f1cd0f74eac88b643ad0bda5ced01b71500d9 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 14 Oct 2004 10:39:43 +0000
Subject: [PATCH 22/99] - Remove this file has it is no more necessary.
 Fail2Ban seems to be more services dependant than syslog daemons

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@32 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/metalog.py | 65 --------------------------------------------
 1 file changed, 65 deletions(-)
 delete mode 100644 logreader/metalog.py

diff --git a/logreader/metalog.py b/logreader/metalog.py
deleted file mode 100644
index 31b4d564..00000000
--- a/logreader/metalog.py
+++ /dev/null
@@ -1,65 +0,0 @@
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-# Author: Cyril Jaquier
-# 
-# $Revision$
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
-__license__ = "GPL"
-
-import re, time
-
-from logreader import LogReader
-
-class Metalog(LogReader):
-	
-	def getFailInfo(self, findTime):
-		ipList = dict()
-		logFile = self.openLogFile()
-		for line in logFile.readlines():
-			match = self.parseLogLine(line)
-			if match:
-				ip = match[0]
-				unixTime = match[1]
-				if unixTime < time.time()-self.findTime:
-					continue
-				if self.inIgnoreIPList(ip):
-					self.logSys.debug("Ignore "+ip)
-					continue
-				self.logSys.debug("Found "+ip)
-				if ipList.has_key(ip):
-					ipList[ip] = (ipList[ip][0]+1, unixTime)
-				else:
-					ipList[ip] = (1, unixTime)
-		logFile.close()
-		return ipList
-	
-	def parseLogLine(self, line):
-		""" Match sshd failed password log
-		"""
-		if re.search("Failed password", line):
-			matchIP = re.search("(?:\d{1,3}\.){3}\d{1,3}", line)
-			if matchIP:
-				date = list(time.strptime(line[0:15], "%b %d %H:%M:%S"))
-				date[0] = time.gmtime()[0]
-				unixTime = time.mktime(date)
-				return [matchIP.group(), unixTime]
-			else:
-				return False

From aee13b03ee5d2d106aa3212bbaa35c63880d185f Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 16 Oct 2004 22:16:14 +0000
Subject: [PATCH 23/99] - Default config file

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@33 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/fail2ban.conf.default | 38 ++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 config/fail2ban.conf.default

diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
new file mode 100644
index 00000000..d31c76c4
--- /dev/null
+++ b/config/fail2ban.conf.default
@@ -0,0 +1,38 @@
+# Fail2Ban configuration file
+#
+# $Revision$
+
+[DEFAULT]
+
+# background: true to start fail2ban as a daemon. Output
+# is redirect to logfile.
+background = false
+
+# debug: true to enable debug mode. More verbose output
+# and bypass root user test.
+debug = false
+
+# pwdfailfile: the path of the file which contains the
+# password failure log.
+pwdfailfile = /var/log/pwdfail/current
+
+# logfile: the path of the file for logging messages of
+# fail2ban.
+logfile = /var/log/fail2ban.log
+
+# maxretry: the number of retry before IP gets ban.
+maxretry = 3
+
+# bantime: the number of seconds an IP will be ban.
+bantime = 600
+
+# ignoreip: a space separated list that contains IP which
+# will be ignore by fail2ban. Example:
+# ignoreip = 192.168.0.1 123.45.235.65
+ignoreip = 
+
+# polltime: the number of seconds that fail2ban sleeps
+# between two iteration (check for IP to unban - parse
+# log file). 1 is a good value.
+polltime = 1
+

From f1d7157caedff35d7dee5960f586097e8afd8be8 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 16 Oct 2004 22:17:35 +0000
Subject: [PATCH 24/99] - Add config/fail2ban.conf.default

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@34 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 MANIFEST | 1 +
 1 file changed, 1 insertion(+)

diff --git a/MANIFEST b/MANIFEST
index a29e9fd1..8f0a2b6c 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -11,3 +11,4 @@ logreader/__init__.py
 logreader/logreader.py
 logreader/parser.py
 logreader/sshd.py
+config/fail2ban.conf.default

From 3b7f952cd27417e44c4beda758bd6f474f16f51c Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 16 Oct 2004 22:17:58 +0000
Subject: [PATCH 25/99] - Update installation + configuration instructions

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@35 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 README | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/README b/README
index 317b34e7..4967b25b 100644
--- a/README
+++ b/README
@@ -46,7 +46,7 @@ also support others firewalls than iptables.
 Installation:
 -------------
 
-Require: python-2.2 (http://www.python.org)
+Require: python-2.3 (http://www.python.org)
          log4py-1.1 (http://sourceforge.net/projects/log4py)
 
 To install, just do:
@@ -62,19 +62,24 @@ Fail2Ban should now be correctly installed. Just type:
 
 > fail2ban.py -h
 
-to see if everything is alright.
+to see if everything is alright. You can configure fail2ban
+with a config file. Copy config/fail2ban.conf.default to
+/etc/fail2ban.conf.
 
 
 Configuration:
 --------------
 
-For the time, there is no configuration file. You must use
-commande line options instead. Here are the options:
+You can configure fail2ban using the file /etc/fail2ban.conf
+or using command line options. Command line options override
+the value stored in fail2ban.conf. Here are the command line
+options:
 
   -b         start fail2ban in background
   -d         start fail2ban in debug mode
   -f <FILE>  read password failure from FILE
   -h         display this help message
+  -i <IP(s)> IP(s) to ignore
   -l <FILE>  log message in FILE
   -r <VALUE> allow a max of VALUE password failure
   -t <TIME>  ban IP for TIME seconds

From b9349fd45e97ea1c2724bdc3c2966c784e935c2e Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 16 Oct 2004 22:18:25 +0000
Subject: [PATCH 26/99] - Configuration using /etc/fail2ban.conf

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@36 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG   |   1 +
 fail2ban.py | 186 ++++++++++++++++++++++++++++++++++++++++------------
 2 files changed, 144 insertions(+), 43 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 76de70c3..fb26c30f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -15,6 +15,7 @@ ver. 0.1.1 (??/??/????) - alpha
   daemon specific
 - Rewrite log reader to be service centered. Sshd support
   added. Match "Failed password" and "Illegal user"
+- Add /etc/fail2ban.conf configuration support
 - Code documentation
 
 
diff --git a/fail2ban.py b/fail2ban.py
index 5e498085..9e640895 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -27,6 +27,7 @@ __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
 import posix, time, sys, getopt, os, signal
+from ConfigParser import *
 
 # Checks if log4py is present.
 try:
@@ -52,6 +53,7 @@ def usage():
 	print "  -d         start fail2ban in debug mode"
 	print "  -f <FILE>  read password failure from FILE"
 	print "  -h         display this help message"
+	print "  -i <IP(s)> IP(s) to ignore"
 	print "  -l <FILE>  log message in FILE"
 	print "  -r <VALUE> allow a max of VALUE password failure"
 	print "  -t <TIME>  ban IP for TIME seconds"
@@ -151,12 +153,101 @@ if __name__ == "__main__":
 	logSys = log4py.Logger().get_instance()
 	logSys.set_formatstring("%T %L %M")
 	
-	# Initializes some variables.
-	debug = False
-	logFilePath = "/var/log/pwdfail/current"
-	banTime = 600
-	ignoreIPList = {}
-	retryAllowed = 3
+	# Config file
+	configParser = SafeConfigParser()
+	configParser.read("/etc/fail2ban.conf")
+	
+	conf = dict()
+	conf["verbose"] = False
+	conf["background"] = False
+	conf["debug"] = False
+	conf["pwdfailfile"] = "/var/log/pwdfail/current"
+	conf["logging"] = False
+	conf["logfile"] = "/var/log/fail2ban.log"
+	conf["maxretry"] = 3
+	conf["bantime"] = 600
+	conf["ignoreip"] = ''
+	conf["polltime"] = 1
+	
+	# background
+	try:
+		conf["background"] = configParser.getboolean("DEFAULT", "background")
+	except ValueError:
+		logSys.warn("background option should be a boolean")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("background option not in config file")
+		logSys.warn("Using default value")
+
+	# debug
+	try:
+		conf["debug"] = configParser.getboolean("DEFAULT", "debug")
+	except ValueError:
+		logSys.warn("debug option should be a boolean")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("debug option not in config file")
+		logSys.warn("Using default value")
+	
+	# pwdfailfile
+	try:
+		conf["pwdfailfile"] = configParser.get("DEFAULT", "pwdfailfile")
+	except ValueError:
+		logSys.warn("pwdfailfile option should be a string")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("pwdfailfile option not in config file")
+		logSys.warn("Using default value")
+
+	# logfile
+	try:
+		conf["logfile"] = configParser.get("DEFAULT", "logfile")
+	except ValueError:
+		logSys.warn("logfile option should be a string")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("logfile option not in config file")
+		logSys.warn("Using default value")
+		
+	# maxretry
+	try:
+		conf["maxretry"] = configParser.getint("DEFAULT", "maxretry")
+	except ValueError:
+		logSys.warn("maxretry option should be an integer")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("maxretry option not in config file")
+		logSys.warn("Using default value")
+
+	# bantime
+	try:
+		conf["bantime"] = configParser.getint("DEFAULT", "bantime")
+	except ValueError:
+		logSys.warn("bantime option should be an integer")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("bantime option not in config file")
+		logSys.warn("Using default value")
+
+	# ignoreip
+	try:
+		conf["ignoreip"] = configParser.get("DEFAULT", "ignoreip")
+	except ValueError:
+		logSys.warn("ignoreip option should be a string")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("ignoreip option not in config file")
+		logSys.warn("Using default value")
+		
+	# polltime
+	try:
+		conf["polltime"] = configParser.getint("DEFAULT", "polltime")
+	except ValueError:
+		logSys.warn("polltime option should be an integer")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("polltime option not in config file")
+		logSys.warn("Using default value")
 	
 	# Reads the command line options.
 	try:
@@ -168,55 +259,64 @@ if __name__ == "__main__":
 		if opt[0] == "-h":
 			usage()
 		if opt[0] == "-v":
-			logSys.set_loglevel(log4py.LOGLEVEL_VERBOSE)
+			conf["verbose"] = True
 		if opt[0] == "-b":
+			conf["background"] = True
+		if opt[0] == "-d":
+			conf["debug"] = True
+		if opt[0] == "-f":
+			conf["pwdfailfile"] = opt[1]
+		if opt[0] == "-l":
+			conf["logging"] = True
+			conf["logfile"] = opt[1]
+		if opt[0] == "-t":
+			try:
+				conf["bantime"] = int(opt[1])
+			except ValueError:
+				logSys.warn("banTime must be an integer")
+				logSys.warn("Using default value")
+		if opt[0] == "-i":
+			conf["ignoreip"] = opt[1]
+		if opt[0] == "-r":
+			conf["retrymax"] = int(opt[1])
+
+	# Process some options
+	for c in conf:
+		if c == "verbose" and conf[c]:
+			logSys.set_loglevel(log4py.LOGLEVEL_VERBOSE)
+		elif c == "debug" and conf[c]:
+			logSys.set_loglevel(log4py.LOGLEVEL_DEBUG)
+			logSys.set_formatstring(log4py.FMT_DEBUG)
+		elif c == "background" and conf[c]:
 			retCode = createDaemon()
-			logSys.set_target("/tmp/fail2ban.log")
+			logSys.set_target(conf["logfile"])
 			if retCode != 0:
 				logSys.error("Unable to start daemon")
 				sys.exit(-1)
-		if opt[0] == "-d":
-			debug = True
-			logSys.set_loglevel(log4py.LOGLEVEL_DEBUG)
-			logSys.set_formatstring(log4py.FMT_DEBUG)
-		if opt[0] == "-f":
-			logFilePath = opt[1]
-		if opt[0] == "-l":
+		elif c == "logging" and conf[c]:
 			try:
-				open(opt[1], "a")
-				logSys.set_target(opt[1])
+				open(conf["logfile"], "a")
+				logSys.set_target(conf["logfile"])
 			except IOError:
-				logSys.error("Unable to log to "+opt[1])
-				logSys.error("Using default output for logging")
-		if opt[0] == "-t":
-			try:
-				banTime = int(opt[1])
-			except ValueError:
-				logSys.error("banTime must be an integer")
-				logSys.error("Using default value")
-		if opt[0] == "-i":
-			ignoreIPList = opt[1].split(' ')
-		if opt[0] == "-r":
-			try:
-				retryAllowed = int(opt[1])
-			except ValueError:
-				logSys.error("retryAllowed must be an integer")
-				logSys.error("Using default value")
+				logSys.warn("Unable to log to "+conf["logfile"])
+				logSys.warn("Using default output for logging")
+		elif c == "ignoreip":
+			ignoreIPList = conf[c].split(' ')
 	
 	# Checks for root user. This is necessary because log files
 	# are owned by root and firewall needs root access.
 	if not checkForRoot():
 		logSys.error("You must be root")
-		if not debug:
+		if not conf["debug"]:
 			sys.exit(-1)
 	
-	logSys.debug("logFilePath is "+logFilePath)
-	logSys.debug("BanTime is "+`banTime`)
-	logSys.debug("retryAllowed is "+`retryAllowed`)
+	logSys.debug("logFilePath is "+conf["pwdfailfile"])
+	logSys.debug("BanTime is "+`conf["bantime"]`)
+	logSys.debug("retryAllowed is "+`conf["maxretry"]`)
 	
 	# Creates one instance of Iptables and one of LogReader.
-	fireWall = Iptables(banTime, logSys)
-	logFile = LogReader(logFilePath, logSys, banTime)
+	fireWall = Iptables(conf["bantime"], logSys)
+	logFile = LogReader(conf["pwdfailfile"], logSys, conf["bantime"])
 	
 	# We add 127.0.0.1 to the ignore list has we do not want
 	# to be ban ourself.
@@ -234,13 +334,13 @@ if __name__ == "__main__":
 			
 			# Checks if some IP have to be remove from ban
 			# list.
-			fireWall.checkForUnBan(debug)
+			fireWall.checkForUnBan(conf["debug"])
 			
 			# If the log file has not been modified since the
 			# last time, we sleep for 1 second. This is active
 			# polling so not very effective.
 			if not logFile.isModified():
-				time.sleep(1)
+				time.sleep(conf["polltime"])
 				continue
 			
 			# Gets the failure list from the log file.
@@ -252,12 +352,12 @@ if __name__ == "__main__":
 			for i in range(len(failList)):
 				element = iterFailList.next()
 				if element[1][0] >= retryAllowed:
-					fireWall.addBanIP(element[0], debug)
+					fireWall.addBanIP(element[0], conf["debug"])
 			
 		except KeyboardInterrupt:
 			# When the user press <ctrl>+<c> we flush the ban list
 			# and exit nicely.
 			logSys.info("Restoring iptables...")
-			fireWall.flushBanList(debug)
+			fireWall.flushBanList(conf["debug"])
 			logSys.info("Exiting...")
 			sys.exit(0)

From c7513aba776e81737efbadc07e1f086ace07332e Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 18 Oct 2004 20:50:56 +0000
Subject: [PATCH 27/99] - Fix retryAllowed. It is now conf["maxretry"] - Add
 SIGTERM handler in order to exit properly when in daemon mode

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@37 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/fail2ban.py b/fail2ban.py
index 9e640895..f445b584 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -146,6 +146,15 @@ def createDaemon():
 
 	return(0)
 
+def sigTERMhandler(signum, frame):
+	""" Handles the TERM signal when in daemon mode in order to
+		exit properly.
+	"""
+	logSys.debug("Signal handler called with sig "+`signum`)
+	logSys.info("Restoring iptables...")
+	fireWall.flushBanList(conf["debug"])
+	logSys.info("Exiting...")
+	sys.exit(0)
 
 if __name__ == "__main__":
 	
@@ -289,6 +298,7 @@ if __name__ == "__main__":
 			logSys.set_formatstring(log4py.FMT_DEBUG)
 		elif c == "background" and conf[c]:
 			retCode = createDaemon()
+			signal.signal(signal.SIGTERM, sigTERMhandler)
 			logSys.set_target(conf["logfile"])
 			if retCode != 0:
 				logSys.error("Unable to start daemon")
@@ -351,7 +361,7 @@ if __name__ == "__main__":
 			iterFailList = failList.iteritems()
 			for i in range(len(failList)):
 				element = iterFailList.next()
-				if element[1][0] >= retryAllowed:
+				if element[1][0] >= conf["maxretry"]:
 					fireWall.addBanIP(element[0], conf["debug"])
 			
 		except KeyboardInterrupt:

From f3dd99da0c9c49f775f29b1f2b91074d7571d599 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 18 Oct 2004 20:54:29 +0000
Subject: [PATCH 28/99] - Add SIGTERM handler

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@38 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index fb26c30f..448f24c6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -9,6 +9,8 @@ Fail2Ban (version 0.1.0)                           10/12/2004
 
 ver. 0.1.1 (??/??/????) - alpha
 ----------
+- Add SIGTERM handler in order to exit nicely when in daemon
+  mode
 - Add -r option which allows to set the maximum number of
   login failures
 - Remove the Metalog class as the log file are not so syslog

From 6930f5c0c3ae309b41f3e6958601cc1082b38b5c Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 23 Oct 2004 08:42:53 +0000
Subject: [PATCH 29/99] - Version 0.1.1. This is the first beta release

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@39 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG  | 4 ++--
 README     | 6 +++---
 version.py | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 448f24c6..ce24c846 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,10 +4,10 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.1.0)                           10/12/2004
+Fail2Ban (version 0.1.1)                           10/23/2004
 =============================================================
 
-ver. 0.1.1 (??/??/????) - alpha
+ver. 0.1.1 (10/23/2004) - beta
 ----------
 - Add SIGTERM handler in order to exit nicely when in daemon
   mode
diff --git a/README b/README
index 4967b25b..cd32f9a1 100644
--- a/README
+++ b/README
@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.1.0)                           10/12/2004
+Fail2Ban (version 0.1.1)                           10/23/2004
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -51,8 +51,8 @@ Require: python-2.3 (http://www.python.org)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.1.0.tar.bz2
-> cd fail2ban-0.1.0
+> tar xvfj fail2ban-0.1.1.tar.bz2
+> cd fail2ban-0.1.1
 > python setup.py install
 
 This will install Fail2Ban into /usr/lib/fail2ban. The
diff --git a/version.py b/version.py
index 70ccfc7b..d83fb7b4 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.1.0-CVS"
\ No newline at end of file
+version = "0.1.1"

From 01a53b045b783fa9f0c2bf398e90764c62e6e9ac Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 6 Nov 2004 14:02:07 +0000
Subject: [PATCH 30/99] - Add interface parameter

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@41 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/firewall.py | 3 ++-
 firewall/iptables.py | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/firewall/firewall.py b/firewall/firewall.py
index c65fe57c..38782bde 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -33,9 +33,10 @@ class Firewall:
 	
 	banList = dict()
 	
-	def __init__(self, banTime, logSys):
+	def __init__(self, banTime, logSys, interface):
 		self.banTime = banTime
 		self.logSys = logSys
+		self.interface = interface
 	
 	def addBanIP(self, ip, debug):
 		""" Bans an IP.
diff --git a/firewall/iptables.py b/firewall/iptables.py
index 9983c27a..7b78c69c 100644
--- a/firewall/iptables.py
+++ b/firewall/iptables.py
@@ -38,11 +38,11 @@ class Iptables(Firewall):
 	def banIP(self, ip):
 		""" Returns query to ban IP.
 		"""
-		query = "iptables -I INPUT 1 -i eth0 -s "+ip+" -j DROP"
+		query = "iptables -I INPUT 1 -i "+self.interface+" -s "+ip+" -j DROP"
 		return query
 	
 	def unBanIP(self, ip):
 		""" Returns query to unban IP.
 		"""
-		query = "iptables -D INPUT -i eth0 -s "+ip+" -j DROP"
+		query = "iptables -D INPUT -i "+self.interface+" -s "+ip+" -j DROP"
 		return query

From 4d098fbd7a3b445c44a61e8feef953207773a3e7 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 6 Nov 2004 14:02:27 +0000
Subject: [PATCH 31/99] - Initial import

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@42 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/ipfw.py    | 59 +++++++++++++++++++++++++++++++++++++++++++++
 firewall/ipfwadm.py | 48 ++++++++++++++++++++++++++++++++++++
 2 files changed, 107 insertions(+)
 create mode 100644 firewall/ipfw.py
 create mode 100644 firewall/ipfwadm.py

diff --git a/firewall/ipfw.py b/firewall/ipfw.py
new file mode 100644
index 00000000..c8cd3cba
--- /dev/null
+++ b/firewall/ipfw.py
@@ -0,0 +1,59 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import os
+
+from firewall import Firewall
+
+class Ipfw(Firewall):
+	""" This class contains specific methods and variables for the
+		iptables firewall. Must implements the 'abstracts' methods
+		banIP(ip) and unBanIP(ip).
+		
+		Must adds abstract methods definition:
+		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/266468
+	"""
+	
+	def banIP(self, ip):
+		""" Returns query to ban IP.
+		"""
+		query = "ipfw -q add deny ip from "+ip+" to any"
+		return query
+	
+	def unBanIP(self, ip):
+		""" Returns query to unban IP.
+		"""
+		ruleNbr = str(self.__findRuleNumber(ip))
+		query = "ipfw -q delete "+ruleNbr
+		return query
+		
+	def __findRuleNumber(self, ip):
+		""" Uses shell commands in order to find the rule
+			number we want to delete.
+		"""
+		output = os.popen("ipfw list|grep \"from "+ip+" to\"|awk '{print $1}'",
+						  "r");
+		return output.read()
diff --git a/firewall/ipfwadm.py b/firewall/ipfwadm.py
new file mode 100644
index 00000000..cfdccbd8
--- /dev/null
+++ b/firewall/ipfwadm.py
@@ -0,0 +1,48 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+from firewall import Firewall
+
+class Ipfwadm(Firewall):
+	""" This class contains specific methods and variables for the
+		iptables firewall. Must implements the 'abstracts' methods
+		banIP(ip) and unBanIP(ip).
+		
+		Must adds abstract methods definition:
+		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/266468
+	"""
+	
+	def banIP(self, ip):
+		""" Returns query to ban IP.
+		"""
+		query = "ipfwadm -I -a deny -W "+self.interface+" -S "+ip
+		return query
+	
+	def unBanIP(self, ip):
+		""" Returns query to unban IP.
+		"""
+		query = "ipfwadm -I -d deny -W "+self.interface+" -S "+ip
+		return query

From fabe6e59b4addad1ca214844cee52c46a6942aab Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 6 Nov 2004 14:03:17 +0000
Subject: [PATCH 32/99] - Add firewall and interface options

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@43 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/fail2ban.conf.default | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index d31c76c4..c1bb16f7 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -4,6 +4,10 @@
 
 [DEFAULT]
 
+# firewall: select the firewall system to use. Actually,
+# the available options are: iptables, ipfwadm, ipfw
+firewall = iptables
+
 # background: true to start fail2ban as a daemon. Output
 # is redirect to logfile.
 background = false
@@ -31,6 +35,10 @@ bantime = 600
 # ignoreip = 192.168.0.1 123.45.235.65
 ignoreip = 
 
+# interface: the interface name on which the IP will be
+# banned.
+interface = eth0
+
 # polltime: the number of seconds that fail2ban sleeps
 # between two iteration (check for IP to unban - parse
 # log file). 1 is a good value.

From 8598ff231516722637a42ecb5d6ebff2896c32ca Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 6 Nov 2004 14:03:43 +0000
Subject: [PATCH 33/99] - Change to CVS version

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@44 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 version.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.py b/version.py
index d83fb7b4..cc87ea49 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.1.1"
+version = "0.1.1-CVS"

From 88313ea6118da7f75b03d52d89ae2b7ba718c3d7 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 6 Nov 2004 14:04:34 +0000
Subject: [PATCH 34/99] - Add firewall/ipfw.py and firewall/ipfwadm.py

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@45 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 MANIFEST | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MANIFEST b/MANIFEST
index 8f0a2b6c..f52e1848 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -7,6 +7,8 @@ fail2ban.py
 firewall/__init__.py
 firewall/firewall.py
 firewall/iptables.py
+firewall/ipfw.py
+firewall/ipfwadm.py
 logreader/__init__.py
 logreader/logreader.py
 logreader/parser.py

From f1770f937b1d090d894f6980a79dc1494aaff583 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 6 Nov 2004 14:05:09 +0000
Subject: [PATCH 35/99] - Update current changes

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@46 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index ce24c846..eabe886a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,14 @@
 Fail2Ban (version 0.1.1)                           10/23/2004
 =============================================================
 
+ver. 0.?.? (??/??/2004) - ???
+----------
+- Add ipfw and ipfwadm support. The rules are taken from
+  BlockIt. Thanks to Robert Edeker
+- Add -e option which allows to set the interface. Thanks to
+  Robert Edeker who reminded me this
+- Small code cleaning
+
 ver. 0.1.1 (10/23/2004) - beta
 ----------
 - Add SIGTERM handler in order to exit nicely when in daemon

From 11330ff944ca27350bf944f99f4abc745d5a5656 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 6 Nov 2004 14:06:06 +0000
Subject: [PATCH 36/99] - Fail2ban now support ipfw and ipfwadm - New options

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@47 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 README | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/README b/README
index cd32f9a1..03303a35 100644
--- a/README
+++ b/README
@@ -9,8 +9,8 @@ Fail2Ban (version 0.1.1)                           10/23/2004
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
 that makes too much password failures. It updates firewall
-rules to reject the IP address. Currently sshd and iptables
-are supported. It needs log4py.
+rules to reject the IP address. Currently sshd, iptables,
+ipfw and ipfwadm are supported. It needs log4py.
 
 This is my first Python program. I began learning Python for
 less than one week so please be understanding ;-) English is
@@ -32,10 +32,11 @@ So I search for a script or program that do it. Found
 nothing :-( So I decide to write mine and to learn Python :-)
 
 I read the log file (/var/log/pwdfail/current on metalog) and
-search for line with "Failed password". Then get the ip and
-if it has already done 3 or more password failure in the last
-banTime, I ban the ip for banTime using a iptable rule. After
-banTime, the rule is deleted.
+search for a given pattern which indicates a login attempt.
+Then I get the ip and if it has already done 3 or more
+password failure in the last banTime, I ban the ip for
+banTime using a iptable rule. After banTime, the rule is
+deleted.
 
 Runs on my server and does its job rather well :-) The idea
 is to make fail2ban usable with most syslog daemons and
@@ -77,6 +78,7 @@ options:
 
   -b         start fail2ban in background
   -d         start fail2ban in debug mode
+  -e <INTF>  ban IP on the INTF interface
   -f <FILE>  read password failure from FILE
   -h         display this help message
   -i <IP(s)> IP(s) to ignore
@@ -84,7 +86,8 @@ options:
   -r <VALUE> allow a max of VALUE password failure
   -t <TIME>  ban IP for TIME seconds
   -v         verbose
-
+  -w <FIWA>  select the firewall to use. Can be iptables,
+             ipfwadm or ipfw
 
 Contact:
 --------
@@ -100,7 +103,7 @@ Cyril Jaquier: <lostcontrol@users.sourceforge.net>
 Thanks:
 -------
 
-Kévin Drapel, Marvin Rouge
+Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker
 
 
 License:

From a562542523889073f037e76aa174c3105611a10b Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 6 Nov 2004 14:08:04 +0000
Subject: [PATCH 37/99] - Remove posix from import - Update help message - Add
 support for multiple firewall class. It is now really simple to add new ones
 - Add support for interface selection

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@48 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 51 ++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 46 insertions(+), 5 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index f445b584..9ed5738a 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -26,7 +26,7 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import posix, time, sys, getopt, os, signal
+import time, sys, getopt, os, signal, string
 from ConfigParser import *
 
 # Checks if log4py is present.
@@ -40,6 +40,8 @@ except:
 sys.path.append('/usr/lib/fail2ban')
 
 from firewall.iptables import Iptables
+from firewall.ipfw import Ipfw
+from firewall.ipfwadm import Ipfwadm
 from logreader.logreader import LogReader
 from version import version
 
@@ -51,6 +53,7 @@ def usage():
 	print
 	print "  -b         start fail2ban in background"
 	print "  -d         start fail2ban in debug mode"
+	print "  -e <INTF>  ban IP on the INTF interface"
 	print "  -f <FILE>  read password failure from FILE"
 	print "  -h         display this help message"
 	print "  -i <IP(s)> IP(s) to ignore"
@@ -58,6 +61,8 @@ def usage():
 	print "  -r <VALUE> allow a max of VALUE password failure"
 	print "  -t <TIME>  ban IP for TIME seconds"
 	print "  -v         verbose"
+	print "  -w <FIWA>  select the firewall to use. Can be iptables,"
+	print "             ipfwadm or ipfw"
 	print
 	print "Report bugs to <lostcontrol@users.sourceforge.net>"
 	sys.exit(0)
@@ -65,7 +70,7 @@ def usage():
 def checkForRoot():
 	""" Check for root user.
 	"""
-	uid = `posix.getuid()`
+	uid = `os.getuid()`
 	if uid == '0':
 		return True
 	else:
@@ -176,6 +181,8 @@ if __name__ == "__main__":
 	conf["maxretry"] = 3
 	conf["bantime"] = 600
 	conf["ignoreip"] = ''
+	conf["interface"] = "eth0"
+	conf["firewall"] = "iptables"
 	conf["polltime"] = 1
 	
 	# background
@@ -248,6 +255,26 @@ if __name__ == "__main__":
 		logSys.warn("ignoreip option not in config file")
 		logSys.warn("Using default value")
 		
+	# interface
+	try:
+		conf["interface"] = configParser.get("DEFAULT", "interface")
+	except ValueError:
+		logSys.warn("interface option should be a string")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("interface option not in config file")
+		logSys.warn("Using default value")
+		
+	# interface
+	try:
+		conf["firewall"] = configParser.get("DEFAULT", "firewall")
+	except ValueError:
+		logSys.warn("firewall option should be a string")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("firewall option not in config file")
+		logSys.warn("Using default value")
+
 	# polltime
 	try:
 		conf["polltime"] = configParser.getint("DEFAULT", "polltime")
@@ -260,7 +287,7 @@ if __name__ == "__main__":
 	
 	# Reads the command line options.
 	try:
-		optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:t:i:r:')
+		optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:t:i:r:e:w:')
 	except getopt.GetoptError:
 		usage()
 	
@@ -273,6 +300,8 @@ if __name__ == "__main__":
 			conf["background"] = True
 		if opt[0] == "-d":
 			conf["debug"] = True
+		if opt[0] == "-e":
+			conf["interface"] = opt[1]
 		if opt[0] == "-f":
 			conf["pwdfailfile"] = opt[1]
 		if opt[0] == "-l":
@@ -288,6 +317,8 @@ if __name__ == "__main__":
 			conf["ignoreip"] = opt[1]
 		if opt[0] == "-r":
 			conf["retrymax"] = int(opt[1])
+		if opt[0] == "-w":
+			conf["firewall"] = opt[1]
 
 	# Process some options
 	for c in conf:
@@ -312,6 +343,14 @@ if __name__ == "__main__":
 				logSys.warn("Using default output for logging")
 		elif c == "ignoreip":
 			ignoreIPList = conf[c].split(' ')
+		elif c == "firewall":
+			conf[c] = string.lower(conf[c])
+			if conf[c] == "ipfw":
+				fireWallName = "Ipfw"
+			elif conf[c] == "ipfwadm":
+				fireWallName = "Ipfwadm"
+			else:
+				fireWallName = "Iptables"
 	
 	# Checks for root user. This is necessary because log files
 	# are owned by root and firewall needs root access.
@@ -324,8 +363,10 @@ if __name__ == "__main__":
 	logSys.debug("BanTime is "+`conf["bantime"]`)
 	logSys.debug("retryAllowed is "+`conf["maxretry"]`)
 	
-	# Creates one instance of Iptables and one of LogReader.
-	fireWall = Iptables(conf["bantime"], logSys)
+	# Creates one instance of Iptables (thanks to Pyhton dynamic
+	# features) and one of LogReader.
+	fireWallObj = eval(fireWallName)
+	fireWall = fireWallObj(conf["bantime"], logSys, conf["interface"])
 	logFile = LogReader(conf["pwdfailfile"], logSys, conf["bantime"])
 	
 	# We add 127.0.0.1 to the ignore list has we do not want

From 2c778a9b76bd0f7e69c9366fc52e4b2fd9ec6676 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 21 Nov 2004 09:29:11 +0000
Subject: [PATCH 38/99] - Version 0.1.2. Second beta version

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@49 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG  | 4 ++--
 README     | 4 ++--
 version.py | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index eabe886a..c71f9a0e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,10 +4,10 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.1.1)                           10/23/2004
+Fail2Ban (version 0.1.2)                           11/21/2004
 =============================================================
 
-ver. 0.?.? (??/??/2004) - ???
+ver. 0.1.2 (11/21/2004) - beta
 ----------
 - Add ipfw and ipfwadm support. The rules are taken from
   BlockIt. Thanks to Robert Edeker
diff --git a/README b/README
index 03303a35..14a23b02 100644
--- a/README
+++ b/README
@@ -52,8 +52,8 @@ Require: python-2.3 (http://www.python.org)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.1.1.tar.bz2
-> cd fail2ban-0.1.1
+> tar xvfj fail2ban-0.1.2.tar.bz2
+> cd fail2ban-0.1.2
 > python setup.py install
 
 This will install Fail2Ban into /usr/lib/fail2ban. The
diff --git a/version.py b/version.py
index cc87ea49..cbfd96b8 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.1.1-CVS"
+version = "0.1.2"

From 2e5bfe5bb640c3aaefe7310f68c9144baf935b97 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 18 Feb 2005 13:30:54 +0000
Subject: [PATCH 39/99] - Changed Fail2Ban in order to handle several log files

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@50 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG                                     |   8 +-
 MANIFEST                                      |   3 +-
 README                                        |   2 +-
 config/fail2ban.conf.default                  |  41 ++++++-
 confreader/__init__.py                        |  25 +++++
 .../sshd.py => confreader/configreader.py     |  50 ++++-----
 fail2ban.py                                   |  77 +++++++------
 log-test/apache                               | 102 ++++++++++++++++++
 log-test/current                              |   9 +-
 log-test/test                                 |   9 +-
 logreader/logreader.py                        |  70 ++++++------
 logreader/parser.py                           |  67 ------------
 setup.py                                      |   2 +-
 version.py                                    |   2 +-
 14 files changed, 298 insertions(+), 169 deletions(-)
 create mode 100644 confreader/__init__.py
 rename logreader/sshd.py => confreader/configreader.py (53%)
 create mode 100644 log-test/apache
 delete mode 100644 logreader/parser.py

diff --git a/CHANGELOG b/CHANGELOG
index c71f9a0e..d954dec9 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,9 +4,15 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.1.2)                           11/21/2004
+Fail2Ban (version 0.3.0)                           02/??/2005
 =============================================================
 
+ver. 0.3.0 (02/??/2005) - alpha
+----------
+- Re-writting of parts of the code in order to handle several
+  log files with different rules
+- Removed sshd.py because it is no more needed
+
 ver. 0.1.2 (11/21/2004) - beta
 ----------
 - Add ipfw and ipfwadm support. The rules are taken from
diff --git a/MANIFEST b/MANIFEST
index f52e1848..d31f45f5 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -12,5 +12,6 @@ firewall/ipfwadm.py
 logreader/__init__.py
 logreader/logreader.py
 logreader/parser.py
-logreader/sshd.py
+confreader/__init__.py
+confreader/configreader.py
 config/fail2ban.conf.default
diff --git a/README b/README
index 14a23b02..30b27060 100644
--- a/README
+++ b/README
@@ -79,7 +79,7 @@ options:
   -b         start fail2ban in background
   -d         start fail2ban in debug mode
   -e <INTF>  ban IP on the INTF interface
-  -f <FILE>  read password failure from FILE
+  -c <FILE>  read configuration file FILE
   -h         display this help message
   -i <IP(s)> IP(s) to ignore
   -l <FILE>  log message in FILE
diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index c1bb16f7..3a4e79cc 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -16,10 +16,6 @@ background = false
 # and bypass root user test.
 debug = false
 
-# pwdfailfile: the path of the file which contains the
-# password failure log.
-pwdfailfile = /var/log/pwdfail/current
-
 # logfile: the path of the file for logging messages of
 # fail2ban.
 logfile = /var/log/fail2ban.log
@@ -44,3 +40,40 @@ interface = eth0
 # log file). 1 is a good value.
 polltime = 1
 
+# You can define a new section for each log file to check for
+# password failure.
+
+[Apache]
+# logfile: file to monitor.
+logfile = log-test/apache
+
+# timeregex: regular expression which have to match the
+# timestamp of an Apache log event.
+# [Wed Jan 05 15:08:01 2005]
+timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
+
+# timepattern: indicates the "timeregex" fields signification.
+# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
+timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
+
+# failregex: regular expression which have to match the
+# message written in the log file in case of password failure.
+failregex = authentication failure
+
+[SSH]
+# logfile: file to monitor.
+logfile = log-test/current
+
+# timeregex: regular expression which have to match the
+# timestamp of an Apache log event.
+# Mar  7 17:53:28
+timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+
+# timepattern: indicates the "timeregex" fields signification.
+# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
+timepattern = %%b %%d %%H:%%M:%%S
+
+# failregex: regular expression which have to match the
+# message written in the log file in case of password failure.
+failregex = Authentication failure
+
diff --git a/confreader/__init__.py b/confreader/__init__.py
new file mode 100644
index 00000000..76dba873
--- /dev/null
+++ b/confreader/__init__.py
@@ -0,0 +1,25 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
\ No newline at end of file
diff --git a/logreader/sshd.py b/confreader/configreader.py
similarity index 53%
rename from logreader/sshd.py
rename to confreader/configreader.py
index 2adc87f3..5f8679dd 100644
--- a/logreader/sshd.py
+++ b/confreader/configreader.py
@@ -24,32 +24,34 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-from parser import Parser
+import os, sys, time
 
-class Sshd(Parser):
-    """ OpenSSH daemon log parser. Contains specific code for sshd.
+from ConfigParser import *
+
+class ConfigReader:
+    """ Reads a log file and reports information about IP that make password
+        failure, bad user or anything else that is considered as doubtful login
+        attempt.    
     """
     
-    _instance = None
-    # This is the pattern to look for.
-    pattern = "Failed password|Illegal user"
+    optionValues = ("logfile", "timeregex", "timepattern", "failregex")
+    
+    def __init__(self, confPath):
+        self.confPath = confPath
+        self.configParser = SafeConfigParser()
+        
+    def openConf(self):
+        self.configParser.read(self.confPath)
+    
+    def getSections(self):
+        return self.configParser.sections()
+        
+    def getLogOptions(self, sec):
+        values = dict()
+        for option in self.optionValues:
+            v = self.configParser.get(sec, option)
+            values[option] = v
+        return values
+        
     
-    def getInstance():
-        """ We use a singleton.
-        """
-        if not Sshd._instance:
-            Sshd._instance = Sshd()
-        return Sshd._instance
-                   
-    getInstance = staticmethod(getInstance)
     
-    def parseLogLine(self, line):
-        """ Matches sshd bad login attempt. Returns the IP and the
-            log time.
-        """
-        if self.getLogMatch(self.pattern, line):
-            matchIP = self.getLogIP(line)
-            if matchIP:
-                return [matchIP, self.getLogTime(line)]
-            else:
-                return False
diff --git a/fail2ban.py b/fail2ban.py
index 9ed5738a..a7adfd2d 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -44,6 +44,7 @@ from firewall.ipfw import Ipfw
 from firewall.ipfwadm import Ipfwadm
 from logreader.logreader import LogReader
 from version import version
+from confreader.configreader import ConfigReader
 
 def usage():
 	print "Usage: fail2ban.py [OPTIONS]"
@@ -54,7 +55,7 @@ def usage():
 	print "  -b         start fail2ban in background"
 	print "  -d         start fail2ban in debug mode"
 	print "  -e <INTF>  ban IP on the INTF interface"
-	print "  -f <FILE>  read password failure from FILE"
+	print "  -c <FILE>  read configuration file FILE"
 	print "  -h         display this help message"
 	print "  -i <IP(s)> IP(s) to ignore"
 	print "  -l <FILE>  log message in FILE"
@@ -167,15 +168,12 @@ if __name__ == "__main__":
 	logSys = log4py.Logger().get_instance()
 	logSys.set_formatstring("%T %L %M")
 	
-	# Config file
-	configParser = SafeConfigParser()
-	configParser.read("/etc/fail2ban.conf")
-	
 	conf = dict()
 	conf["verbose"] = False
 	conf["background"] = False
 	conf["debug"] = False
-	conf["pwdfailfile"] = "/var/log/pwdfail/current"
+	conf["conffile"] = "/etc/fail2ban.conf"
+	conf["apachefile"] = "log-test/current"
 	conf["logging"] = False
 	conf["logfile"] = "/var/log/fail2ban.log"
 	conf["maxretry"] = 3
@@ -185,6 +183,21 @@ if __name__ == "__main__":
 	conf["firewall"] = "iptables"
 	conf["polltime"] = 1
 	
+	# Reads the command line options.
+	try:
+		optList, args = getopt.getopt(sys.argv[1:], 'hvbdc:l:t:i:r:e:w:')
+	except getopt.GetoptError:
+		usage()
+	
+	# Pre-parsing of command line options for the -c option
+	for opt in optList:
+		if opt[0] == "-c":
+			conf["conffile"] = opt[1]
+	
+	# Config file
+	configParser = SafeConfigParser()
+	configParser.read(conf["conffile"])
+	
 	# background
 	try:
 		conf["background"] = configParser.getboolean("DEFAULT", "background")
@@ -204,16 +217,6 @@ if __name__ == "__main__":
 	except NoOptionError:
 		logSys.warn("debug option not in config file")
 		logSys.warn("Using default value")
-	
-	# pwdfailfile
-	try:
-		conf["pwdfailfile"] = configParser.get("DEFAULT", "pwdfailfile")
-	except ValueError:
-		logSys.warn("pwdfailfile option should be a string")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("pwdfailfile option not in config file")
-		logSys.warn("Using default value")
 
 	# logfile
 	try:
@@ -265,7 +268,7 @@ if __name__ == "__main__":
 		logSys.warn("interface option not in config file")
 		logSys.warn("Using default value")
 		
-	# interface
+	# firewall
 	try:
 		conf["firewall"] = configParser.get("DEFAULT", "firewall")
 	except ValueError:
@@ -285,12 +288,6 @@ if __name__ == "__main__":
 		logSys.warn("polltime option not in config file")
 		logSys.warn("Using default value")
 	
-	# Reads the command line options.
-	try:
-		optList, args = getopt.getopt(sys.argv[1:], 'hvbdf:l:t:i:r:e:w:')
-	except getopt.GetoptError:
-		usage()
-	
 	for opt in optList:
 		if opt[0] == "-h":
 			usage()
@@ -302,8 +299,6 @@ if __name__ == "__main__":
 			conf["debug"] = True
 		if opt[0] == "-e":
 			conf["interface"] = opt[1]
-		if opt[0] == "-f":
-			conf["pwdfailfile"] = opt[1]
 		if opt[0] == "-l":
 			conf["logging"] = True
 			conf["logfile"] = opt[1]
@@ -359,22 +354,35 @@ if __name__ == "__main__":
 		if not conf["debug"]:
 			sys.exit(-1)
 	
-	logSys.debug("logFilePath is "+conf["pwdfailfile"])
+	logSys.debug("ConfFile is "+conf["conffile"])
 	logSys.debug("BanTime is "+`conf["bantime"]`)
 	logSys.debug("retryAllowed is "+`conf["maxretry"]`)
 	
+	# Reads the config file and create a LogReader instance for
+	# each log file to check.
+	confReader = ConfigReader(conf["conffile"]);
+	confReader.openConf()
+	logList = list()
+	for t in confReader.getSections():
+		l = confReader.getLogOptions(t)
+		lObj = LogReader(logSys, l["logfile"], l["timeregex"],
+						l["timepattern"], l["failregex"])
+		lObj.openLogFile()
+		logList.append(lObj)
+	
 	# Creates one instance of Iptables (thanks to Pyhton dynamic
 	# features) and one of LogReader.
 	fireWallObj = eval(fireWallName)
 	fireWall = fireWallObj(conf["bantime"], logSys, conf["interface"])
-	logFile = LogReader(conf["pwdfailfile"], logSys, conf["bantime"])
 	
 	# We add 127.0.0.1 to the ignore list has we do not want
 	# to be ban ourself.
-	logFile.addIgnoreIP("127.0.0.1")
+	for element in logList:
+		element.addIgnoreIP("127.0.0.1")
 	while len(ignoreIPList) > 0:
 		ip = ignoreIPList.pop()
-		logFile.addIgnoreIP(ip)
+		for element in logList:
+			element.addIgnoreIP(ip)
 	
 	logSys.info("Fail2Ban v"+version+" is running")
 	# Main loop
@@ -390,12 +398,19 @@ if __name__ == "__main__":
 			# If the log file has not been modified since the
 			# last time, we sleep for 1 second. This is active
 			# polling so not very effective.
-			if not logFile.isModified():
+			isModified = False
+			for element in logList:
+				if element.isModified():
+					isModified = True
+			
+			if not isModified:
 				time.sleep(conf["polltime"])
 				continue
 			
 			# Gets the failure list from the log file.
-			failList = logFile.getPwdFailure()
+			failList = dict()
+			for element in logList:
+				failList.update(element.getFailures())
 			
 			# We iterate the failure list and ban IP that make
 			# *retryAllowed* login failures.
diff --git a/log-test/apache b/log-test/apache
new file mode 100644
index 00000000..35248fd2
--- /dev/null
+++ b/log-test/apache
@@ -0,0 +1,102 @@
+[Mon Jan 03 05:02:15 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
+[Mon Jan 03 05:02:20 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
+[Mon Jan 03 05:02:20 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
+[Mon Jan 03 05:02:21 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
+[Mon Jan 03 05:02:22 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
+[Mon Jan 03 05:02:22 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
+[Mon Jan 03 05:02:22 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
+[Mon Jan 03 05:02:22 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/\xe0
+[Mon Jan 03 05:02:23 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msdac
+[Mon Jan 03 05:02:23 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msdac
+[Mon Jan 03 05:02:24 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/PBServer
+[Mon Jan 03 05:02:24 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/PBServer
+[Mon Jan 03 05:02:27 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/Rpc
+[Mon Jan 03 05:02:27 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/Rpc
+[Mon Jan 03 05:02:27 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/samples
+[Mon Jan 03 05:02:27 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/samples
+[Mon Jan 03 05:02:28 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts..\xc1\x9c..
+[Mon Jan 03 05:02:28 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:28 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:28 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:32 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:32 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:33 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:33 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:33 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:34 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:34 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:38 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:38 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:38 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:38 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:39 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 05:02:39 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/scripts
+[Mon Jan 03 11:08:29 2005] [error] [client 128.178.150.127] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Mon Jan 03 20:08:52 2005] [error] [client 83.76.202.195] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:19:50 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:19:55 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:01 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:05 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:08 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:12 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:16 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:22 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:26 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:28 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 15:20:38 2005] [error] [client 213.221.138.70] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 20:54:59 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 20:55:04 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 20:55:29 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 21:34:29 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Tue Jan 04 21:34:32 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 00:17:41 2005] [error] [client 217.251.126.37] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 00:18:03 2005] [error] [client 217.251.126.37] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 00:18:12 2005] [error] [client 217.251.126.37] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 01:24:38 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 01:24:40 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 01:24:46 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 01:24:48 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 01:25:58 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 01:26:34 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 01:26:37 2005] [error] [client 81.63.51.202] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 10:13:02 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 10:13:07 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 10:13:10 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 10:17:07 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 14:41:40 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 14:41:45 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 14:41:47 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 14:41:51 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 14:55:30 2005] [error] [client 212.101.4.200] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:03:44 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:03:48 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:03:52 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:03:57 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:06:45 2005] [error] [client 212.101.4.200] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Mar 05 15:07:28 2005] [error] [client 192.168.0.128] user cyril: authentication failure for "/phpinfo": Password Mismatch
+[Wed Jan 05 15:08:01 2005] [error] [client 192.168.0.128] user  not found: /phpinfo
+[Wed Jan 05 15:10:45 2005] [crit] [client 192.168.0.128] (13)Permission denied: /var/www/jaquier.dyndns.org/htdocs/css/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://earth/phpinfo
+[Wed Jan 05 15:10:45 2005] [crit] [client 192.168.0.128] (13)Permission denied: /var/www/jaquier.dyndns.org/htdocs/images/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://earth/phpinfo
+[Wed Jan 05 15:10:45 2005] [error] [client 192.168.0.128] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:11:09 2005] [error] [client 192.168.0.128] user test not found: /phpinfo
+[Wed Jan 05 15:11:10 2005] [error] [client 192.168.0.128] user test not found: /phpinfo
+[Wed Jan 06 15:11:11 2005] [error] [client 192.168.0.128] user test not found: /phpinfo
+[Wed Jan 06 15:11:13 2005] [error] [client 192.168.0.128] user test not found: /phpinfo
+[Wed Jan 06 15:11:14 2005] [error] [client 192.168.0.128] user test not found: /phpinfo
+[Wed Jan 05 15:11:15 2005] [crit] [client 192.168.0.128] (13)Permission denied: /var/www/jaquier.dyndns.org/htdocs/css/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://earth/phpinfo
+[Wed Jan 05 15:11:15 2005] [crit] [client 192.168.0.128] (13)Permission denied: /var/www/jaquier.dyndns.org/htdocs/images/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable, referer: http://earth/phpinfo
+[Wed Jan 05 15:11:15 2005] [error] [client 192.168.0.128] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:12:32 2005] [error] [client 212.101.4.200] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:13:48 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:13:51 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:13:52 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:13:52 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:13:54 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:13:56 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:13:59 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:14:20 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:14:24 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:14:29 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Jan 05 15:14:34 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
+[Wed Mar 05 15:08:28 2005] [error] [client 192.168.0.128] user cyril: authentication failure for "/phpinfo": Password Mismatch
+[Wed Mar 05 15:09:28 2005] [error] [client 192.168.0.128] user cyril: authentication failure for "/phpinfo": Password Mismatch
\ No newline at end of file
diff --git a/log-test/current b/log-test/current
index 6537a6aa..d4b9f00a 100644
--- a/log-test/current
+++ b/log-test/current
@@ -1,4 +1,5 @@
-                - Last output repeated 2 times -
-Oct  7 11:47:08 [sshd] Failed password for illegal user test from 69.182.27.122 port 34015 ssh2
-Oct  7 11:47:09 [sshd] Failed password for illegal user guest from 69.182.27.122 port 34068 ssh2
-Oct  7 11:47:11 [sshd] Failed password for illegal user admin from 69.182.27.122 port 34127 ssh2
+Jan  7 17:53:15 [sshd] (pam_unix) 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.220.137.36  user=kevin
+Jan  7 17:53:26 [sshd] (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.220.137.36  user=kevin
+Mar  7 17:53:28 [sshd] error: PAM: Authentication failure for kevin from 62.220.137.36
+Mar  7 17:55:28 [sshd] error: PAM: Authentication failure for kevin from 62.220.137.36
+Mar  7 17:57:28 [sshd] error: PAM: Authentication failure for kevin from 62.220.137.36
diff --git a/log-test/test b/log-test/test
index 30fc4868..d370ca46 100644
--- a/log-test/test
+++ b/log-test/test
@@ -425,7 +425,8 @@ Oct  7 01:03:12 [sshd] Failed password for illegal user tata from 128.178.164.52
                 - Last output repeated 2 times -
 Oct  7 01:03:20 [sshd] Failed password for illegal user tata from 128.178.164.52 port 37187 ssh2
                 - Last output repeated 2 times -
-Oct 11 11:47:08 [sshd] Failed password for illegal user test from 69.182.27.122 port 34015 ssh2
-Oct 11 11:47:09 [sshd] Failed password for illegal user guest from 69.182.27.122 port 34068 ssh2
-Oct 11 11:47:11 [sshd] Failed password for illegal user admin from 69.182.27.122 port 34127 ssh2
-Oct 12 21:54:11 yellow sshd[16069]: Failed password for cyril from 212.41.79.210 port 29404 ssh2
+Nov 14 11:47:08 [sshd] Failed password for illegal user test from 69.182.27.122 port 34015 ssh2
+Nov 14 11:47:09 [sshd] Failed password for illegal user guest from 69.182.27.122 port 34068 ssh2
+Nov 14 11:47:11 [sshd] Failed password for illegal user admin from 69.182.27.122 port 34127 ssh2
+Nov 15 11:12:11 yellow sshd[16069]: Failed password for cyril from 212.41.79.210 port 29404 ssh2
+Nov 15 21:54:11 yellow sshd[16069]: Illegal user for cyril from 212.41.79.210 port 29404 ssh2
diff --git a/logreader/logreader.py b/logreader/logreader.py
index 12a24d85..24b8458f 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -24,9 +24,7 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import os, sys, time
-
-from sshd import Sshd
+import os, sys, time, re
 
 class LogReader:
 	""" Reads a log file and reports information about IP that make password
@@ -34,13 +32,15 @@ class LogReader:
 		attempt.	
 	"""
 	
-	def __init__(self, logPath, logSys, findTime = 3600):
+	def __init__(self, logSys, logPath, timeregex, timepattern, failregex, findTime = 3600):
 		self.logPath = logPath
+		self.timeregex = timeregex
+		self.timepattern = timepattern
+		self.failregex = failregex
 		self.findTime = findTime
 		self.ignoreIpList = []
 		self.lastModTime = 0
 		self.logSys = logSys
-		self.parserList = ["Sshd"]
 	
 	def addIgnoreIP(self, ip):
 		""" Adds an IP to the ignore list.
@@ -79,30 +79,14 @@ class LogReader:
 			self.lastModTime = logStats.st_mtime
 			return True
 	
-	def matchLine(self, line):
-		""" Checks if the line contains a pattern. It does this for all
-			classes specified in *parserList*. We use a singleton to avoid
-			creating/destroying objects too much.
-			
-			Return a dict with the IP and number of retries.
-		"""
-		for i in self.parserList:
-			match = eval(i).getInstance().parseLogLine(line)
-			if match:
-				return match
-		return None
-	
-	def getFailInfo(self, findTime):
-		""" Gets the failed login attempt. Returns a dict() which contains
-			IP and the number of retries.
-		"""
+	def getFailures(self):
 		ipList = dict()
 		logFile = self.openLogFile()
 		for line in logFile.readlines():
-			match = self.matchLine(line)
-			if match:
-				ip = match[0]
-				unixTime = match[1]
+			value = self.findFailure(line)
+			if value:
+				ip = value[0]
+				unixTime = value[1]
 				if unixTime < time.time()-self.findTime:
 					continue
 				if self.inIgnoreIPList(ip):
@@ -115,9 +99,35 @@ class LogReader:
 					ipList[ip] = (1, unixTime)
 		logFile.close()
 		return ipList
+
+	def findFailure(self, line):
+		match = self.matchLine(line, self.failregex)
+		if match:
+			timeMatch = self.matchLine(match.string, self.timeregex)
+			if timeMatch:
+				date = self.getUnixTime(timeMatch.group(), self.timepattern)
+				ipMatch = self.matchAddress(match.string)
+				if ipMatch:
+					ip = ipMatch.group()
+					return [ip, date]
+		return None
+		
+	def getUnixTime(self, value, pattern):
+		date = list(time.strptime(value, pattern))
+		if date[0] < 2000:
+			date[0] = time.gmtime()[0]
+		unixTime = time.mktime(date)
+		return unixTime
 	
-	def getPwdFailure(self):
-		""" Executes the getFailInfo method. Not very usefull...
+	def matchLine(self, line, pattern):
+		""" Checks if the line contains a pattern. It does this for all
+			classes specified in *parserList*. We use a singleton to avoid
+			creating/destroying objects too much.
+			
+			Return a dict with the IP and number of retries.
 		"""
-		failList = self.getFailInfo(self.findTime)
-		return failList
+		return re.search(pattern, line)
+		
+	def matchAddress(self, line):
+		return re.search("(?:\d{1,3}\.){3}\d{1,3}", line)
+	
\ No newline at end of file
diff --git a/logreader/parser.py b/logreader/parser.py
deleted file mode 100644
index d3067543..00000000
--- a/logreader/parser.py
+++ /dev/null
@@ -1,67 +0,0 @@
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-# Author: Cyril Jaquier
-# 
-# $Revision$
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
-__license__ = "GPL"
-
-import time, re
-
-class Parser:
-    """ This class is the main log parser class. It should be inherited
-        by all the service specific classes.
-    """
-    
-    def getLogMatch(self, pattern, line):
-        """ Returns a match if pattern is found in line.
-        """
-        return re.search(pattern, line)
-        
-    def getLogIPv4(self, line):
-        """ Returns IP if one is found in line. Match IPv4 string.
-        """
-        matchIP = re.search("(?:\d{1,3}\.){3}\d{1,3}", line)
-        if matchIP:
-            return matchIP.group()
-        else:
-            return None
-        
-    def getLogIP(self, line):
-        """ Returns IP if one is found in line.
-        """
-        return self.getLogIPv4(line)
-    
-    def getLogTimeStandard(self, line):
-        """ Returns the log time of line using a standard log format.
-            
-            Format: Oct 14 11:47:08
-        """
-        date = list(time.strptime(line[0:15], "%b %d %H:%M:%S"))
-        date[0] = time.gmtime()[0]
-        unixTime = time.mktime(date)
-        return unixTime
-        
-    def getLogTime(self, line):
-        """ Returns the log time of line.
-        """
-        return self.getLogTimeStandard(line)
-    
\ No newline at end of file
diff --git a/setup.py b/setup.py
index b1eafeda..1e05ff47 100755
--- a/setup.py
+++ b/setup.py
@@ -38,5 +38,5 @@ setup(
         url = "http://www.sourceforge.net/projects/fail2ban",
         scripts = ['fail2ban.py'],
         py_modules = ['version'],
-        packages = ['firewall', 'logreader']
+        packages = ['firewall', 'logreader', 'confreader']
 )
\ No newline at end of file
diff --git a/version.py b/version.py
index cbfd96b8..cb074256 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.1.2"
+version = "0.3.0-CVS"

From 78dab1db70f705d0bf9f0b634e4393e67a6a3345 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 18 Feb 2005 21:45:34 +0000
Subject: [PATCH 40/99] - Updated information

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@51 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 README | 29 +++++++++++++++++------------
 1 file changed, 17 insertions(+), 12 deletions(-)

diff --git a/README b/README
index 30b27060..aa5c8dde 100644
--- a/README
+++ b/README
@@ -4,13 +4,14 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.1.1)                           10/23/2004
+Fail2Ban (version 0.3.0)                           02/??/2005
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
 that makes too much password failures. It updates firewall
-rules to reject the IP address. Currently sshd, iptables,
-ipfw and ipfwadm are supported. It needs log4py.
+rules to reject the IP address. Currently iptables, ipfw and
+ipfwadm are supported. Fail2Ban can read multiple log files
+such as sshd or Apache web server ones. It needs log4py.
 
 This is my first Python program. I began learning Python for
 less than one week so please be understanding ;-) English is
@@ -31,17 +32,21 @@ some google searches, I found that sshd was not able of that.
 So I search for a script or program that do it. Found
 nothing :-( So I decide to write mine and to learn Python :-)
 
-I read the log file (/var/log/pwdfail/current on metalog) and
-search for a given pattern which indicates a login attempt.
-Then I get the ip and if it has already done 3 or more
-password failure in the last banTime, I ban the ip for
+For each sections defined in the configuration file, Fail2Ban
+tries to find lines which match the failregex. Then it
+retrieves the message time using timeregex and timepattern.
+It finally gets the ip and if it has already done 3 or more
+password failures in the last banTime, the ip is banned for
 banTime using a iptable rule. After banTime, the rule is
 deleted.
 
+Sections can be freely added so it is possible to monitor
+several daemons at the same time.
+
 Runs on my server and does its job rather well :-) The idea
-is to make fail2ban usable with most syslog daemons and
-services that require a login (sshd, telnetd, ...). It should
-also support others firewalls than iptables.
+is to make fail2ban usable with daemons and services that
+require a login (sshd, telnetd, ...). It should also support
+others firewalls than iptables.
 
 
 Installation:
@@ -52,8 +57,8 @@ Require: python-2.3 (http://www.python.org)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.1.2.tar.bz2
-> cd fail2ban-0.1.2
+> tar xvfj fail2ban-0.3.0.tar.bz2
+> cd fail2ban-0.3.0
 > python setup.py install
 
 This will install Fail2Ban into /usr/lib/fail2ban. The

From b5eb68d884b24f8f152476d63c09d8f446838f5b Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 18 Feb 2005 21:46:56 +0000
Subject: [PATCH 41/99] - Only scan log files which were modified

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@52 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG   | 1 +
 fail2ban.py | 9 +++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index d954dec9..fa723d04 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,7 @@ ver. 0.3.0 (02/??/2005) - alpha
 - Re-writting of parts of the code in order to handle several
   log files with different rules
 - Removed sshd.py because it is no more needed
+- Fixed a bug when exiting with IP in the ban list
 
 ver. 0.1.2 (11/21/2004) - beta
 ----------
diff --git a/fail2ban.py b/fail2ban.py
index a7adfd2d..3270a67b 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -43,8 +43,8 @@ from firewall.iptables import Iptables
 from firewall.ipfw import Ipfw
 from firewall.ipfwadm import Ipfwadm
 from logreader.logreader import LogReader
-from version import version
 from confreader.configreader import ConfigReader
+from version import version
 
 def usage():
 	print "Usage: fail2ban.py [OPTIONS]"
@@ -173,7 +173,6 @@ if __name__ == "__main__":
 	conf["background"] = False
 	conf["debug"] = False
 	conf["conffile"] = "/etc/fail2ban.conf"
-	conf["apachefile"] = "log-test/current"
 	conf["logging"] = False
 	conf["logfile"] = "/var/log/fail2ban.log"
 	conf["maxretry"] = 3
@@ -360,7 +359,7 @@ if __name__ == "__main__":
 	
 	# Reads the config file and create a LogReader instance for
 	# each log file to check.
-	confReader = ConfigReader(conf["conffile"]);
+	confReader = ConfigReader(logSys, conf["conffile"]);
 	confReader.openConf()
 	logList = list()
 	for t in confReader.getSections():
@@ -399,9 +398,11 @@ if __name__ == "__main__":
 			# last time, we sleep for 1 second. This is active
 			# polling so not very effective.
 			isModified = False
+			modList = list()
 			for element in logList:
 				if element.isModified():
 					isModified = True
+					modList.append(element)
 			
 			if not isModified:
 				time.sleep(conf["polltime"])
@@ -409,7 +410,7 @@ if __name__ == "__main__":
 			
 			# Gets the failure list from the log file.
 			failList = dict()
-			for element in logList:
+			for element in modList:
 				failList.update(element.getFailures())
 			
 			# We iterate the failure list and ban IP that make

From f4b083d79b3059a3044607df38a01eb291fc12f7 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 18 Feb 2005 21:48:34 +0000
Subject: [PATCH 42/99] - Added more comments - Catch exception when option not
 present in section

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@53 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 confreader/configreader.py | 62 ++++++++++++++++++++++----------------
 1 file changed, 36 insertions(+), 26 deletions(-)

diff --git a/confreader/configreader.py b/confreader/configreader.py
index 5f8679dd..1b43cf4f 100644
--- a/confreader/configreader.py
+++ b/confreader/configreader.py
@@ -29,29 +29,39 @@ import os, sys, time
 from ConfigParser import *
 
 class ConfigReader:
-    """ Reads a log file and reports information about IP that make password
-        failure, bad user or anything else that is considered as doubtful login
-        attempt.    
-    """
-    
-    optionValues = ("logfile", "timeregex", "timepattern", "failregex")
-    
-    def __init__(self, confPath):
-        self.confPath = confPath
-        self.configParser = SafeConfigParser()
-        
-    def openConf(self):
-        self.configParser.read(self.confPath)
-    
-    def getSections(self):
-        return self.configParser.sections()
-        
-    def getLogOptions(self, sec):
-        values = dict()
-        for option in self.optionValues:
-            v = self.configParser.get(sec, option)
-            values[option] = v
-        return values
-        
-    
-    
+	""" This class allow the handling of the configuration options.
+		The DEFAULT section contains the global information about
+		Fail2Ban. Each other section is for a different log file.
+	"""
+	
+	optionValues = ("logfile", "timeregex", "timepattern", "failregex")
+	
+	def __init__(self, logSys, confPath):
+		self.confPath = confPath
+		self.configParser = SafeConfigParser()
+		self.logSys = logSys
+		
+	def openConf(self):
+		""" Opens the configuration file.
+		"""
+		self.configParser.read(self.confPath)
+	
+	def getSections(self):
+		""" Returns all the sections present in the configuration
+			file except the DEFAULT section.
+		"""
+		return self.configParser.sections()
+		
+	def getLogOptions(self, sec):
+		""" Gets all the options of a given section. The options
+			are defined in the optionValues list.
+		"""
+		values = dict()
+		for option in self.optionValues:
+			try:
+				v = self.configParser.get(sec, option)
+				values[option] = v
+			except NoOptionError:
+				self.logSys.info("No "+option+" defined in "+sec)
+		return values
+		
\ No newline at end of file

From e339a487519f1e0a8fff9648ef1763df8905502a Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 18 Feb 2005 21:49:51 +0000
Subject: [PATCH 43/99] - Fixed bug when flushing ban list

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@54 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/firewall.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/firewall/firewall.py b/firewall/firewall.py
index 38782bde..959373c3 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -79,7 +79,8 @@ class Firewall:
 		""" Flushes the ban list and of course the firewall rules.
 			Called when fail2ban exits.
 		"""
-		iterBanList = self.banList.iteritems()
+		banListTemp = self.banList.copy()
+		iterBanList = banListTemp.iteritems()
 		for i in range(len(self.banList)):
 			element = iterBanList.next()
 			ip = element[0]
@@ -101,4 +102,3 @@ class Firewall:
 		for i in range(len(self.banList)):
 			element = iterBanList.next()
 			print element
-		

From ff088ec33373e0fe7d8212e452074c69120252d8 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 18 Feb 2005 21:51:32 +0000
Subject: [PATCH 44/99] - Added more comments

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@55 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/fail2ban.conf.default |  3 ++-
 logreader/logreader.py       | 39 ++++++++++++++++++++++++++----------
 2 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index 3a4e79cc..5aa5b740 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -41,7 +41,8 @@ interface = eth0
 polltime = 1
 
 # You can define a new section for each log file to check for
-# password failure.
+# password failure. Each section has to define the following
+# options: logfile, timeregex, timepattern, failregex.
 
 [Apache]
 # logfile: file to monitor.
diff --git a/logreader/logreader.py b/logreader/logreader.py
index 24b8458f..083e59d6 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -80,6 +80,12 @@ class LogReader:
 			return True
 	
 	def getFailures(self):
+		""" Gets all the failure in the log file which are
+			newer than time.time()-self.findTime.
+			
+			Returns a dict with the IP, the number of failure
+			and the latest failure time.
+		"""
 		ipList = dict()
 		logFile = self.openLogFile()
 		for line in logFile.readlines():
@@ -101,33 +107,44 @@ class LogReader:
 		return ipList
 
 	def findFailure(self, line):
-		match = self.matchLine(line, self.failregex)
+		""" Finds the failure in line. Uses the failregex pattern
+			to find it and timeregex in order to find the logging
+			time.
+			
+			Returns a dict with IP and timestamp.
+		"""
+		match = self.matchLine(self.failregex, line)
 		if match:
-			timeMatch = self.matchLine(match.string, self.timeregex)
+			timeMatch = self.matchLine(self.timeregex, match.string)
 			if timeMatch:
-				date = self.getUnixTime(timeMatch.group(), self.timepattern)
+				date = self.getUnixTime(timeMatch.group())
 				ipMatch = self.matchAddress(match.string)
 				if ipMatch:
 					ip = ipMatch.group()
 					return [ip, date]
 		return None
 		
-	def getUnixTime(self, value, pattern):
-		date = list(time.strptime(value, pattern))
+	def getUnixTime(self, value):
+		""" Returns the Unix timestamp of the given value.
+			Pattern should describe the date construction of
+			value.
+		"""
+		date = list(time.strptime(value, self.timepattern))
 		if date[0] < 2000:
 			date[0] = time.gmtime()[0]
 		unixTime = time.mktime(date)
 		return unixTime
 	
-	def matchLine(self, line, pattern):
-		""" Checks if the line contains a pattern. It does this for all
-			classes specified in *parserList*. We use a singleton to avoid
-			creating/destroying objects too much.
+	def matchLine(self, pattern, line):
+		""" Checks if the line contains a pattern.
 			
-			Return a dict with the IP and number of retries.
+			Return a match object.
 		"""
 		return re.search(pattern, line)
 		
 	def matchAddress(self, line):
-		return re.search("(?:\d{1,3}\.){3}\d{1,3}", line)
+		""" Return a match on the IP address present in
+			line.		
+		"""
+		return self.matchLine("(?:\d{1,3}\.){3}\d{1,3}", line)
 	
\ No newline at end of file

From 2b5812ef9be7cb9fa71c76ffced288df836f286e Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 18 Feb 2005 21:53:16 +0000
Subject: [PATCH 45/99] - parser.py no more needed

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@56 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 MANIFEST | 1 -
 1 file changed, 1 deletion(-)

diff --git a/MANIFEST b/MANIFEST
index d31f45f5..df4de156 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -11,7 +11,6 @@ firewall/ipfw.py
 firewall/ipfwadm.py
 logreader/__init__.py
 logreader/logreader.py
-logreader/parser.py
 confreader/__init__.py
 confreader/configreader.py
 config/fail2ban.conf.default

From c7947c68e9ed83a1b0f65993cf772e36c962873c Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 18 Feb 2005 22:14:02 +0000
Subject: [PATCH 46/99] - Bantime was not used in the log reader

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@57 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.py b/fail2ban.py
index 3270a67b..3bb06f3e 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -365,7 +365,7 @@ if __name__ == "__main__":
 	for t in confReader.getSections():
 		l = confReader.getLogOptions(t)
 		lObj = LogReader(logSys, l["logfile"], l["timeregex"],
-						l["timepattern"], l["failregex"])
+						l["timepattern"], l["failregex"], conf["bantime"])
 		lObj.openLogFile()
 		logList.append(lObj)
 	

From 16dbc44607e44494ba5c2df894952ceea9670360 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 20 Feb 2005 11:15:06 +0000
Subject: [PATCH 47/99] - Added TODO file

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@58 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 MANIFEST |  1 +
 TODO     | 15 +++++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 TODO

diff --git a/MANIFEST b/MANIFEST
index df4de156..90767c9e 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -1,5 +1,6 @@
 README
 CHANGELOG
+TODO
 setup.cfg
 setup.py
 version.py
diff --git a/TODO b/TODO
new file mode 100644
index 00000000..62d421f1
--- /dev/null
+++ b/TODO
@@ -0,0 +1,15 @@
+               __      _ _ ___ _               
+              / _|__ _(_) |_  ) |__  __ _ _ _  
+             |  _/ _` | | |/ /| '_ \/ _` | ' \ 
+             |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+=============================================================
+ToDo
+=============================================================
+
+- cleanup fail2ban.py
+- resolve DNS with 'host' and os.popen (???)
+- improve configuration file and command line options
+  handling
+- improve installation process
+- create a web page for the project

From deffa8f5aa85db787777ff13b8bedb41be597075 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 20 Feb 2005 11:16:56 +0000
Subject: [PATCH 48/99] - Added log reader name

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@59 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index 083e59d6..b782a140 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -41,6 +41,16 @@ class LogReader:
 		self.ignoreIpList = []
 		self.lastModTime = 0
 		self.logSys = logSys
+		
+	def setName(self, name):
+		""" Sets the name of the log reader.
+		"""
+		self.name = name
+		
+	def getName(self):
+		""" Gets the name of the log reader.
+		"""
+		return self.name
 	
 	def addIgnoreIP(self, ip):
 		""" Adds an IP to the ignore list.

From 1711a87dff81834d57421d179e28f8a6360d847b Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 20 Feb 2005 13:33:17 +0000
Subject: [PATCH 49/99] - Added PID lock file support - Added log reader name
 support - Improve some algorithms - Changed some info messages to warn

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@60 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 75 ++++++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 66 insertions(+), 9 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index 3bb06f3e..5dac3a00 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -56,6 +56,7 @@ def usage():
 	print "  -d         start fail2ban in debug mode"
 	print "  -e <INTF>  ban IP on the INTF interface"
 	print "  -c <FILE>  read configuration file FILE"
+	print "  -p <FILE>  create PID lock in FILE"
 	print "  -h         display this help message"
 	print "  -i <IP(s)> IP(s) to ignore"
 	print "  -l <FILE>  log message in FILE"
@@ -161,6 +162,30 @@ def sigTERMhandler(signum, frame):
 	fireWall.flushBanList(conf["debug"])
 	logSys.info("Exiting...")
 	sys.exit(0)
+	
+def checkForPID(lockfile):
+	""" Checks for running Fail2Ban.
+	
+		Returns the current PID if Fail2Ban is running or False
+		if no instance found.
+	"""
+	try:
+		fileHandler = open(lockfile)
+		pid = fileHandler.readline()
+		return pid
+	except IOError:
+		fileHandler = open(lockfile, mode='w')
+		pid = os.getpid()
+		fileHandler.write(`pid`+'\n')
+		fileHandler.close()
+		logSys.debug("Created PID lock ("+`pid`+") in "+lockfile)
+		return False
+		
+def removePID(lockfile):
+	""" Remove PID lock.
+	"""
+	os.remove(lockfile)
+	logSys.debug("Removed PID lock "+lockfile)
 
 if __name__ == "__main__":
 	
@@ -173,6 +198,7 @@ if __name__ == "__main__":
 	conf["background"] = False
 	conf["debug"] = False
 	conf["conffile"] = "/etc/fail2ban.conf"
+	conf["pidlock"] = "/tmp/fail2ban.pid"
 	conf["logging"] = False
 	conf["logfile"] = "/var/log/fail2ban.log"
 	conf["maxretry"] = 3
@@ -184,7 +210,7 @@ if __name__ == "__main__":
 	
 	# Reads the command line options.
 	try:
-		optList, args = getopt.getopt(sys.argv[1:], 'hvbdc:l:t:i:r:e:w:')
+		optList, args = getopt.getopt(sys.argv[1:], 'hvbdc:l:t:i:r:e:w:p:')
 	except getopt.GetoptError:
 		usage()
 	
@@ -227,6 +253,16 @@ if __name__ == "__main__":
 		logSys.warn("logfile option not in config file")
 		logSys.warn("Using default value")
 		
+	# pidlock
+	try:
+		conf["pidlock"] = configParser.get("DEFAULT", "pidlock")
+	except ValueError:
+		logSys.warn("pidlock option should be a string")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("pidlock option not in config file")
+		logSys.warn("Using default value")
+		
 	# maxretry
 	try:
 		conf["maxretry"] = configParser.getint("DEFAULT", "maxretry")
@@ -313,6 +349,8 @@ if __name__ == "__main__":
 			conf["retrymax"] = int(opt[1])
 		if opt[0] == "-w":
 			conf["firewall"] = opt[1]
+		if opt[0] == "-p":
+			conf["pidlock"] = opt[1]
 
 	# Process some options
 	for c in conf:
@@ -352,6 +390,12 @@ if __name__ == "__main__":
 		logSys.error("You must be root")
 		if not conf["debug"]:
 			sys.exit(-1)
+			
+	# Checks that no instance of Fail2Ban is currently running.
+	pid = checkForPID(conf["pidlock"])
+	if pid:
+		logSys.error("Fail2Ban already running with PID "+pid)
+		sys.exit(-1)
 	
 	logSys.debug("ConfFile is "+conf["conffile"])
 	logSys.debug("BanTime is "+`conf["bantime"]`)
@@ -366,7 +410,7 @@ if __name__ == "__main__":
 		l = confReader.getLogOptions(t)
 		lObj = LogReader(logSys, l["logfile"], l["timeregex"],
 						l["timepattern"], l["failregex"], conf["bantime"])
-		lObj.openLogFile()
+		lObj.setName(t)
 		logList.append(lObj)
 	
 	# Creates one instance of Iptables (thanks to Pyhton dynamic
@@ -383,7 +427,7 @@ if __name__ == "__main__":
 		for element in logList:
 			element.addIgnoreIP(ip)
 	
-	logSys.info("Fail2Ban v"+version+" is running")
+	logSys.warn("Fail2Ban v"+version+" is running")
 	# Main loop
 	while True:
 		try:
@@ -397,21 +441,31 @@ if __name__ == "__main__":
 			# If the log file has not been modified since the
 			# last time, we sleep for 1 second. This is active
 			# polling so not very effective.
-			isModified = False
 			modList = list()
 			for element in logList:
 				if element.isModified():
-					isModified = True
 					modList.append(element)
 			
-			if not isModified:
+			if len(modList) == 0:
 				time.sleep(conf["polltime"])
 				continue
 			
-			# Gets the failure list from the log file.
+			# Gets the failure list from the log file. For a given IP,
+			# takes only the service which has the most password failures.
 			failList = dict()
 			for element in modList:
-				failList.update(element.getFailures())
+				e = element.getFailures()
+				iter = e.iterkeys()
+				for i in range(len(e)):
+					key = iter.next()
+					if failList.has_key(key):
+						if failList[key][0] < e[key][0]:
+							failList[key] = (e[key][0], e[key][1],
+											element.getName())
+					else:
+						failList[key] = (e[key][0], e[key][1],
+										element.getName())
+				
 			
 			# We iterate the failure list and ban IP that make
 			# *retryAllowed* login failures.
@@ -419,6 +473,8 @@ if __name__ == "__main__":
 			for i in range(len(failList)):
 				element = iterFailList.next()
 				if element[1][0] >= conf["maxretry"]:
+					logSys.warn(`element[1][2]`+": "+element[0]+" has "+
+								`element[1][0]`+" login failure(s). Banned.")
 					fireWall.addBanIP(element[0], conf["debug"])
 			
 		except KeyboardInterrupt:
@@ -426,5 +482,6 @@ if __name__ == "__main__":
 			# and exit nicely.
 			logSys.info("Restoring iptables...")
 			fireWall.flushBanList(conf["debug"])
-			logSys.info("Exiting...")
+			removePID(conf["pidlock"])
+			logSys.warn("Exiting...")
 			sys.exit(0)

From 2131d080c29023b0063825886d86da17ea011dec Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 20 Feb 2005 13:33:55 +0000
Subject: [PATCH 50/99] - Added PID lock file option

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@61 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 README | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README b/README
index aa5c8dde..5c80b7d3 100644
--- a/README
+++ b/README
@@ -85,6 +85,7 @@ options:
   -d         start fail2ban in debug mode
   -e <INTF>  ban IP on the INTF interface
   -c <FILE>  read configuration file FILE
+  -p <FILE>  create PID lock in FILE
   -h         display this help message
   -i <IP(s)> IP(s) to ignore
   -l <FILE>  log message in FILE

From 4961847529aadc51115a78fbe9d25fe9cca3b14a Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 20 Feb 2005 13:34:43 +0000
Subject: [PATCH 51/99] - Added PID lock file support - Improved some parts of
 the code

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@62 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index fa723d04..f2b37ce1 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,8 @@ ver. 0.3.0 (02/??/2005) - alpha
   log files with different rules
 - Removed sshd.py because it is no more needed
 - Fixed a bug when exiting with IP in the ban list
+- Added PID lock file
+- Improved some parts of the code
 
 ver. 0.1.2 (11/21/2004) - beta
 ----------

From 3122f5eeae809bcac6d5eaa16d77df49881a2691 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 20 Feb 2005 13:38:10 +0000
Subject: [PATCH 52/99] - Added PID lock file option - Added more comments

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@63 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/fail2ban.conf.default | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index 5aa5b740..fc9be3ab 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -16,6 +16,10 @@ background = false
 # and bypass root user test.
 debug = false
 
+# pidlock: the path of the PID lock file. Fail2Ban must be
+# able to write into that file.
+#pidlock = /var/run/fail2ban.pid
+
 # logfile: the path of the file for logging messages of
 # fail2ban.
 logfile = /var/log/fail2ban.log
@@ -54,12 +58,13 @@ logfile = log-test/apache
 timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
 
 # timepattern: indicates the "timeregex" fields signification.
+# Notice that '%' must be espaced with '%'.
 # See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
 timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
 
 # failregex: regular expression which have to match the
 # message written in the log file in case of password failure.
-failregex = authentication failure
+failregex = authentication failure|user .* not found
 
 [SSH]
 # logfile: file to monitor.
@@ -71,10 +76,11 @@ logfile = log-test/current
 timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
 
 # timepattern: indicates the "timeregex" fields signification.
+# Notice that '%' must be espaced with '%'.
 # See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
 timepattern = %%b %%d %%H:%%M:%%S
 
 # failregex: regular expression which have to match the
 # message written in the log file in case of password failure.
-failregex = Authentication failure
+failregex = Authentication failure|Failed password
 

From 78b32ef3b2d1883343a4dcdae15c89fa7bfd4819 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 22 Feb 2005 21:08:36 +0000
Subject: [PATCH 53/99] - Added "ipfw-start-rule" option (thanks to Robert
 Edeker) - Added "enabled" option

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@64 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/fail2ban.conf.default | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index fc9be3ab..43f08b86 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -8,6 +8,10 @@
 # the available options are: iptables, ipfwadm, ipfw
 firewall = iptables
 
+# ipfw-start-rule: set the first rule number used by Fail2Ban.
+# This option is only used if firewall = ipfw.
+ipfw-start-rule = 100
+
 # background: true to start fail2ban as a daemon. Output
 # is redirect to logfile.
 background = false
@@ -49,6 +53,9 @@ polltime = 1
 # options: logfile, timeregex, timepattern, failregex.
 
 [Apache]
+# enabled: is this section active ?
+enabled = true
+
 # logfile: file to monitor.
 logfile = log-test/apache
 
@@ -67,6 +74,9 @@ timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
 failregex = authentication failure|user .* not found
 
 [SSH]
+# enabled: is this section active ?
+enabled = true
+
 # logfile: file to monitor.
 logfile = log-test/current
 

From 7b13c386f970936affa8c212a40648552d52eff8 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 22 Feb 2005 21:10:08 +0000
Subject: [PATCH 54/99] - The options have a specified type now

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@65 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 confreader/configreader.py | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/confreader/configreader.py b/confreader/configreader.py
index 1b43cf4f..bd2aaba0 100644
--- a/confreader/configreader.py
+++ b/confreader/configreader.py
@@ -34,7 +34,9 @@ class ConfigReader:
 		Fail2Ban. Each other section is for a different log file.
 	"""
 	
-	optionValues = ("logfile", "timeregex", "timepattern", "failregex")
+	optionValues = (["bool", "enabled"], ["str", "logfile"],
+					["str", "timeregex"], ["str", "timepattern"],
+					["str", "failregex"])
 	
 	def __init__(self, logSys, confPath):
 		self.confPath = confPath
@@ -59,8 +61,14 @@ class ConfigReader:
 		values = dict()
 		for option in self.optionValues:
 			try:
-				v = self.configParser.get(sec, option)
-				values[option] = v
+				if option[0] == "bool":
+					v = self.configParser.getboolean(sec, option[1])
+				elif option[0] == "int":
+					v = self.configParser.getint(sec, option[1])
+				else:
+					v = self.configParser.get(sec, option[1])
+				
+				values[option[1]] = v
 			except NoOptionError:
 				self.logSys.info("No "+option+" defined in "+sec)
 		return values

From acbbb11578c2fb124095cb0f725583aade5bab7d Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 22 Feb 2005 21:11:17 +0000
Subject: [PATCH 55/99] - A rule is added with a specified number now

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@66 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/ipfw.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/firewall/ipfw.py b/firewall/ipfw.py
index c8cd3cba..4e3e8f57 100644
--- a/firewall/ipfw.py
+++ b/firewall/ipfw.py
@@ -37,10 +37,23 @@ class Ipfw(Firewall):
 		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/266468
 	"""
 	
+	crtRuleNbr = 0
+	
+	def getCrtRuleNbr():
+		""" Gets the current rule number.
+		"""
+		return self.crtRuleNbr
+		
+	def setCrtRuleNbr(self, value):
+		""" Sets the current rule number.
+		"""
+		self.crtRuleNbr = value
+	
 	def banIP(self, ip):
 		""" Returns query to ban IP.
 		"""
-		query = "ipfw -q add deny ip from "+ip+" to any"
+		self.crtRuleNbr = self.crtRuleNbr + 1
+		query = "ipfw -q add "+`self.crtRuleNbr`+" deny ip from "+ip+" to any"
 		return query
 	
 	def unBanIP(self, ip):

From 9a74701807130928eb1c5913b7170f287e5f54b2 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 22 Feb 2005 21:11:46 +0000
Subject: [PATCH 56/99] - Added "ipfw-start-rule" option (thanks to Robert
 Edeker)

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@67 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index f2b37ce1..9fc1ade7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,7 +7,7 @@
 Fail2Ban (version 0.3.0)                           02/??/2005
 =============================================================
 
-ver. 0.3.0 (02/??/2005) - alpha
+ver. 0.3.0 (02/??/2005) - beta
 ----------
 - Re-writting of parts of the code in order to handle several
   log files with different rules
@@ -15,6 +15,7 @@ ver. 0.3.0 (02/??/2005) - alpha
 - Fixed a bug when exiting with IP in the ban list
 - Added PID lock file
 - Improved some parts of the code
+- Added ipfw-start-rule option (thanks to Robert Edeker)
 
 ver. 0.1.2 (11/21/2004) - beta
 ----------

From 42937a5522cc65ce8292f6f73f50ee26d0f81706 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 22 Feb 2005 21:14:04 +0000
Subject: [PATCH 57/99] - Added "ipfw-start-rule" option (thanks to Robert
 Edeker) - Added "enabled" option

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@68 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index 5dac3a00..00685ca2 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -206,6 +206,7 @@ if __name__ == "__main__":
 	conf["ignoreip"] = ''
 	conf["interface"] = "eth0"
 	conf["firewall"] = "iptables"
+	conf["ipfw-start-rule"] = 0
 	conf["polltime"] = 1
 	
 	# Reads the command line options.
@@ -312,6 +313,17 @@ if __name__ == "__main__":
 	except NoOptionError:
 		logSys.warn("firewall option not in config file")
 		logSys.warn("Using default value")
+	
+	# ipfw-start-rule
+	try:
+		conf["ipfw-start-rule"] = configParser.getint("DEFAULT",
+													"ipfw-start-rule")
+	except ValueError:
+		logSys.warn("ipfw-start-rule option should be an integer")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("ipfw-start-rule option not in config file")
+		logSys.warn("Using default value")
 
 	# polltime
 	try:
@@ -408,16 +420,22 @@ if __name__ == "__main__":
 	logList = list()
 	for t in confReader.getSections():
 		l = confReader.getLogOptions(t)
-		lObj = LogReader(logSys, l["logfile"], l["timeregex"],
-						l["timepattern"], l["failregex"], conf["bantime"])
-		lObj.setName(t)
-		logList.append(lObj)
+		if l["enabled"]:
+			lObj = LogReader(logSys, l["logfile"], l["timeregex"],
+							l["timepattern"], l["failregex"], conf["bantime"])
+			lObj.setName(t)
+			logList.append(lObj)
 	
 	# Creates one instance of Iptables (thanks to Pyhton dynamic
-	# features) and one of LogReader.
+	# features).
 	fireWallObj = eval(fireWallName)
 	fireWall = fireWallObj(conf["bantime"], logSys, conf["interface"])
 	
+	# IPFW needs rules number. The configuration option "ipfw-start-rule"
+	# defines the first rule number used by Fail2Ban.
+	if fireWallName == "Ipfw":
+		fireWall.setCrtRuleNbr(conf["ipfw-start-rule"])
+	
 	# We add 127.0.0.1 to the ignore list has we do not want
 	# to be ban ourself.
 	for element in logList:

From 45dd8ea43eaa3bf16bf69980c2a1fea0576050a2 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 23 Feb 2005 16:53:03 +0000
Subject: [PATCH 58/99] - Increment "crtRuleNbr" after the creation of the rule

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@69 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/ipfw.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/firewall/ipfw.py b/firewall/ipfw.py
index 4e3e8f57..79fe7c66 100644
--- a/firewall/ipfw.py
+++ b/firewall/ipfw.py
@@ -52,8 +52,8 @@ class Ipfw(Firewall):
 	def banIP(self, ip):
 		""" Returns query to ban IP.
 		"""
-		self.crtRuleNbr = self.crtRuleNbr + 1
 		query = "ipfw -q add "+`self.crtRuleNbr`+" deny ip from "+ip+" to any"
+		self.crtRuleNbr = self.crtRuleNbr + 1
 		return query
 	
 	def unBanIP(self, ip):

From c429a69845a29a2e0284078eb817ad064b928e15 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 23 Feb 2005 16:56:29 +0000
Subject: [PATCH 59/99] - Added the "-k" option. Kills a currently running
 Fail2Ban

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@70 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG   |  1 +
 README      |  1 +
 fail2ban.py | 20 ++++++++++++++++++--
 3 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9fc1ade7..9ef9ca4c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -16,6 +16,7 @@ ver. 0.3.0 (02/??/2005) - beta
 - Added PID lock file
 - Improved some parts of the code
 - Added ipfw-start-rule option (thanks to Robert Edeker)
+- Added -k option which kills a currently running Fail2Ban
 
 ver. 0.1.2 (11/21/2004) - beta
 ----------
diff --git a/README b/README
index 5c80b7d3..be98a10c 100644
--- a/README
+++ b/README
@@ -88,6 +88,7 @@ options:
   -p <FILE>  create PID lock in FILE
   -h         display this help message
   -i <IP(s)> IP(s) to ignore
+  -k         kill a currently running Fail2Ban instance
   -l <FILE>  log message in FILE
   -r <VALUE> allow a max of VALUE password failure
   -t <TIME>  ban IP for TIME seconds
diff --git a/fail2ban.py b/fail2ban.py
index 00685ca2..7372bae5 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -59,6 +59,7 @@ def usage():
 	print "  -p <FILE>  create PID lock in FILE"
 	print "  -h         display this help message"
 	print "  -i <IP(s)> IP(s) to ignore"
+	print "  -k         kill a currently running Fail2Ban instance"
 	print "  -l <FILE>  log message in FILE"
 	print "  -r <VALUE> allow a max of VALUE password failure"
 	print "  -t <TIME>  ban IP for TIME seconds"
@@ -187,6 +188,12 @@ def removePID(lockfile):
 	os.remove(lockfile)
 	logSys.debug("Removed PID lock "+lockfile)
 
+def killPID(pid):
+	""" Kills the process with the given PID using the
+		INT signal (same effect as <ctrl>+<c>).
+	"""
+	return os.kill(pid, 2)
+
 if __name__ == "__main__":
 	
 	# Gets an instance of log4py.
@@ -211,7 +218,7 @@ if __name__ == "__main__":
 	
 	# Reads the command line options.
 	try:
-		optList, args = getopt.getopt(sys.argv[1:], 'hvbdc:l:t:i:r:e:w:p:')
+		optList, args = getopt.getopt(sys.argv[1:], 'hvbdkc:l:t:i:r:e:w:p:')
 	except getopt.GetoptError:
 		usage()
 	
@@ -363,6 +370,15 @@ if __name__ == "__main__":
 			conf["firewall"] = opt[1]
 		if opt[0] == "-p":
 			conf["pidlock"] = opt[1]
+		if opt[0] == "-k":
+			pid = checkForPID(conf["pidlock"])
+			if pid:
+				killPID(int(pid))
+				logSys.warn("Killed Fail2Ban with PID "+pid)
+				sys.exit(0)
+			else:
+				logSys.error("No running Fail2Ban found")
+				sys.exit(-1)
 
 	# Process some options
 	for c in conf:
@@ -498,7 +514,7 @@ if __name__ == "__main__":
 		except KeyboardInterrupt:
 			# When the user press <ctrl>+<c> we flush the ban list
 			# and exit nicely.
-			logSys.info("Restoring iptables...")
+			logSys.info("Restoring firewall rules...")
 			fireWall.flushBanList(conf["debug"])
 			removePID(conf["pidlock"])
 			logSys.warn("Exiting...")

From 3d9318ad3e1882a02b9345dcae1459934585b793 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 23 Feb 2005 17:31:46 +0000
Subject: [PATCH 60/99] - Splitted "checkForPID" into "createPID" and
 "checkForPID". Fixed the bug which created a PID lock file when calling
 Fail2Ban with the kill option

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@71 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index 7372bae5..b0aa10cd 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -175,13 +175,17 @@ def checkForPID(lockfile):
 		pid = fileHandler.readline()
 		return pid
 	except IOError:
-		fileHandler = open(lockfile, mode='w')
-		pid = os.getpid()
-		fileHandler.write(`pid`+'\n')
-		fileHandler.close()
-		logSys.debug("Created PID lock ("+`pid`+") in "+lockfile)
 		return False
 		
+def createPID(lockfile):
+	""" Creates a PID lock file with the current PID.
+	"""
+	fileHandler = open(lockfile, mode='w')
+	pid = os.getpid()
+	fileHandler.write(`pid`+'\n')
+	fileHandler.close()
+	logSys.debug("Created PID lock ("+`pid`+") in "+lockfile)
+		
 def removePID(lockfile):
 	""" Remove PID lock.
 	"""
@@ -424,6 +428,8 @@ if __name__ == "__main__":
 	if pid:
 		logSys.error("Fail2Ban already running with PID "+pid)
 		sys.exit(-1)
+	else:
+		createPID(conf["pidlock"])
 	
 	logSys.debug("ConfFile is "+conf["conffile"])
 	logSys.debug("BanTime is "+`conf["bantime"]`)

From f0625224c74b4ff134099d646526aa45aa4a271d Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 23 Feb 2005 17:47:30 +0000
Subject: [PATCH 61/99] - Added a default value for each option

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@72 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 confreader/configreader.py | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/confreader/configreader.py b/confreader/configreader.py
index bd2aaba0..dbdb5d2d 100644
--- a/confreader/configreader.py
+++ b/confreader/configreader.py
@@ -34,9 +34,15 @@ class ConfigReader:
 		Fail2Ban. Each other section is for a different log file.
 	"""
 	
-	optionValues = (["bool", "enabled"], ["str", "logfile"],
-					["str", "timeregex"], ["str", "timepattern"],
-					["str", "failregex"])
+	# Each optionValues entry is composed of an array with:
+	# 0 -> the type of the option
+	# 1 -> the name of the option
+	# 2 -> the default value for the option
+	optionValues = (["bool", "enabled", True],
+					["str", "logfile", "/dev/null"],
+					["str", "timeregex", ""],
+					["str", "timepattern", ""],
+					["str", "failregex", ""])
 	
 	def __init__(self, logSys, confPath):
 		self.confPath = confPath
@@ -70,6 +76,7 @@ class ConfigReader:
 				
 				values[option[1]] = v
 			except NoOptionError:
-				self.logSys.info("No "+option+" defined in "+sec)
+				self.logSys.info("No '"+option[1]+"' defined in '"+sec+"'")
+				values[option[1]] = option[2]
 		return values
 		
\ No newline at end of file

From 7fb2508960e780536351c23bed7d645542810cfd Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 24 Feb 2005 13:59:34 +0000
Subject: [PATCH 62/99] - Version 0.3.0. Named it 0.3 because there is a lot of
 changes in this release

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@73 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG  | 4 ++--
 README     | 2 +-
 TODO       | 1 -
 version.py | 2 +-
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 9ef9ca4c..dfe16bee 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,10 +4,10 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.3.0)                           02/??/2005
+Fail2Ban (version 0.3.0)                           02/24/2005
 =============================================================
 
-ver. 0.3.0 (02/??/2005) - beta
+ver. 0.3.0 (02/24/2005) - beta
 ----------
 - Re-writting of parts of the code in order to handle several
   log files with different rules
diff --git a/README b/README
index be98a10c..daf7b222 100644
--- a/README
+++ b/README
@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.3.0)                           02/??/2005
+Fail2Ban (version 0.3.0)                           02/24/2005
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
diff --git a/TODO b/TODO
index 62d421f1..d11e3503 100644
--- a/TODO
+++ b/TODO
@@ -12,4 +12,3 @@ ToDo
 - improve configuration file and command line options
   handling
 - improve installation process
-- create a web page for the project
diff --git a/version.py b/version.py
index cb074256..776fd44e 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.3.0-CVS"
+version = "0.3.0"

From d1ec7fb830cd68ff4ee82d4f8eaef7660e64c312 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:42:04 +0000
Subject: [PATCH 63/99] - Change to CVS version

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@75 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 version.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.py b/version.py
index 776fd44e..cb074256 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.3.0"
+version = "0.3.0-CVS"

From bc4524c165ab15385d32bf5a1e72abb6e3327ec7 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:42:59 +0000
Subject: [PATCH 64/99] - Updated

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@76 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG | 8 +++++++-
 README    | 5 ++++-
 TODO      | 2 +-
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index dfe16bee..a8abaac6 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,9 +4,15 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.3.0)                           02/24/2005
+Fail2Ban (version 0.3.1)                           ??/??/2005
 =============================================================
 
+ver. 0.3.1 (??/??/2005) - beta
+----------
+- Corrected level of messages
+- Added DNS lookup support
+- Improved parsing speed. Only parse the new log messages
+
 ver. 0.3.0 (02/24/2005) - beta
 ----------
 - Re-writting of parts of the code in order to handle several
diff --git a/README b/README
index daf7b222..54a34bb5 100644
--- a/README
+++ b/README
@@ -38,7 +38,9 @@ retrieves the message time using timeregex and timepattern.
 It finally gets the ip and if it has already done 3 or more
 password failures in the last banTime, the ip is banned for
 banTime using a iptable rule. After banTime, the rule is
-deleted.
+deleted. Notice that if no "plain" ip is available, Fail2Ban
+try to do DNS lookup in order to found one or several ip's to
+ban.
 
 Sections can be freely added so it is possible to monitor
 several daemons at the same time.
@@ -54,6 +56,7 @@ Installation:
 
 Require: python-2.3 (http://www.python.org)
          log4py-1.1 (http://sourceforge.net/projects/log4py)
+         host (http://www.isc.org/products/BIND/bind9.html)
 
 To install, just do:
 
diff --git a/TODO b/TODO
index d11e3503..cdd565ca 100644
--- a/TODO
+++ b/TODO
@@ -8,7 +8,7 @@ ToDo
 =============================================================
 
 - cleanup fail2ban.py
-- resolve DNS with 'host' and os.popen (???)
 - improve configuration file and command line options
   handling
 - improve installation process
+- add init script

From 1a876366a7937b4198e7b1273e153e766c352547 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:44:48 +0000
Subject: [PATCH 65/99] - Added a killApp() function - Dict iteration improved

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@77 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index b0aa10cd..258b79c4 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -152,15 +152,22 @@ def createDaemon():
 	os.open("/dev/null", os.O_RDWR)		# standard output (1)
 	os.open("/dev/null", os.O_RDWR)		# standard error (2)
 
-	return(0)
+	return True
 
 def sigTERMhandler(signum, frame):
 	""" Handles the TERM signal when in daemon mode in order to
 		exit properly.
 	"""
 	logSys.debug("Signal handler called with sig "+`signum`)
-	logSys.info("Restoring iptables...")
+	killApp()
+
+def killApp():
+	""" Flush the ban list, remove the PID lock file and exit
+		nicely.
+	"""
+	logSys.warn("Restoring firewall rules...")
 	fireWall.flushBanList(conf["debug"])
+	removePID(conf["pidlock"])
 	logSys.info("Exiting...")
 	sys.exit(0)
 	
@@ -467,7 +474,7 @@ if __name__ == "__main__":
 		for element in logList:
 			element.addIgnoreIP(ip)
 	
-	logSys.warn("Fail2Ban v"+version+" is running")
+	logSys.info("Fail2Ban v"+version+" is running")
 	# Main loop
 	while True:
 		try:
@@ -495,9 +502,7 @@ if __name__ == "__main__":
 			failList = dict()
 			for element in modList:
 				e = element.getFailures()
-				iter = e.iterkeys()
-				for i in range(len(e)):
-					key = iter.next()
+				for key in e.iterkeys():
 					if failList.has_key(key):
 						if failList[key][0] < e[key][0]:
 							failList[key] = (e[key][0], e[key][1],
@@ -509,19 +514,12 @@ if __name__ == "__main__":
 			
 			# We iterate the failure list and ban IP that make
 			# *retryAllowed* login failures.
-			iterFailList = failList.iteritems()
-			for i in range(len(failList)):
-				element = iterFailList.next()
+			for element in failList.iteritems():
 				if element[1][0] >= conf["maxretry"]:
-					logSys.warn(`element[1][2]`+": "+element[0]+" has "+
+					logSys.info(`element[1][2]`+": "+element[0]+" has "+
 								`element[1][0]`+" login failure(s). Banned.")
 					fireWall.addBanIP(element[0], conf["debug"])
 			
 		except KeyboardInterrupt:
-			# When the user press <ctrl>+<c> we flush the ban list
-			# and exit nicely.
-			logSys.info("Restoring firewall rules...")
-			fireWall.flushBanList(conf["debug"])
-			removePID(conf["pidlock"])
-			logSys.warn("Exiting...")
-			sys.exit(0)
+			# When the user press <ctrl>+<c> we exit nicely.
+			killApp()

From ad93288bd8f08cae88c7d19af1f743a446dfa71a Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:45:55 +0000
Subject: [PATCH 66/99] - Corrected log level - Removed unused import

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@78 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 confreader/configreader.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/confreader/configreader.py b/confreader/configreader.py
index dbdb5d2d..c3eb271b 100644
--- a/confreader/configreader.py
+++ b/confreader/configreader.py
@@ -24,8 +24,6 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import os, sys, time
-
 from ConfigParser import *
 
 class ConfigReader:
@@ -76,7 +74,7 @@ class ConfigReader:
 				
 				values[option[1]] = v
 			except NoOptionError:
-				self.logSys.info("No '"+option[1]+"' defined in '"+sec+"'")
+				self.logSys.warn("No '"+option[1]+"' defined in '"+sec+"'")
 				values[option[1]] = option[2]
 		return values
 		
\ No newline at end of file

From f6b9749650dda41cd6f1a92eb4ff3b12e3c23fa2 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:46:56 +0000
Subject: [PATCH 67/99] - Corrected log level - Dict iteration improved

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@79 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/firewall.py | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/firewall/firewall.py b/firewall/firewall.py
index 959373c3..a62a85ff 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -42,21 +42,21 @@ class Firewall:
 		""" Bans an IP.
 		"""
 		if not self.inBanList(ip):
-			self.logSys.info("Ban "+ip)
+			self.logSys.warn("Ban "+ip)
 			self.banList[ip] = time.time()
 			self.__executeCmd(self.banIP(ip), debug)
 		else:
-			self.logSys.info(ip+" already in ban list")
+			self.logSys.error(ip+" already in ban list")
 	
 	def delBanIP(self, ip, debug):
 		""" Unban an IP.
 		"""
 		if self.inBanList(ip):
-			self.logSys.info("Unban "+ip)
+			self.logSys.warn("Unban "+ip)
 			del self.banList[ip]
 			self.__executeCmd(self.unBanIP(ip), debug)
 		else:
-			self.logSys.info(ip+" not in ban list")
+			self.logSys.error(ip+" not in ban list")
 	
 	def inBanList(self, ip):
 		""" Checks if IP is in ban list.
@@ -67,9 +67,7 @@ class Firewall:
 		""" Check for IP to remove from ban list.
 		"""
 		banListTemp = self.banList.copy()
-		iterBanList = banListTemp.iteritems()
-		for i in range(len(self.banList)):
-			element = iterBanList.next()
+		for element in banListTemp.iteritems():
 			ip = element[0]
 			btime = element[1]
 			if btime < time.time()-self.banTime:
@@ -80,9 +78,7 @@ class Firewall:
 			Called when fail2ban exits.
 		"""
 		banListTemp = self.banList.copy()
-		iterBanList = banListTemp.iteritems()
-		for i in range(len(self.banList)):
-			element = iterBanList.next()
+		for element in banListTemp.iteritems():
 			ip = element[0]
 			self.delBanIP(ip, debug)
 	
@@ -98,7 +94,5 @@ class Firewall:
 	def viewBanList(self):
 		""" Prints the ban list on screen. Usefull for debugging.
 		"""
-		iterBanList = self.banList.iteritems()
-		for i in range(len(self.banList)):
-			element = iterBanList.next()
+		for element in self.banList.iteritems():
 			print element

From fa39e3b57d79b58c1b968a067c53ce5a6cb52210 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:47:51 +0000
Subject: [PATCH 68/99] - Added "self" in method parameters

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@80 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 firewall/ipfw.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/firewall/ipfw.py b/firewall/ipfw.py
index 79fe7c66..41fbc29b 100644
--- a/firewall/ipfw.py
+++ b/firewall/ipfw.py
@@ -39,7 +39,7 @@ class Ipfw(Firewall):
 	
 	crtRuleNbr = 0
 	
-	def getCrtRuleNbr():
+	def getCrtRuleNbr(self):
 		""" Gets the current rule number.
 		"""
 		return self.crtRuleNbr

From 6fb00dc5828e5c7e5d25fc020c4a8314bac26c7c Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:49:41 +0000
Subject: [PATCH 69/99] - Improved log parsing speed. We remember the last
 position and restart from there when the file is modified - Added DNS lookup
 support - Removed unused functions

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@81 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 43 ++++++++++++++++++------------------------
 1 file changed, 18 insertions(+), 25 deletions(-)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index b782a140..9da4ae76 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -26,6 +26,8 @@ __license__ = "GPL"
 
 import os, sys, time, re
 
+from utils.dns import *
+
 class LogReader:
 	""" Reads a log file and reports information about IP that make password
 		failure, bad user or anything else that is considered as doubtful login
@@ -41,6 +43,7 @@ class LogReader:
 		self.ignoreIpList = []
 		self.lastModTime = 0
 		self.logSys = logSys
+		self.lastPos = 0
 		
 	def setName(self, name):
 		""" Sets the name of the log reader.
@@ -98,13 +101,15 @@ class LogReader:
 		"""
 		ipList = dict()
 		logFile = self.openLogFile()
+		self.logSys.debug("Setting file position to " + `self.lastPos`)
+		logFile.seek(self.lastPos)
 		for line in logFile.readlines():
-			value = self.findFailure(line)
-			if value:
-				ip = value[0]
-				unixTime = value[1]
+			failList = self.findFailure(line)
+			for element in failList:
+				ip = element[0]
+				unixTime = element[1]
 				if unixTime < time.time()-self.findTime:
-					continue
+					break
 				if self.inIgnoreIPList(ip):
 					self.logSys.debug("Ignore "+ip)
 					continue
@@ -113,6 +118,7 @@ class LogReader:
 					ipList[ip] = (ipList[ip][0]+1, unixTime)
 				else:
 					ipList[ip] = (1, unixTime)
+		self.lastPos = logFile.tell()
 		logFile.close()
 		return ipList
 
@@ -123,16 +129,17 @@ class LogReader:
 			
 			Returns a dict with IP and timestamp.
 		"""
-		match = self.matchLine(self.failregex, line)
+		failList = list()
+		match = re.search(self.failregex, line)
 		if match:
-			timeMatch = self.matchLine(self.timeregex, match.string)
+			timeMatch = re.search(self.timeregex, match.string)
 			if timeMatch:
 				date = self.getUnixTime(timeMatch.group())
-				ipMatch = self.matchAddress(match.string)
+				ipMatch = textToIp(match.string)
 				if ipMatch:
-					ip = ipMatch.group()
-					return [ip, date]
-		return None
+					for ip in ipMatch:
+						failList.append([ip, date])
+		return failList
 		
 	def getUnixTime(self, value):
 		""" Returns the Unix timestamp of the given value.
@@ -144,17 +151,3 @@ class LogReader:
 			date[0] = time.gmtime()[0]
 		unixTime = time.mktime(date)
 		return unixTime
-	
-	def matchLine(self, pattern, line):
-		""" Checks if the line contains a pattern.
-			
-			Return a match object.
-		"""
-		return re.search(pattern, line)
-		
-	def matchAddress(self, line):
-		""" Return a match on the IP address present in
-			line.		
-		"""
-		return self.matchLine("(?:\d{1,3}\.){3}\d{1,3}", line)
-	
\ No newline at end of file

From 7af62c05faed75844512c82fea77a01619806c07 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:51:24 +0000
Subject: [PATCH 70/99] - Initial import

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@82 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 utils/__init__.py | 25 +++++++++++++
 utils/dns.py      | 94 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 119 insertions(+)
 create mode 100644 utils/__init__.py
 create mode 100644 utils/dns.py

diff --git a/utils/__init__.py b/utils/__init__.py
new file mode 100644
index 00000000..76dba873
--- /dev/null
+++ b/utils/__init__.py
@@ -0,0 +1,25 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
\ No newline at end of file
diff --git a/utils/dns.py b/utils/dns.py
new file mode 100644
index 00000000..13502cbe
--- /dev/null
+++ b/utils/dns.py
@@ -0,0 +1,94 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import os, re
+
+def dnsToIp(dns):
+	""" Convert a DNS into an IP address using the "host" command.
+		We make sure that there is no malicious usage of this function.
+	"""
+	ipList = list()
+	# Check for command injection
+	if checkInjection(dns):
+		return ipList
+	result = os.popen("host "+dns, 'r')
+	for i in result.readlines():
+		match = re.search("(?:\d{1,3}\.){3}\d{1,3}", i)
+		if match:
+			ipList.append(match.group())
+	return ipList
+
+def checkInjection(command):
+	""" Check that command could not be used to inject shell commands.
+	"""
+	# Characters which have nothing to do in "command"
+	invalid = "<|>|;|\&|\||`|!"
+	match = re.search(invalid, command)
+	if match:
+		return True
+	else:
+		return False
+
+def textToDns(text):
+	""" Search for possible DNS in an arbitrary text.
+	"""
+	match = re.findall("\w*\.\w*\.\w*", text)
+	if match:
+		return match
+	else:
+		return None
+
+def searchIP(text):
+	""" Search if an IP address if directly available and return
+		it.
+	"""
+	match = re.findall("(?:\d{1,3}\.){3}\d{1,3}", text)
+	if match:
+		return match
+	else:
+		return None
+
+def textToIp(text):
+	""" Return the IP of DNS found in a given text.
+	"""
+	ipList = list()
+	# Search for plain IP
+	plainIP = searchIP(text)
+	if plainIP:
+		for element in plainIP:
+			ipList.append(element)
+	else:
+		# Try to get IP from possible DNS
+		dnsList = textToDns(text)
+		for element in dnsList:
+			dns = dnsToIp(element)
+			for e in dns:
+				ipList.append(e)
+	return ipList
+
+if __name__ == "__main__":
+	print textToIp("jlkjlk 123.456.789.000 jlkjl rhost=lslpc49.epfl.ch www.google.ch")
+	
\ No newline at end of file

From 54f2fc0ae5d6ae652a1562039e15d78cb64017e7 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 17:52:53 +0000
Subject: [PATCH 71/99] - Added utils/__init__.py and utils/dns.py

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@83 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 MANIFEST | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/MANIFEST b/MANIFEST
index 90767c9e..68e7eb3b 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -14,4 +14,6 @@ logreader/__init__.py
 logreader/logreader.py
 confreader/__init__.py
 confreader/configreader.py
+utils/__init__.py
+utils/dns.py
 config/fail2ban.conf.default

From d6c1eb15432751d6651457c39c11660d0b48e6e5 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 18:27:42 +0000
Subject: [PATCH 72/99] - Return value of createDaemon() changed to True

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@84 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.py b/fail2ban.py
index 258b79c4..256533c9 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -402,7 +402,7 @@ if __name__ == "__main__":
 			retCode = createDaemon()
 			signal.signal(signal.SIGTERM, sigTERMhandler)
 			logSys.set_target(conf["logfile"])
-			if retCode != 0:
+			if not retCode:
 				logSys.error("Unable to start daemon")
 				sys.exit(-1)
 		elif c == "logging" and conf[c]:

From dabc1e96818e0c3547d7162bf828508c6653efc9 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 6 Mar 2005 18:28:19 +0000
Subject: [PATCH 73/99] - Added "utils" to packages

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@85 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 setup.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup.py b/setup.py
index 1e05ff47..b2bc7908 100755
--- a/setup.py
+++ b/setup.py
@@ -38,5 +38,5 @@ setup(
         url = "http://www.sourceforge.net/projects/fail2ban",
         scripts = ['fail2ban.py'],
         py_modules = ['version'],
-        packages = ['firewall', 'logreader', 'confreader']
-)
\ No newline at end of file
+        packages = ['firewall', 'logreader', 'confreader', 'utils']
+)

From 064ef28dc45fe8e09a8e3dd8833516dc9cfa9868 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 7 Mar 2005 14:46:33 +0000
Subject: [PATCH 74/99] - Bug fix: check for log rotation using the file size.
 Not the best solution...

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@86 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index 9da4ae76..fc9bda0c 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -44,6 +44,8 @@ class LogReader:
 		self.lastModTime = 0
 		self.logSys = logSys
 		self.lastPos = 0
+		self.lastSize = 0
+		self.logStats = None
 		
 	def setName(self, name):
 		""" Sets the name of the log reader.
@@ -80,18 +82,33 @@ class LogReader:
 		""" Checks if the log file has been modified using os.stat().
 		"""
 		try:
-			logStats = os.stat(self.logPath)
+			self.logStats = os.stat(self.logPath)
 		except OSError:
 			self.logSys.error("Unable to get stat on "+self.logPath)
 			sys.exit(-1)
 		
-		if self.lastModTime == logStats.st_mtime:
+		if self.lastModTime == self.logStats.st_mtime:
 			return False
 		else:
 			self.logSys.debug(self.logPath+" has been modified")
-			self.lastModTime = logStats.st_mtime
+			self.lastModTime = self.logStats.st_mtime
 			return True
 	
+	def setFilePos(self, file):
+		""" Sets the file position. We must take care of log file rotation
+			and reset the position to 0 in that case. Use the file size in
+			order to detect this. Not the best solution yet.		
+		"""
+		if self.lastSize > self.logStats.st_size:
+			self.logSys.debug("Size " + `self.logStats.st_size` + " is " +
+							"smaller than " + `self.lastSize`)
+			self.logSys.debug("Log rotation detected")
+			self.lastPos = 0
+		
+		self.lastSize = self.logStats.st_size
+		self.logSys.debug("Setting file position to " + `self.lastPos`)
+		file.seek(self.lastPos)
+	
 	def getFailures(self):
 		""" Gets all the failure in the log file which are
 			newer than time.time()-self.findTime.
@@ -101,8 +118,7 @@ class LogReader:
 		"""
 		ipList = dict()
 		logFile = self.openLogFile()
-		self.logSys.debug("Setting file position to " + `self.lastPos`)
-		logFile.seek(self.lastPos)
+		self.setFilePos(logFile)
 		for line in logFile.readlines():
 			failList = self.findFailure(line)
 			for element in failList:

From 36571c2ba9cd7e75c39df53215f6ed61e4250898 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Mon, 7 Mar 2005 17:08:38 +0000
Subject: [PATCH 75/99] - Bug fix: return [] instead of 'None'

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@87 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 utils/dns.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/utils/dns.py b/utils/dns.py
index 13502cbe..91b1fdca 100644
--- a/utils/dns.py
+++ b/utils/dns.py
@@ -59,7 +59,7 @@ def textToDns(text):
 	if match:
 		return match
 	else:
-		return None
+		return []
 
 def searchIP(text):
 	""" Search if an IP address if directly available and return
@@ -69,7 +69,7 @@ def searchIP(text):
 	if match:
 		return match
 	else:
-		return None
+		return []
 
 def textToIp(text):
 	""" Return the IP of DNS found in a given text.
@@ -77,9 +77,8 @@ def textToIp(text):
 	ipList = list()
 	# Search for plain IP
 	plainIP = searchIP(text)
-	if plainIP:
-		for element in plainIP:
-			ipList.append(element)
+	for element in plainIP:
+		ipList.append(element)
 	else:
 		# Try to get IP from possible DNS
 		dnsList = textToDns(text)

From 10d0070d425817e3c6eafb10368b14e12528842c Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 8 Mar 2005 21:08:16 +0000
Subject: [PATCH 76/99] - Log parsing improvements were totally wrong. Removed

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@88 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index fc9bda0c..5eb4cf6d 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -118,7 +118,7 @@ class LogReader:
 		"""
 		ipList = dict()
 		logFile = self.openLogFile()
-		self.setFilePos(logFile)
+		#self.setFilePos(logFile)
 		for line in logFile.readlines():
 			failList = self.findFailure(line)
 			for element in failList:
@@ -134,7 +134,7 @@ class LogReader:
 					ipList[ip] = (ipList[ip][0]+1, unixTime)
 				else:
 					ipList[ip] = (1, unixTime)
-		self.lastPos = logFile.tell()
+		#self.lastPos = logFile.tell()
 		logFile.close()
 		return ipList
 

From 0a80b69db56d11a5dccfa7e62d490060acc9bc33 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 8 Mar 2005 21:11:07 +0000
Subject: [PATCH 77/99] =?UTF-8?q?-=20Removed=20the=20"host"=20command=20de?=
 =?UTF-8?q?pendency.=20Used=20Python=20socket=20module=20instead.=20Thanks?=
 =?UTF-8?q?=20to=20K=EF=BF=BDvin=20Drapel?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@89 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 utils/dns.py | 35 +++++++++++------------------------
 1 file changed, 11 insertions(+), 24 deletions(-)

diff --git a/utils/dns.py b/utils/dns.py
index 91b1fdca..7b21daa5 100644
--- a/utils/dns.py
+++ b/utils/dns.py
@@ -24,33 +24,16 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import os, re
+import os, re, socket
 
 def dnsToIp(dns):
-	""" Convert a DNS into an IP address using the "host" command.
-		We make sure that there is no malicious usage of this function.
+	""" Convert a DNS into an IP address using the Python socket module.
+		Thanks to Kévin Drapel.
 	"""
-	ipList = list()
-	# Check for command injection
-	if checkInjection(dns):
-		return ipList
-	result = os.popen("host "+dns, 'r')
-	for i in result.readlines():
-		match = re.search("(?:\d{1,3}\.){3}\d{1,3}", i)
-		if match:
-			ipList.append(match.group())
-	return ipList
-
-def checkInjection(command):
-	""" Check that command could not be used to inject shell commands.
-	"""
-	# Characters which have nothing to do in "command"
-	invalid = "<|>|;|\&|\||`|!"
-	match = re.search(invalid, command)
-	if match:
-		return True
-	else:
-		return False
+	try:
+		return socket.gethostbyname_ex(dns)[2]
+	except socket.gaierror:
+		return list()
 
 def textToDns(text):
 	""" Search for possible DNS in an arbitrary text.
@@ -90,4 +73,8 @@ def textToIp(text):
 
 if __name__ == "__main__":
 	print textToIp("jlkjlk 123.456.789.000 jlkjl rhost=lslpc49.epfl.ch www.google.ch")
+	try:
+		print socket.gethostbyname_ex("www.google")[2]
+	except socket.gaierror:
+		print "Error"
 	
\ No newline at end of file

From 949eb89c76e2e2ef4dcc71da23b0242bfb200339 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 8 Mar 2005 21:11:46 +0000
Subject: [PATCH 78/99] - Removed the "host" command dependency

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@90 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 README | 1 -
 1 file changed, 1 deletion(-)

diff --git a/README b/README
index 54a34bb5..a201b81f 100644
--- a/README
+++ b/README
@@ -56,7 +56,6 @@ Installation:
 
 Require: python-2.3 (http://www.python.org)
          log4py-1.1 (http://sourceforge.net/projects/log4py)
-         host (http://www.isc.org/products/BIND/bind9.html)
 
 To install, just do:
 

From c442955e30ac29fa29d11156ecf3208c3961690a Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 11 Mar 2005 15:33:36 +0000
Subject: [PATCH 79/99] - Bug fix: check for DNS only if no IP address found

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@91 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 utils/dns.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/utils/dns.py b/utils/dns.py
index 7b21daa5..6675cf35 100644
--- a/utils/dns.py
+++ b/utils/dns.py
@@ -28,7 +28,7 @@ import os, re, socket
 
 def dnsToIp(dns):
 	""" Convert a DNS into an IP address using the Python socket module.
-		Thanks to Kévin Drapel.
+		Thanks to Kevin Drapel.
 	"""
 	try:
 		return socket.gethostbyname_ex(dns)[2]
@@ -62,7 +62,7 @@ def textToIp(text):
 	plainIP = searchIP(text)
 	for element in plainIP:
 		ipList.append(element)
-	else:
+	if not ipList:
 		# Try to get IP from possible DNS
 		dnsList = textToDns(text)
 		for element in dnsList:
@@ -74,7 +74,7 @@ def textToIp(text):
 if __name__ == "__main__":
 	print textToIp("jlkjlk 123.456.789.000 jlkjl rhost=lslpc49.epfl.ch www.google.ch")
 	try:
-		print socket.gethostbyname_ex("www.google")[2]
+		print socket.gethostbyname_ex("195.122.223.30")[2]
 	except socket.gaierror:
 		print "Error"
-	
\ No newline at end of file
+	

From 7f62f9df89602bd1e1af0291abd1140ae3a53d4e Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 29 Mar 2005 14:37:46 +0000
Subject: [PATCH 80/99] - The optimization in log reading should work

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@92 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 38 ++++++++++++++++++++++++++++----------
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index 5eb4cf6d..d76b39d8 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -34,7 +34,8 @@ class LogReader:
 		attempt.	
 	"""
 	
-	def __init__(self, logSys, logPath, timeregex, timepattern, failregex, findTime = 3600):
+	def __init__(self, logSys, logPath, timeregex, timepattern, failregex,
+		findTime = 3600):
 		self.logPath = logPath
 		self.timeregex = timeregex
 		self.timepattern = timepattern
@@ -44,7 +45,7 @@ class LogReader:
 		self.lastModTime = 0
 		self.logSys = logSys
 		self.lastPos = 0
-		self.lastSize = 0
+		self.lastDate = 0
 		self.logStats = None
 		
 	def setName(self, name):
@@ -57,6 +58,11 @@ class LogReader:
 		"""
 		return self.name
 	
+	def getFindTime(self):
+		""" Gets the find time.
+		"""
+		return self.findTime
+	
 	def addIgnoreIP(self, ip):
 		""" Adds an IP to the ignore list.
 		"""
@@ -96,16 +102,16 @@ class LogReader:
 	
 	def setFilePos(self, file):
 		""" Sets the file position. We must take care of log file rotation
-			and reset the position to 0 in that case. Use the file size in
-			order to detect this. Not the best solution yet.		
+			and reset the position to 0 in that case. Use the log message
+			timestamp in order to detect this.		
 		"""
-		if self.lastSize > self.logStats.st_size:
-			self.logSys.debug("Size " + `self.logStats.st_size` + " is " +
-							"smaller than " + `self.lastSize`)
+		line = file.readline()
+		if self.lastDate < self.getTime(line):
+			self.logSys.debug("Date " + `self.lastDate` + " is " +
+							"smaller than " + `self.getTime(line)`)
 			self.logSys.debug("Log rotation detected")
 			self.lastPos = 0
 		
-		self.lastSize = self.logStats.st_size
 		self.logSys.debug("Setting file position to " + `self.lastPos`)
 		file.seek(self.lastPos)
 	
@@ -118,8 +124,10 @@ class LogReader:
 		"""
 		ipList = dict()
 		logFile = self.openLogFile()
-		#self.setFilePos(logFile)
+		self.setFilePos(logFile)
+		lastLine = ''
 		for line in logFile.readlines():
+			lastLine = line
 			failList = self.findFailure(line)
 			for element in failList:
 				ip = element[0]
@@ -134,7 +142,8 @@ class LogReader:
 					ipList[ip] = (ipList[ip][0]+1, unixTime)
 				else:
 					ipList[ip] = (1, unixTime)
-		#self.lastPos = logFile.tell()
+		self.lastPos = logFile.tell()
+		self.lastDate = self.getTime(lastLine)
 		logFile.close()
 		return ipList
 
@@ -156,6 +165,15 @@ class LogReader:
 					for ip in ipMatch:
 						failList.append([ip, date])
 		return failList
+	
+	def getTime(self, line):
+		""" Gets the time of a log message.
+		"""
+		date = 0
+		timeMatch = re.search(self.timeregex, line)
+		if timeMatch:
+			date = self.getUnixTime(timeMatch.group())
+		return date
 		
 	def getUnixTime(self, value):
 		""" Returns the Unix timestamp of the given value.

From 3368f7dd147d9312140f9f6db15462d01af0e929 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 29 Mar 2005 14:38:56 +0000
Subject: [PATCH 81/99] - Updated TODO list

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@93 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 TODO | 1 +
 1 file changed, 1 insertion(+)

diff --git a/TODO b/TODO
index cdd565ca..569a127c 100644
--- a/TODO
+++ b/TODO
@@ -12,3 +12,4 @@ ToDo
   handling
 - improve installation process
 - add init script
+- use FAM (inotify, gamin, ...)

From 4d9615f68a9699a59bb97f97c65f531f2acf35b1 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Tue, 29 Mar 2005 14:41:34 +0000
Subject: [PATCH 82/99] - Updated main loop (needed by logreader optimization)

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@94 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 35 ++++++++++++++++++++++++++---------
 1 file changed, 26 insertions(+), 9 deletions(-)

diff --git a/fail2ban.py b/fail2ban.py
index 256533c9..22587391 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -475,6 +475,7 @@ if __name__ == "__main__":
 			element.addIgnoreIP(ip)
 	
 	logSys.info("Fail2Ban v"+version+" is running")
+	failListFull = dict()
 	# Main loop
 	while True:
 		try:
@@ -505,20 +506,36 @@ if __name__ == "__main__":
 				for key in e.iterkeys():
 					if failList.has_key(key):
 						if failList[key][0] < e[key][0]:
-							failList[key] = (e[key][0], e[key][1],
-											element.getName())
+							failList[key] = (e[key][0], e[key][1], element)
 					else:
-						failList[key] = (e[key][0], e[key][1],
-										element.getName())
+						failList[key] = (e[key][0], e[key][1], element)
 				
+			# Add the last log failures to the global failure list.
+			for key in failList.iterkeys():
+				if failListFull.has_key(key):
+					failListFull[key] = (failListFull[key][0] + 1,
+										failList[key][1], failList[key][2])
+				else:
+					failListFull[key] = failList[key]
+			
+			# Remove the oldest failure attempts from the global list.
+			unixTime = time.time()
+			failListFullTemp = failListFull.copy()
+			for key in failListFullTemp.iterkeys():
+				failTime = failListFullTemp[key][2].getFindTime()
+				if failListFullTemp[key][1] < unixTime - failTime:
+					del failListFull[key]
 			
 			# We iterate the failure list and ban IP that make
 			# *retryAllowed* login failures.
-			for element in failList.iteritems():
-				if element[1][0] >= conf["maxretry"]:
-					logSys.info(`element[1][2]`+": "+element[0]+" has "+
-								`element[1][0]`+" login failure(s). Banned.")
-					fireWall.addBanIP(element[0], conf["debug"])
+			failListFullTemp = failListFull.copy()
+			for key in failListFullTemp.iterkeys():
+				element = failListFullTemp[key]
+				if element[0] >= conf["maxretry"]:
+					logSys.info(element[2].getName()+": "+key+" has "+
+								`element[0]`+" login failure(s). Banned.")
+					fireWall.addBanIP(key, conf["debug"])
+					del failListFull[key]
 			
 		except KeyboardInterrupt:
 			# When the user press <ctrl>+<c> we exit nicely.

From 62feec3227746dbb4d68d9b125481c11fd53786f Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 30 Mar 2005 22:48:38 +0000
Subject: [PATCH 83/99] - Improved verbose mode

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@95 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG   |  1 +
 README      |  2 +-
 fail2ban.py | 14 +++++++++-----
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index a8abaac6..86e83aaf 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,7 @@ ver. 0.3.1 (??/??/2005) - beta
 - Corrected level of messages
 - Added DNS lookup support
 - Improved parsing speed. Only parse the new log messages
+- Added a second verbose level (-vv)
 
 ver. 0.3.0 (02/24/2005) - beta
 ----------
diff --git a/README b/README
index a201b81f..658d900b 100644
--- a/README
+++ b/README
@@ -94,7 +94,7 @@ options:
   -l <FILE>  log message in FILE
   -r <VALUE> allow a max of VALUE password failure
   -t <TIME>  ban IP for TIME seconds
-  -v         verbose
+  -v         verbose. Use twice for greater effect
   -w <FIWA>  select the firewall to use. Can be iptables,
              ipfwadm or ipfw
 
diff --git a/fail2ban.py b/fail2ban.py
index 22587391..d7ee42df 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -63,7 +63,7 @@ def usage():
 	print "  -l <FILE>  log message in FILE"
 	print "  -r <VALUE> allow a max of VALUE password failure"
 	print "  -t <TIME>  ban IP for TIME seconds"
-	print "  -v         verbose"
+	print "  -v         verbose. Use twice for greater effect"
 	print "  -w <FIWA>  select the firewall to use. Can be iptables,"
 	print "             ipfwadm or ipfw"
 	print
@@ -212,7 +212,7 @@ if __name__ == "__main__":
 	logSys.set_formatstring("%T %L %M")
 	
 	conf = dict()
-	conf["verbose"] = False
+	conf["verbose"] = 0
 	conf["background"] = False
 	conf["debug"] = False
 	conf["conffile"] = "/etc/fail2ban.conf"
@@ -357,7 +357,7 @@ if __name__ == "__main__":
 		if opt[0] == "-h":
 			usage()
 		if opt[0] == "-v":
-			conf["verbose"] = True
+			conf["verbose"] = conf["verbose"] + 1
 		if opt[0] == "-b":
 			conf["background"] = True
 		if opt[0] == "-d":
@@ -393,8 +393,12 @@ if __name__ == "__main__":
 
 	# Process some options
 	for c in conf:
-		if c == "verbose" and conf[c]:
-			logSys.set_loglevel(log4py.LOGLEVEL_VERBOSE)
+		if c == "verbose":
+			logSys.warn("Verbose level is "+`conf[c]`)
+			if conf[c] == 1:
+				logSys.set_loglevel(log4py.LOGLEVEL_VERBOSE)
+			elif conf[c] > 1:
+				logSys.set_loglevel(log4py.LOGLEVEL_DEBUG)
 		elif c == "debug" and conf[c]:
 			logSys.set_loglevel(log4py.LOGLEVEL_DEBUG)
 			logSys.set_formatstring(log4py.FMT_DEBUG)

From 6f6742266c57d0ad83146b06b3e39c6964091d20 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 31 Mar 2005 15:45:24 +0000
Subject: [PATCH 84/99] - Improved debug messages

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@96 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 logreader/logreader.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/logreader/logreader.py b/logreader/logreader.py
index d76b39d8..4778b3ba 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -109,10 +109,11 @@ class LogReader:
 		if self.lastDate < self.getTime(line):
 			self.logSys.debug("Date " + `self.lastDate` + " is " +
 							"smaller than " + `self.getTime(line)`)
-			self.logSys.debug("Log rotation detected")
+			self.logSys.debug("Log rotation detected for " + self.logPath)
 			self.lastPos = 0
 		
-		self.logSys.debug("Setting file position to " + `self.lastPos`)
+		self.logSys.debug("Setting file position to " + `self.lastPos` + " for "
+						+ self.logPath)
 		file.seek(self.lastPos)
 	
 	def getFailures(self):
@@ -123,6 +124,7 @@ class LogReader:
 			and the latest failure time.
 		"""
 		ipList = dict()
+		self.logSys.debug(self.logPath)
 		logFile = self.openLogFile()
 		self.setFilePos(logFile)
 		lastLine = ''

From 35e12b9ef32308db889736dcd665c617f36cc021 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 31 Mar 2005 15:46:57 +0000
Subject: [PATCH 85/99] - Cleanups

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@97 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 utils/dns.py | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/utils/dns.py b/utils/dns.py
index 6675cf35..70007714 100644
--- a/utils/dns.py
+++ b/utils/dns.py
@@ -70,11 +70,3 @@ def textToIp(text):
 			for e in dns:
 				ipList.append(e)
 	return ipList
-
-if __name__ == "__main__":
-	print textToIp("jlkjlk 123.456.789.000 jlkjl rhost=lslpc49.epfl.ch www.google.ch")
-	try:
-		print socket.gethostbyname_ex("195.122.223.30")[2]
-	except socket.gaierror:
-		print "Error"
-	

From 04ae381215c87789a577e4fdbb90ee7ea137673a Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 31 Mar 2005 15:52:02 +0000
Subject: [PATCH 86/99] - Prepared for 0.3.1 release

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@98 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG  | 4 ++--
 README     | 8 ++++----
 setup.py   | 2 +-
 version.py | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 86e83aaf..cfb448aa 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,10 +4,10 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.3.1)                           ??/??/2005
+Fail2Ban (version 0.3.1)                           31/03/2005
 =============================================================
 
-ver. 0.3.1 (??/??/2005) - beta
+ver. 0.3.1 (03/31/2005) - beta
 ----------
 - Corrected level of messages
 - Added DNS lookup support
diff --git a/README b/README
index 658d900b..df7a97e0 100644
--- a/README
+++ b/README
@@ -4,11 +4,11 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.3.0)                           02/24/2005
+Fail2Ban (version 0.3.1)                           03/31/2005
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
-that makes too much password failures. It updates firewall
+that makes too many password failures. It updates firewall
 rules to reject the IP address. Currently iptables, ipfw and
 ipfwadm are supported. Fail2Ban can read multiple log files
 such as sshd or Apache web server ones. It needs log4py.
@@ -59,8 +59,8 @@ Require: python-2.3 (http://www.python.org)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.3.0.tar.bz2
-> cd fail2ban-0.3.0
+> tar xvfj fail2ban-0.3.1.tar.bz2
+> cd fail2ban-0.3.1
 > python setup.py install
 
 This will install Fail2Ban into /usr/lib/fail2ban. The
diff --git a/setup.py b/setup.py
index b2bc7908..eee601bc 100755
--- a/setup.py
+++ b/setup.py
@@ -32,7 +32,7 @@ from version import version
 setup(
         name = "fail2ban",
         version = version,
-        description = "Ban IPs that make too much password failure",
+        description = "Ban IPs that make too many password failure",
         author = "Cyril Jaquier",
         author_email = "lostcontrol@users.sourceforge.net",
         url = "http://www.sourceforge.net/projects/fail2ban",
diff --git a/version.py b/version.py
index cb074256..50e0dcba 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.3.0-CVS"
+version = "0.3.1"

From 77dc3e426117c05e12a8277a176e22af1426ba00 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 31 Mar 2005 16:04:52 +0000
Subject: [PATCH 87/99] =?UTF-8?q?-=20Fixed=20exception=20if=20trying=20to?=
 =?UTF-8?q?=20kill=20Fail2Ban=20with=20a=20fail2ban.pid=20file=20present.?=
 =?UTF-8?q?=20Thanks=20to=20K=EF=BF=BDvin=20Drapel?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@99 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fail2ban.py b/fail2ban.py
index d7ee42df..bc2f1f80 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -203,7 +203,12 @@ def killPID(pid):
 	""" Kills the process with the given PID using the
 		INT signal (same effect as <ctrl>+<c>).
 	"""
-	return os.kill(pid, 2)
+	try:
+		return os.kill(pid, 2)
+	except OSError:
+		logSys.error("Can not kill process " + `pid` + ". Please check that " +
+					"Fail2Ban is not running and remove the file " +
+					"'/tmp/fail2ban.pid'")
 
 if __name__ == "__main__":
 	

From a4ff90cd0a1e0ed90d343b7fd09c39d06dc9e06b Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 3 Apr 2005 12:08:57 +0000
Subject: [PATCH 88/99] =?UTF-8?q?-=20Fixed=20textToDNS=20method=20which=20?=
 =?UTF-8?q?did=20not=20recognize=20"12-344-54-33.adsl.xyz.ab".=20Thanks=20?=
 =?UTF-8?q?to=20K=EF=BF=BDvin=20Drapel?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@101 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 utils/dns.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/dns.py b/utils/dns.py
index 70007714..9c8e47a7 100644
--- a/utils/dns.py
+++ b/utils/dns.py
@@ -38,7 +38,7 @@ def dnsToIp(dns):
 def textToDns(text):
 	""" Search for possible DNS in an arbitrary text.
 	"""
-	match = re.findall("\w*\.\w*\.\w*", text)
+	match = re.findall("\S*\.\w*\.\w*", text)
 	if match:
 		return match
 	else:

From 0c9c50397ae30716ce6db36524d4ff855848e4d5 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 3 Apr 2005 12:12:52 +0000
Subject: [PATCH 89/99] - Fixed bug in utils/dns.py

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@102 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG b/CHANGELOG
index cfb448aa..466abc2b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,9 +4,14 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.3.1)                           31/03/2005
+Fail2Ban (version 0.3.2)                           ??/??/2005
 =============================================================
 
+ver. 0.3.2 (??/??/2005) - ????
+----------
+- Fixed textToDNS which did not recognize strings like
+  "12-345-67-890.abcd.mnopqr.xyz"
+
 ver. 0.3.1 (03/31/2005) - beta
 ----------
 - Corrected level of messages

From 468f70dc15faa0ad6c9b7b30785cce892f0f2e30 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 3 Apr 2005 12:13:11 +0000
Subject: [PATCH 90/99] - Changed to CVS version

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@103 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 version.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/version.py b/version.py
index 50e0dcba..18e7d984 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.3.1"
+version = "0.3.1-CVS"

From b0cae2c43f4196783598d6198a3ec8b82f333d5f Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 24 Apr 2005 11:03:44 +0000
Subject: [PATCH 91/99] - Changed all sections to disabled by default - Add
 "Invalid user" to SSH failregex

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@104 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/fail2ban.conf.default | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index 43f08b86..19aceec1 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -54,7 +54,7 @@ polltime = 1
 
 [Apache]
 # enabled: is this section active ?
-enabled = true
+enabled = false
 
 # logfile: file to monitor.
 logfile = log-test/apache
@@ -75,7 +75,7 @@ failregex = authentication failure|user .* not found
 
 [SSH]
 # enabled: is this section active ?
-enabled = true
+enabled = false
 
 # logfile: file to monitor.
 logfile = log-test/current
@@ -92,5 +92,4 @@ timepattern = %%b %%d %%H:%%M:%%S
 
 # failregex: regular expression which have to match the
 # message written in the log file in case of password failure.
-failregex = Authentication failure|Failed password
-
+failregex = Authentication failure|Failed password|Invalid user

From a051e05cb441d866025153faf22ccaa25c9defb7 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 24 Apr 2005 11:04:29 +0000
Subject: [PATCH 92/99] - Prepared for 0.4.0 release

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@105 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG  |  4 ++--
 README     | 15 ++++++++-------
 version.py |  2 +-
 3 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 466abc2b..31040708 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,10 +4,10 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.3.2)                           ??/??/2005
+Fail2Ban (version 0.4.0)                           04/24/2005
 =============================================================
 
-ver. 0.3.2 (??/??/2005) - ????
+ver. 0.4.0 (04/24/2005) - stable
 ----------
 - Fixed textToDNS which did not recognize strings like
   "12-345-67-890.abcd.mnopqr.xyz"
diff --git a/README b/README
index df7a97e0..a10875a9 100644
--- a/README
+++ b/README
@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.3.1)                           03/31/2005
+Fail2Ban (version 0.4.0)                           04/24/2005
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -13,9 +13,8 @@ rules to reject the IP address. Currently iptables, ipfw and
 ipfwadm are supported. Fail2Ban can read multiple log files
 such as sshd or Apache web server ones. It needs log4py.
 
-This is my first Python program. I began learning Python for
-less than one week so please be understanding ;-) English is
-not either my mother tongue...
+This is my first Python program. Moreover, English is not my
+mother tongue...
 
 
 More details:
@@ -28,8 +27,8 @@ brute force or scripts. They try 10, 20 and sometimes more
 user/password (without success anyway). In order to
 discourage these script kiddies, I wanted that sshd refuse
 login from a specific ip after 3 password failures. After
-some google searches, I found that sshd was not able of that.
-So I search for a script or program that do it. Found
+some Google searches, I found that sshd was not able of that.
+So I search for a script or program that do it. I found
 nothing :-( So I decide to write mine and to learn Python :-)
 
 For each sections defined in the configuration file, Fail2Ban
@@ -37,7 +36,7 @@ tries to find lines which match the failregex. Then it
 retrieves the message time using timeregex and timepattern.
 It finally gets the ip and if it has already done 3 or more
 password failures in the last banTime, the ip is banned for
-banTime using a iptable rule. After banTime, the rule is
+banTime using a firewall rule. After banTime, the rule is
 deleted. Notice that if no "plain" ip is available, Fail2Ban
 try to do DNS lookup in order to found one or several ip's to
 ban.
@@ -66,6 +65,8 @@ To install, just do:
 This will install Fail2Ban into /usr/lib/fail2ban. The
 fail2ban.py executable is placed into /usr/bin.
 
+For Gentoo users, an ebuild is available on the website.
+
 Fail2Ban should now be correctly installed. Just type:
 
 > fail2ban.py -h
diff --git a/version.py b/version.py
index 18e7d984..8334c777 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.3.1-CVS"
+version = "0.4.0"

From 51f1dcee55cf2d48bdea05435cd042c888028400 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sat, 28 May 2005 19:46:18 +0000
Subject: [PATCH 93/99] - Fixed textToDNS method which generated wrong matches
 for "rhost=12-xyz...". Thanks to Tom Pike

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@107 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 utils/dns.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/utils/dns.py b/utils/dns.py
index 9c8e47a7..ce629d69 100644
--- a/utils/dns.py
+++ b/utils/dns.py
@@ -37,8 +37,9 @@ def dnsToIp(dns):
 
 def textToDns(text):
 	""" Search for possible DNS in an arbitrary text.
+		Thanks to Tom Pike.
 	"""
-	match = re.findall("\S*\.\w*\.\w*", text)
+	match = re.findall("(?:(?:\w|-)+\.){2,}\w+", text)
 	if match:
 		return match
 	else:

From 9317581b187cfa7a82128606c2f379d5f7cf5ddd Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Wed, 29 Jun 2005 06:17:28 +0000
Subject: [PATCH 94/99] - Modified for readability. Thanks to Iain Lea

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@108 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/fail2ban.conf.default | 142 +++++++++++++++++++++++------------
 1 file changed, 95 insertions(+), 47 deletions(-)

diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index 19aceec1..0e547bb4 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -1,51 +1,75 @@
 # Fail2Ban configuration file
 #
 # $Revision$
+#
+# 2005.06.21  modified for readability  Iain Lea  iain@bricbrac.de
 
 [DEFAULT]
-
-# firewall: select the firewall system to use. Actually,
-# the available options are: iptables, ipfwadm, ipfw
+# Option:  firewall
+# Notes.:  select the firewall system to use.
+# Values:  [iptables | ipfwadm | ipfw]  Default:  iptables
+#
 firewall = iptables
 
-# ipfw-start-rule: set the first rule number used by Fail2Ban.
-# This option is only used if firewall = ipfw.
+# Option:  ipfw-start-rule
+# Notes.:  set first firewall rule number used (only used if firewall = ipfw).
+# Values:  NUM  Default:  100
+#
 ipfw-start-rule = 100
 
-# background: true to start fail2ban as a daemon. Output
-# is redirect to logfile.
+# Option:  background
+# Notes.:  start fail2ban as a daemon. Output is redirect to logfile.
+# Values:  [true | false]  Default:  false
+#
 background = false
 
-# debug: true to enable debug mode. More verbose output
-# and bypass root user test.
+# Option:  debug
+# Notes.:  enable debug mode. More verbose output and bypass root user test.
+# Values:  [true | false]  Default:  false
+#
 debug = false
 
-# pidlock: the path of the PID lock file. Fail2Ban must be
-# able to write into that file.
-#pidlock = /var/run/fail2ban.pid
+# Option:  pidlock
+# Notes.:  path of the PID lock file (must be able to write to file).
+# Values:  FILE  Default:  /var/run/fail2ban.pid
+#
+pidlock = /var/run/fail2ban.pid
 
-# logfile: the path of the file for logging messages of
-# fail2ban.
+# Option:  logfile
+# Notes.:  logfile for logging fail2ban messages.
+# Values:  FILE  Default:  /var/log/fail2ban.log
+#
 logfile = /var/log/fail2ban.log
 
-# maxretry: the number of retry before IP gets ban.
+# Option:  maxretry
+# Notes.:  number of retrys before IP gets banned.
+# Values:  NUM  Default:  3
+#
 maxretry = 3
 
-# bantime: the number of seconds an IP will be ban.
+# Option:  bantime
+# Notes.:  number of seconds an IP will be banned.
+# Values:  NUM  Default:  600
+#
 bantime = 600
 
-# ignoreip: a space separated list that contains IP which
-# will be ignore by fail2ban. Example:
-# ignoreip = 192.168.0.1 123.45.235.65
+# Option:  ignoreip
+# Notes.:  space separated list of IP's to be ignored by fail2ban
+#          Example:  ignoreip = 192.168.0.1 123.45.235.65
+# Values:  IP  Default:  
+#
 ignoreip = 
 
-# interface: the interface name on which the IP will be
-# banned.
+# Option:  interface
+# Notes.:  interface name on which the IP will be banned.
+# Values:  INT  Default:  eth0
+#
 interface = eth0
 
-# polltime: the number of seconds that fail2ban sleeps
-# between two iteration (check for IP to unban - parse
-# log file). 1 is a good value.
+# Option:  polltime
+# Notes.:  number of seconds fail2ban sleeps between iterations.
+# Values:  NUM  Default:  1
+#
 polltime = 1
 
 # You can define a new section for each log file to check for
@@ -53,43 +77,67 @@ polltime = 1
 # options: logfile, timeregex, timepattern, failregex.
 
 [Apache]
-# enabled: is this section active ?
+# Option:  enabled
+# Notes.:  enable monitoring for this section.
+# Values:  [true | false]  Default:  false
+#
 enabled = false
 
-# logfile: file to monitor.
-logfile = log-test/apache
+# Option:  logfile
+# Notes.:  logfile to monitor.
+# Values:  FILE  Default:  /var/log/httpd/access_log
+#
+logfile = /var/log/httpd/access_log
 
-# timeregex: regular expression which have to match the
-# timestamp of an Apache log event.
-# [Wed Jan 05 15:08:01 2005]
+# Option:  timeregex
+# Notes.:  regex to match timestamp in Apache logfile.
+# Values:  [Wed Jan 05 15:08:01 2005]  
+# Default  \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
+#
 timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
 
-# timepattern: indicates the "timeregex" fields signification.
-# Notice that '%' must be espaced with '%'.
-# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
+# Option:  timepattern
+# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
+#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values:  TEXT  Default:  %%a %%b %%d %%H:%%M:%%S %%Y
+#
 timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
 
-# failregex: regular expression which have to match the
-# message written in the log file in case of password failure.
+# Option:  failregex
+# Notes.:  regex to match the password failure messages in the logfile.
+# Values:  TEXT  Default:  authentication failure|user .* not found
+#
 failregex = authentication failure|user .* not found
 
 [SSH]
-# enabled: is this section active ?
-enabled = false
+# Option:  enabled
+# Notes.:  enable monitoring for this section.
+# Values:  [true | false]  Default:  true
+#
+enabled = true
 
-# logfile: file to monitor.
-logfile = log-test/current
+# Option:  logfile
+# Notes.:  logfile to monitor.
+# Values:  FILE  Default:  /var/log/secure
+#
+logfile = /var/log/secure
 
-# timeregex: regular expression which have to match the
-# timestamp of an Apache log event.
-# Mar  7 17:53:28
+# Option:  timeregex
+# Notes.:  regex to match timestamp in SSH logfile.
+# Values:  [Mar  7 17:53:28]  
+# Default  \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+#
 timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
 
-# timepattern: indicates the "timeregex" fields signification.
-# Notice that '%' must be espaced with '%'.
-# See syntax here: http://rgruet.free.fr/PQR2.3.html#timeModule
+# Option:  timepattern
+# Notes.:  format used in "timeregex" fields definition. Note that '%' must be
+#          escaped with '%' (see http://rgruet.free.fr/PQR2.3.html#timeModule)
+# Values:  TEXT  Default:  %%b %%d %%H:%%M:%%S
+#
 timepattern = %%b %%d %%H:%%M:%%S
 
-# failregex: regular expression which have to match the
-# message written in the log file in case of password failure.
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile.
+# Values:  TEXT  Default:  Authentication failure|Failed password|Invalid user
+#
 failregex = Authentication failure|Failed password|Invalid user

From 7b118f42d307b6cdf6aa6445c7c106bc6b697da1 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 30 Jun 2005 09:25:28 +0000
Subject: [PATCH 95/99] - Initd script for Gentoo

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@109 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/gentoo-confd | 23 +++++++++++++++++++++
 config/gentoo-initd | 50 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 73 insertions(+)
 create mode 100644 config/gentoo-confd
 create mode 100755 config/gentoo-initd

diff --git a/config/gentoo-confd b/config/gentoo-confd
new file mode 100644
index 00000000..e156c368
--- /dev/null
+++ b/config/gentoo-confd
@@ -0,0 +1,23 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+# Command line options for Fail2Ban. Refer to "fail2ban.py -h" for
+# valid options.
+FAIL2BAN_OPTS="-v"
diff --git a/config/gentoo-initd b/config/gentoo-initd
new file mode 100755
index 00000000..b6b2a0b1
--- /dev/null
+++ b/config/gentoo-initd
@@ -0,0 +1,50 @@
+#!/sbin/runscript
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# Author: Sireyessire, Cyril Jaquier
+# 
+# $Revision$
+
+opts="start stop restart showlog"
+
+FAIL2BAN="/usr/bin/fail2ban.py"
+
+depend() {
+	need net
+	need logger
+	after iptables
+}
+
+start() {
+	ebegin "Starting fail2ban"
+	${FAIL2BAN} -b ${FAIL2BAN_OPTS}
+	eend $? "Failed to start fail2ban"
+}
+
+stop() {
+	ebegin "Stopping fail2ban"
+	${FAIL2BAN} -k
+	eend $? "Failed to stop fail2ban"
+}
+
+zap() {
+	rm /var/run/fail2ban.pid
+}
+
+showlog(){
+	less /var/log/fail2ban.log
+}

From be43f2eaebe78a6cadd8d0f7e682cce7bc6ecc87 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 30 Jun 2005 09:26:38 +0000
Subject: [PATCH 96/99] - Changed PID lock file location from /tmp to /var/run

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@110 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 fail2ban.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fail2ban.py b/fail2ban.py
index bc2f1f80..5fdfe698 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -221,7 +221,7 @@ if __name__ == "__main__":
 	conf["background"] = False
 	conf["debug"] = False
 	conf["conffile"] = "/etc/fail2ban.conf"
-	conf["pidlock"] = "/tmp/fail2ban.pid"
+	conf["pidlock"] = "/var/run/fail2ban.pid"
 	conf["logging"] = False
 	conf["logfile"] = "/var/log/fail2ban.log"
 	conf["maxretry"] = 3

From 73ff1540e8e198fbaa94d0dc2de0fe389a275e95 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Thu, 30 Jun 2005 09:30:59 +0000
Subject: [PATCH 97/99] - Prepared for 0.4.1

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@111 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG  | 11 ++++++++++-
 MANIFEST   |  2 ++
 README     | 16 ++++++++++++----
 version.py |  2 +-
 4 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 31040708..6cbe1675 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,9 +4,18 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.4.0)                           04/24/2005
+Fail2Ban (version 0.4.1)                           06/30/2005
 =============================================================
 
+ver. 0.4.1 (06/30/2005) - stable
+----------
+- Fixed textToDNS method which generated wrong matches for
+  "rhost=12-xyz...". Thanks to Tom Pike
+- fail2ban.conf modified for readability. Thanks to Iain Lea
+- Added an initd script for Gentoo
+- Changed default PID lock file location from /tmp to
+  /var/run
+
 ver. 0.4.0 (04/24/2005) - stable
 ----------
 - Fixed textToDNS which did not recognize strings like
diff --git a/MANIFEST b/MANIFEST
index 68e7eb3b..330728f8 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -17,3 +17,5 @@ confreader/configreader.py
 utils/__init__.py
 utils/dns.py
 config/fail2ban.conf.default
+config/gentoo-initd
+config/gentoo-confd
diff --git a/README b/README
index a10875a9..7882c60d 100644
--- a/README
+++ b/README
@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.4.0)                           04/24/2005
+Fail2Ban (version 0.4.1)                           06/30/2005
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -58,8 +58,8 @@ Require: python-2.3 (http://www.python.org)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.3.1.tar.bz2
-> cd fail2ban-0.3.1
+> tar xvfj fail2ban-0.4.1.tar.bz2
+> cd fail2ban-0.4.1
 > python setup.py install
 
 This will install Fail2Ban into /usr/lib/fail2ban. The
@@ -75,6 +75,13 @@ to see if everything is alright. You can configure fail2ban
 with a config file. Copy config/fail2ban.conf.default to
 /etc/fail2ban.conf.
 
+Gentoo users can use the initd script available in config/.
+Copy gentoo-initd to /etc/init.d/fail2ban and gentoo-confd
+to /etc/conf.d/fail2ban. You can start fail2ban and add it
+to your default runlevel:
+
+> /etc/init.d/fail2ban start
+> rc-update add fail2ban default
 
 Configuration:
 --------------
@@ -113,7 +120,8 @@ Cyril Jaquier: <lostcontrol@users.sourceforge.net>
 Thanks:
 -------
 
-Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker
+Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
+Tom Pike, Iain Lea
 
 
 License:
diff --git a/version.py b/version.py
index 8334c777..3d2fe563 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.4.0"
+version = "0.4.1"

From 07d127bebd604d0c1bd9574b0b0a31146727c74d Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Fri, 1 Jul 2005 09:30:52 +0000
Subject: [PATCH 98/99] - Added an initd script for RedHat/Fedora. Thanks to
 Andrey G. Grozin

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@113 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG           |  7 +++-
 config/redhat-initd | 78 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 config/redhat-initd

diff --git a/CHANGELOG b/CHANGELOG
index 6cbe1675..a05b6cbd 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,9 +4,14 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.4.1)                           06/30/2005
+Fail2Ban (version 0.?.?)                           ??/??/2005
 =============================================================
 
+ver. 0.?.? (??/??/2005) - ???
+----------
+- Added an initd script for RedHat/Fedora. Thanks to Andrey
+  G. Grozin
+
 ver. 0.4.1 (06/30/2005) - stable
 ----------
 - Fixed textToDNS method which generated wrong matches for
diff --git a/config/redhat-initd b/config/redhat-initd
new file mode 100644
index 00000000..27369962
--- /dev/null
+++ b/config/redhat-initd
@@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# fail2ban
+#
+# chkconfig: 345 91 9
+# description: if many unsuccessfull login attempts from some ip address \
+#              during a short period happen, this address is banned \
+#              by the firewall
+#
+# Author: Andrey G. Grozin
+# 
+# $Revision$
+
+# Source function library.
+. /etc/init.d/functions
+
+# Get config.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ "${NETWORKING}" = "no" ] && exit 0
+[ -f /etc/fail2ban.conf ] || exit 0
+
+FAIL2BAN="/usr/bin/fail2ban.py"
+PIDFILE="/var/run/fail2ban.pid"
+
+RETVAL=0
+
+start() {
+    echo -n $"Starting fail2ban: "
+    "${FAIL2BAN}" -b
+    RETVAL=$?
+    echo
+}
+
+stop() {
+    if [ -f "${PIDFILE}" ]; then
+	echo -n $"Stopping fail2ban: "
+	"${FAIL2BAN}" -k
+	echo
+    fi
+}
+
+restart() {
+    stop
+    start
+}
+
+# See how we were called.
+case "$1" in
+  start)
+        start
+        ;;
+  stop)
+        stop
+        ;;
+  status)
+        status fail2ban.py
+        RETVAL=$?
+        ;;
+  reload)
+        restart
+        ;;
+  restart)
+        restart
+        ;;
+  condrestart)
+        if [ -f "${PIDFILE}" ]; then
+            restart
+        fi
+        ;;
+  *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart}"
+        exit 1
+        ;;
+esac
+
+exit $RETVAL

From 840f6cd0520ea842111ebf1b638f96cc5f72f096 Mon Sep 17 00:00:00 2001
From: Cyril Jaquier <cyril.jaquier@fail2ban.org>
Date: Sun, 20 Nov 2005 17:07:47 +0000
Subject: [PATCH 99/99] - Merged FAIL2BAN-0_5 with HEAD

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@216 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 CHANGELOG                               | 106 +++-
 MANIFEST                                |  12 +-
 README                                  |  70 ++-
 TODO                                    |  22 +-
 config/debian-initd                     |  73 +++
 config/fail2ban.conf.default            | 256 ++++++--
 config/gentoo-confd                     |   2 +-
 config/gentoo-initd                     |   6 +-
 config/redhat-initd                     |   8 +-
 confreader/configreader.py              |  43 +-
 fail2ban                                |  66 ++
 fail2ban.py                             | 790 ++++++++++++------------
 firewall/firewall.py                    | 144 ++++-
 firewall/ipfw.py                        |  72 ---
 firewall/iptables.py                    |  48 --
 log-test/apache                         |  10 +-
 log-test/current                        |   6 +
 logreader/logreader.py                  | 101 +--
 man/fail2ban.8                          |  61 ++
 man/fail2ban.conf.5                     |  20 +
 setup.py                                |  58 +-
 utils/dns.py                            |  33 +-
 utils/mail.py                           |  79 +++
 utils/pidlock.py                        | 109 ++++
 utils/process.py                        | 137 ++++
 firewall/ipfwadm.py => utils/strings.py |  32 +-
 version.py                              |   2 +-
 27 files changed, 1619 insertions(+), 747 deletions(-)
 create mode 100644 config/debian-initd
 create mode 100755 fail2ban
 delete mode 100644 firewall/ipfw.py
 delete mode 100644 firewall/iptables.py
 create mode 100644 man/fail2ban.8
 create mode 100644 man/fail2ban.conf.5
 create mode 100644 utils/mail.py
 create mode 100644 utils/pidlock.py
 create mode 100644 utils/process.py
 rename firewall/ipfwadm.py => utils/strings.py (60%)

diff --git a/CHANGELOG b/CHANGELOG
index a05b6cbd..99e4402e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,15 +4,103 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.?.?)                           ??/??/2005
+Fail2Ban (version 0.6.0)                           2005/11/20
 =============================================================
 
-ver. 0.?.? (??/??/2005) - ???
+ver. 0.6.0 (2005/11/20) - stable
 ----------
+- Propagated patches introduced by Debian maintainer 
+  (Yaroslav Halchenko):
+  * Added an option to report local time (including timezone)
+    or GMT in mail notification.
+
+ver. 0.5.5 (2005/10/26) - beta
+----------
+- Propagated patches introduced by Debian maintainer 
+  (Yaroslav Halchenko):
+  * Introduced fwcheck option to verify consistency of the
+    chains. Implemented automatic restart of fail2ban main
+    function in case check of fwban or fwunban command failed
+    (closes: #329163, #331695). (Introduced patch was further
+    adjusted by upstream author).
+  * Added -f command line parameter for [findtime].
+  * Added a cleanup of firewall rules on emergency shutdown
+    when unknown exception is catched.
+  * Fail2ban should not crash now if a wrong file name is
+    specified in config.
+  * reordered code a bit so that log targets are setup right
+    after background and then only loglevel (verbose, debug)
+    is processed, so the warning could be seen in the logs
+  * Added a keyword <section> in parsing of the subject and
+    the body of an email sent out by fail2ban (closes:
+    #330311)
+
+ver. 0.5.4 (2005/09/13) - beta
+----------
+- Fixed bug #1286222.
+- Propagated patches introduced by Debian maintainer 
+  (Yaroslav Halchenko):
+  * Fixed handling of SYSLOG logging target. Now it can log
+    to any SYSLOG target and facility as directed by the 
+    config
+  * Format of SYSLOG entries fixed to look closer to standard
+  * Fixed errata in config/gentoo-confd
+  * Introduced findtime configuration variable to control the
+    lifetime of caught "failed" log entries
+	
+ver. 0.5.3 (2005/09/08) - beta
+----------
+- Fixed a bug when overriding "maxfailures" or "bantime".
+  Thanks to Yaroslav Halchenko
+- Added more debug output if an error occurs when sending
+  mail. Thanks to Stephen Gildea
+- Renamed "maxretry" to "maxfailures" and changed default
+  value to 5. Thanks to Stephen Gildea
+- Hopefully fixed bug #1256075
+- Fixed bug #1262345
+- Fixed exception handling in PIDLock
+- Removed warning when using "-V" or "-h" with no config
+  file. Thanks to Yaroslav Halchenko
+- Removed "-i eth0" from config file. Thanks to Yaroslav
+  Halchenko
+
+ver. 0.5.2 (2005/08/06) - beta
+----------
+- Better PID lock file handling. Should close #1239562
+- Added man pages
+- Removed log4py dependency. Use logging module instead
+- "maxretry" and "bantime" can be overridden in each section
+- Fixed bug #1246278 (excessive memory usage)
+- Fixed crash on wrong option value in configuration file
+- Changed custom chains to lowercase
+
+ver. 0.5.1 (2005/07/23) - beta
+----------
+- Fixed bugs #1241756, #1239557
+- Added log targets in configuration file. Removed -l option
+- Changed iptables rules in order to create a separated chain
+  for each section
+- Fixed static banList in firewall.py
+- Added an initd script for Debian. Thanks to Yaroslav
+  Halchenko
+- Check for obsolete files after install
+
+ver. 0.5.0 (2005/07/12) - beta
+----------
+- Added support for CIDR mask in ignoreip
+- Added mail notification support
+- Fixed bug #1234699
+- Added tags replacement in rules definition. Should allow a
+  clean solution for Feature Request #1229479
+- Removed "interface" and "firewall" options
+- Added start and end commands in the configuration file.
+  Thanks to Yaroslav Halchenko
+- Added firewall rules definition in the configuration file
+- Cleaned fail2ban.py
 - Added an initd script for RedHat/Fedora. Thanks to Andrey
   G. Grozin
 
-ver. 0.4.1 (06/30/2005) - stable
+ver. 0.4.1 (2005/06/30) - stable
 ----------
 - Fixed textToDNS method which generated wrong matches for
   "rhost=12-xyz...". Thanks to Tom Pike
@@ -21,19 +109,19 @@ ver. 0.4.1 (06/30/2005) - stable
 - Changed default PID lock file location from /tmp to
   /var/run
 
-ver. 0.4.0 (04/24/2005) - stable
+ver. 0.4.0 (2005/04/24) - stable
 ----------
 - Fixed textToDNS which did not recognize strings like
   "12-345-67-890.abcd.mnopqr.xyz"
 
-ver. 0.3.1 (03/31/2005) - beta
+ver. 0.3.1 (2005/03/31) - beta
 ----------
 - Corrected level of messages
 - Added DNS lookup support
 - Improved parsing speed. Only parse the new log messages
 - Added a second verbose level (-vv)
 
-ver. 0.3.0 (02/24/2005) - beta
+ver. 0.3.0 (2005/02/24) - beta
 ----------
 - Re-writting of parts of the code in order to handle several
   log files with different rules
@@ -44,7 +132,7 @@ ver. 0.3.0 (02/24/2005) - beta
 - Added ipfw-start-rule option (thanks to Robert Edeker)
 - Added -k option which kills a currently running Fail2Ban
 
-ver. 0.1.2 (11/21/2004) - beta
+ver. 0.1.2 (2004/11/21) - beta
 ----------
 - Add ipfw and ipfwadm support. The rules are taken from
   BlockIt. Thanks to Robert Edeker
@@ -52,7 +140,7 @@ ver. 0.1.2 (11/21/2004) - beta
   Robert Edeker who reminded me this
 - Small code cleaning
 
-ver. 0.1.1 (10/23/2004) - beta
+ver. 0.1.1 (2004/10/23) - beta
 ----------
 - Add SIGTERM handler in order to exit nicely when in daemon
   mode
@@ -66,6 +154,6 @@ ver. 0.1.1 (10/23/2004) - beta
 - Code documentation
 
 
-ver. 0.1.0 (10/12/2004) - alpha
+ver. 0.1.0 (2004/10/12) - alpha
 ----------
 - Initial release
diff --git a/MANIFEST b/MANIFEST
index 330728f8..b56a8b73 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -4,18 +4,24 @@ TODO
 setup.cfg
 setup.py
 version.py
+fail2ban
 fail2ban.py
 firewall/__init__.py
 firewall/firewall.py
-firewall/iptables.py
-firewall/ipfw.py
-firewall/ipfwadm.py
 logreader/__init__.py
 logreader/logreader.py
 confreader/__init__.py
 confreader/configreader.py
 utils/__init__.py
 utils/dns.py
+utils/process.py
+utils/mail.py
+utils/strings.py
+utils/pidlock.py
 config/fail2ban.conf.default
 config/gentoo-initd
 config/gentoo-confd
+config/redhat-initd
+config/debian-initd
+man/fail2ban.8
+man/fail2ban.conf.5
diff --git a/README b/README
index 7882c60d..915304bb 100644
--- a/README
+++ b/README
@@ -4,14 +4,14 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.4.1)                           06/30/2005
+Fail2Ban (version 0.6.0)                           2005/11/20
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
 that makes too many password failures. It updates firewall
-rules to reject the IP address. Currently iptables, ipfw and
-ipfwadm are supported. Fail2Ban can read multiple log files
-such as sshd or Apache web server ones. It needs log4py.
+rules to reject the IP address. These rules can be defined by
+the user. Fail2Ban can read multiple log files such as sshd
+or Apache web server ones.
 
 This is my first Python program. Moreover, English is not my
 mother tongue...
@@ -36,51 +36,55 @@ tries to find lines which match the failregex. Then it
 retrieves the message time using timeregex and timepattern.
 It finally gets the ip and if it has already done 3 or more
 password failures in the last banTime, the ip is banned for
-banTime using a firewall rule. After banTime, the rule is
-deleted. Notice that if no "plain" ip is available, Fail2Ban
-try to do DNS lookup in order to found one or several ip's to
-ban.
+banTime using a firewall rule. This rule is set by the user
+in the configuration file. Thus, Fail2Ban can be adapted for
+lots of firewall. After banTime, the rule is deleted. Notice
+that if no "plain" ip is available, Fail2Ban try to do DNS
+lookup in order to found one or several ip's to ban.
 
 Sections can be freely added so it is possible to monitor
 several daemons at the same time.
 
 Runs on my server and does its job rather well :-) The idea
 is to make fail2ban usable with daemons and services that
-require a login (sshd, telnetd, ...). It should also support
-others firewalls than iptables.
+require a login (sshd, telnetd, ...) and with different
+firewalls.
 
 
 Installation:
 -------------
 
-Require: python-2.3 (http://www.python.org)
-         log4py-1.1 (http://sourceforge.net/projects/log4py)
+Require: python-2.4 (http://www.python.org)
 
 To install, just do:
 
-> tar xvfj fail2ban-0.4.1.tar.bz2
-> cd fail2ban-0.4.1
+> tar xvfj fail2ban-0.6.0.tar.bz2
+> cd fail2ban-0.6.0
 > python setup.py install
 
-This will install Fail2Ban into /usr/lib/fail2ban. The
-fail2ban.py executable is placed into /usr/bin.
+This will install Fail2Ban into /usr/lib/fail2ban. The fail2ban
+executable is placed into /usr/bin.
 
-For Gentoo users, an ebuild is available on the website.
+Gentoo: ebuilds are available on the website.
+Debian: Fail2Ban is in Debian unstable.
+RedHat: packages are available on the website.
 
 Fail2Ban should now be correctly installed. Just type:
 
-> fail2ban.py -h
+> fail2ban -h
 
 to see if everything is alright. You can configure fail2ban
 with a config file. Copy config/fail2ban.conf.default to
 /etc/fail2ban.conf.
 
-Gentoo users can use the initd script available in config/.
-Copy gentoo-initd to /etc/init.d/fail2ban and gentoo-confd
-to /etc/conf.d/fail2ban. You can start fail2ban and add it
-to your default runlevel:
+You can use the initd script available in config/. Copy
+<dist>-initd to /etc/init.d/fail2ban. Gentoo users must copy
+gentoo-confd to /etc/conf.d/fail2ban. You can start fail2ban:
 
 > /etc/init.d/fail2ban start
+
+Gentoo users can add it to the default runlevel:
+
 > rc-update add fail2ban default
 
 Configuration:
@@ -91,20 +95,18 @@ or using command line options. Command line options override
 the value stored in fail2ban.conf. Here are the command line
 options:
 
-  -b         start fail2ban in background
-  -d         start fail2ban in debug mode
-  -e <INTF>  ban IP on the INTF interface
+  -b         start in background
+  -d         start in debug mode
   -c <FILE>  read configuration file FILE
   -p <FILE>  create PID lock in FILE
   -h         display this help message
   -i <IP(s)> IP(s) to ignore
-  -k         kill a currently running Fail2Ban instance
-  -l <FILE>  log message in FILE
-  -r <VALUE> allow a max of VALUE password failure
-  -t <TIME>  ban IP for TIME seconds
+  -k         kill a currently running instance
+  -r <VALUE> allow a max of VALUE password failure [maxfailures]
+  -t <TIME>  ban IP for TIME seconds [bantime]
+  -f <TIME>  lifetime in seconds of failed entry [findtime]
   -v         verbose. Use twice for greater effect
-  -w <FIWA>  select the firewall to use. Can be iptables,
-             ipfwadm or ipfw
+  -V         print software version
 
 Contact:
 --------
@@ -112,7 +114,7 @@ Contact:
 You need some new features, you found bugs or you just
 appreciate this program, you can contact me at :
 
-Website: http://www.sourceforge.net/projects/fail2ban
+Website: http://fail2ban.sourceforge.net
 
 Cyril Jaquier: <lostcontrol@users.sourceforge.net>
 
@@ -121,8 +123,8 @@ Thanks:
 -------
 
 Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
-Tom Pike, Iain Lea
-
+Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
+Jonathan Kamens, Stephen Gildea
 
 License:
 --------
diff --git a/TODO b/TODO
index 569a127c..d0028108 100644
--- a/TODO
+++ b/TODO
@@ -4,12 +4,20 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-ToDo
+ToDo                                     $Revision$
 =============================================================
 
-- cleanup fail2ban.py
-- improve configuration file and command line options
-  handling
-- improve installation process
-- add init script
-- use FAM (inotify, gamin, ...)
+See Feature Request Tracking System at SourceForge.net
+
+- improve installation process (better prefix support)
+- install Fail2ban into /usr/share
+- better configuration files
+- add a check to see if the time of the log messages is
+  correctly detected (valid regexp)
+- split configuration files in /etc/fail2ban/services.d
+  Example: /etc/fail2ban/services.d/apache
+- template for common services in /etc/fail2ban/scripts.d
+  Example: /etc/fail2ban/scripts.d/apache
+- remove debug mode (root check)
+- better return values in function
+- use more email.Utils in mail.py
diff --git a/config/debian-initd b/config/debian-initd
new file mode 100644
index 00000000..2c5c48d1
--- /dev/null
+++ b/config/debian-initd
@@ -0,0 +1,73 @@
+#! /bin/sh
+#
+# Fail2Ban init.d file - to be launched on boot
+#
+#		Written by Miquel van Smoorenburg <miquels@cistron.nl>.
+#		Modified for Debian
+#		 by Ian Murdock <imurdock@gnu.ai.mit.edu>.
+#               Adjusted for Fail2Ban
+#                by Yaroslav Halchenko <debian@onerussian.com>.
+#
+# Version:	$Id$
+#
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/bin/fail2ban
+NAME=fail2ban
+DESC=fail2ban
+PIDFILE=/var/run/$NAME.pid
+
+test -x $DAEMON || exit 0
+
+# Include fail2ban defaults if available
+if [ -f /etc/default/fail2ban ] ; then
+	. /etc/default/fail2ban
+fi
+DAEMON_OPTS=$FAIL2BAN_OPTS
+set -e
+
+case "$1" in
+	start)
+		echo -n "Starting $DESC: "
+		[ -f $PIDFILE ] && [ ! -d /proc/`cat $PIDFILE` ] && rm -f $PIDFILE
+		start-stop-daemon --start --quiet --pidfile $PIDFILE \
+			-b --exec $DAEMON -- $DAEMON_OPTS
+		echo "$NAME."
+		;;
+	stop)
+		echo -n "Stopping $DESC: "
+		start-stop-daemon --stop --quiet --pidfile $PIDFILE
+		echo "$NAME."
+		;;
+	restart|force-reload)
+		echo -n "Restarting $DESC: "
+		( $0 stop )
+		sleep 1
+		$0 start
+		;;
+    status)
+		echo -n "Status of $DESC: "
+		if [ ! -e "$PIDFILE" ]; then
+			echo "$NAME is not running."
+			exit 3
+		fi
+		if [ ! -r "$PIDFILE" ]; then
+			echo "$PIDFILE not readable, status of $NAME unknown."
+			exit 4
+		fi
+		if [ -d /proc/`cat "$PIDFILE"` ]; then
+			echo "$NAME is running."
+			exit 0
+		else
+			echo "$NAME is not running but $PIDFILE exists."
+			exit 1
+		fi
+	;;
+	*)
+		N=/etc/init.d/$NAME
+		echo "Usage: $N {start|stop|restart|force-reload|status}" >&2
+		exit 1
+		;;
+esac
+
+exit 0
diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index 0e547bb4..d841bd7a 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -5,18 +5,6 @@
 # 2005.06.21  modified for readability  Iain Lea  iain@bricbrac.de
 
 [DEFAULT]
-# Option:  firewall
-# Notes.:  select the firewall system to use.
-# Values:  [iptables | ipfwadm | ipfw]  Default:  iptables
-#
-firewall = iptables
-
-# Option:  ipfw-start-rule
-# Notes.:  set first firewall rule number used (only used if firewall = ipfw).
-# Values:  NUM  Default:  100
-#
-ipfw-start-rule = 100
-
 # Option:  background
 # Notes.:  start fail2ban as a daemon. Output is redirect to logfile.
 # Values:  [true | false]  Default:  false
@@ -29,23 +17,35 @@ background = false
 #
 debug = false
 
+# Option:  logtargets
+# Notes.:  log targets. Space separated list of logging targets.
+# Values:  STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+#
+logtargets = /var/log/fail2ban.log
+
+# Option:  syslog-target
+# Notes.:  where to find syslog facility if logtarget SYSLOG.
+# Values:  SOCKET HOST HOST:PORT  Default: /dev/log
+#
+syslog-target = /dev/log
+
+# Option:  syslog-facility
+# Notes.:  which syslog facility to use if logtarget SYSLOG.
+# Values:  NUM  Default: 1
+#
+syslog-facility = 1
+
 # Option:  pidlock
 # Notes.:  path of the PID lock file (must be able to write to file).
 # Values:  FILE  Default:  /var/run/fail2ban.pid
 #
 pidlock = /var/run/fail2ban.pid
 
-# Option:  logfile
-# Notes.:  logfile for logging fail2ban messages.
-# Values:  FILE  Default:  /var/log/fail2ban.log
+# Option:  maxfailures
+# Notes.:  number of failures before IP gets banned.
+# Values:  NUM  Default:  5
 #
-logfile = /var/log/fail2ban.log
-
-# Option:  maxretry
-# Notes.:  number of retrys before IP gets banned.
-# Values:  NUM  Default:  3
-#
-maxretry = 3
+maxfailures = 5
 
 # Option:  bantime
 # Notes.:  number of seconds an IP will be banned.
@@ -53,18 +53,31 @@ maxretry = 3
 #
 bantime = 600
 
-# Option:  ignoreip
-# Notes.:  space separated list of IP's to be ignored by fail2ban
-#          Example:  ignoreip = 192.168.0.1 123.45.235.65
-# Values:  IP  Default:  
+# Option:  findtime
+# Notes.:  lifetime in seconds of a "failed" log entry.
+# Values:  NUM  Default:  600
 #
-ignoreip = 
+findtime = 600
 
-# Option:  interface
-# Notes.:  interface name on which the IP will be banned.
-# Values:  INT  Default:  eth0
+# Option:  ignoreip
+# Notes.:  space separated list of IP's to be ignored by fail2ban.
+#          You can use CIDR mask in order to specify a range.
+#          Example:  ignoreip = 192.168.0.1/24 123.45.235.65
+# Values:  IP  Default:  192.168.0.0/16
 #
-interface = eth0
+ignoreip = 192.168.0.0/16
+
+# Option:  cmdstart
+# Notes.:  command executed once at the start of Fail2Ban
+# Values:  CMD  Default:
+#
+cmdstart = 
+
+# Option:  cmdend
+# Notes.:  command executed once at the end of Fail2Ban.
+# Values:  CMD  Default:
+#
+cmdend = 
 
 # Option:  polltime
 # Notes.:  number of seconds fail2ban sleeps between iterations.
@@ -72,9 +85,89 @@ interface = eth0
 #
 polltime = 1
 
+# Option:  reinittime
+# Notes.:  minimal number of seconds between the re-initialization of
+#          firewalls due to external changes in their rules (see fwcheck)
+# Values:  NUM  Default:  100
+#
+reinittime = 10
+
+# Option:  maxreinits
+# Notes.:  maximal number of re-initialization of firewalls due to external
+#          changes. -1 stays for infinite, so only reinittime is of importance
+# Values:  NUM  Default:  -1
+#
+maxreinits = -1
+
+
+[MAIL]
+# Option:  enabled
+# Notes.:  enable mail notification when banning an IP address.
+# Values:  [true | false]  Default:  false
+#
+enabled = false
+
+# Option:  host
+# Notes.:  host running the mail server.
+# Values:  STR  Default:  localhost
+#
+host = localhost
+
+# Option:  port
+# Notes.:  port of the mail server.
+# Values:  INT  Default:  25
+#
+port = 25
+
+# Option:  from
+# Notes.:  e-mail address of the sender.
+# Values:  MAIL  Default:  fail2ban
+#
+from = fail2ban
+
+# Option:  to
+# Notes.:  e-mail addresses of the receiver. Addresses are space
+#          separated.
+# Values:  MAIL  Default:  root
+#
+to = root
+
+# Option:  localtime
+# Notes.:  report local time (including timezone) or GMT
+# Values:  [true | false]  Default:  false
+#
+localtime = true
+
+# Option:  subject
+# Notes.:  subject of the e-mail.
+# Tags:    <section> active section (eg ssh, apache, etc)
+#          <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+# Values:  TEXT  Default:  [Fail2Ban] <section>: Banned <ip>
+#
+subject = [Fail2Ban] <section>: Banned <ip>
+
+# Option:  message
+# Notes.:  message of the e-mail.
+# Tags:    <section> active section (eg ssh, apache, etc)
+#          <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <br>  new line
+# Values:  TEXT  Default:
+#
+message = Hi,<br>
+          The IP <ip> has just been banned by Fail2Ban after
+          <failures> attempts against <section>.<br>
+          Regards,<br>
+          Fail2Ban
+
 # You can define a new section for each log file to check for
 # password failure. Each section has to define the following
-# options: logfile, timeregex, timepattern, failregex.
+# options: logfile, fwban, fwunban, timeregex, timepattern,
+# failregex.
+
 
 [Apache]
 # Option:  enabled
@@ -89,10 +182,55 @@ enabled = false
 #
 logfile = /var/log/httpd/access_log
 
+# Option:  fwstart
+# Notes.:  command executed once at the start of Fail2Ban
+# Values:  CMD  Default:
+#
+fwstart = iptables -N fail2ban-http
+          iptables -I INPUT -p tcp --dport http -j fail2ban-http
+          iptables -A fail2ban-http -j RETURN
+
+# Option:  fwend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD  Default:
+#
+fwend = iptables -D INPUT -p tcp --dport http -j fail2ban-http
+        iptables -F fail2ban-http
+        iptables -X fail2ban-http
+
+# Option:  fwcheck
+# Notes.:  command executed once before each fwban command
+# Values:  CMD  Default:
+#
+fwcheck = iptables -L INPUT | grep -q fail2ban-http
+
+# Option:  fwban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+# Default: iptables -I INPUT 1 -s <ip> -j DROP
+#
+fwban = iptables -I fail2ban-http 1 -s <ip> -j DROP
+
+# Option:  fwunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+# Default: iptables -D INPUT -s <ip> -j DROP
+#
+fwunban = iptables -D fail2ban-http -s <ip> -j DROP
+
 # Option:  timeregex
 # Notes.:  regex to match timestamp in Apache logfile.
-# Values:  [Wed Jan 05 15:08:01 2005]  
-# Default  \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
+# Values:  [Wed Jan 05 15:08:01 2005]
+# Default: \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
 #
 timeregex = \S{3} \S{3} \d{2} \d{2}:\d{2}:\d{2} \d{4}
 
@@ -109,6 +247,7 @@ timepattern = %%a %%b %%d %%H:%%M:%%S %%Y
 #
 failregex = authentication failure|user .* not found
 
+
 [SSH]
 # Option:  enabled
 # Notes.:  enable monitoring for this section.
@@ -122,10 +261,55 @@ enabled = true
 #
 logfile = /var/log/secure
 
+# Option:  fwstart
+# Notes.:  command executed once at the start of Fail2Ban
+# Values:  CMD  Default:
+#
+fwstart = iptables -N fail2ban-ssh
+          iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh
+          iptables -A fail2ban-ssh -j RETURN
+
+# Option:  fwend
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD  Default:
+#
+fwend = iptables -D INPUT -p tcp --dport ssh -j fail2ban-ssh
+        iptables -F fail2ban-ssh
+        iptables -X fail2ban-ssh
+
+# Option:  fwcheck
+# Notes.:  command executed once before each fwban command
+# Values:  CMD  Default:
+#
+fwcheck = iptables -L INPUT | grep -q fail2ban-ssh
+
+# Option:  fwbanrule
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <failtime>  unix timestamp of the last failure
+#          <bantime>  unix timestamp of the ban time
+# Values:  CMD
+# Default: iptables -I INPUT 1 -s <ip> -j DROP
+#
+fwban = iptables -I fail2ban-ssh 1 -s <ip> -j DROP
+
+# Option:  fwunbanrule
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <bantime>  unix timestamp of the ban time
+#          <unbantime>  unix timestamp of the unban time
+# Values:  CMD
+# Default: iptables -D INPUT -s <ip> -j DROP
+#
+fwunban = iptables -D fail2ban-ssh -s <ip> -j DROP
+
 # Option:  timeregex
 # Notes.:  regex to match timestamp in SSH logfile.
-# Values:  [Mar  7 17:53:28]  
-# Default  \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
+# Values:  [Mar  7 17:53:28]
+# Default: \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
 #
 timeregex = \S{3}\s{1,2}\d{1,2} \d{2}:\d{2}:\d{2}
 
diff --git a/config/gentoo-confd b/config/gentoo-confd
index e156c368..bea9017e 100644
--- a/config/gentoo-confd
+++ b/config/gentoo-confd
@@ -18,6 +18,6 @@
 # 
 # $Revision$
 
-# Command line options for Fail2Ban. Refer to "fail2ban.py -h" for
+# Command line options for Fail2Ban. Refer to "fail2ban -h" for
 # valid options.
 FAIL2BAN_OPTS="-v"
diff --git a/config/gentoo-initd b/config/gentoo-initd
index b6b2a0b1..8cab7535 100755
--- a/config/gentoo-initd
+++ b/config/gentoo-initd
@@ -21,7 +21,7 @@
 
 opts="start stop restart showlog"
 
-FAIL2BAN="/usr/bin/fail2ban.py"
+FAIL2BAN="/usr/bin/fail2ban"
 
 depend() {
 	need net
@@ -31,13 +31,13 @@ depend() {
 
 start() {
 	ebegin "Starting fail2ban"
-	${FAIL2BAN} -b ${FAIL2BAN_OPTS}
+	${FAIL2BAN} -b ${FAIL2BAN_OPTS} > /dev/null
 	eend $? "Failed to start fail2ban"
 }
 
 stop() {
 	ebegin "Stopping fail2ban"
-	${FAIL2BAN} -k
+	${FAIL2BAN} -k > /dev/null
 	eend $? "Failed to stop fail2ban"
 }
 
diff --git a/config/redhat-initd b/config/redhat-initd
index 27369962..6e885ab5 100644
--- a/config/redhat-initd
+++ b/config/redhat-initd
@@ -21,14 +21,14 @@
 [ "${NETWORKING}" = "no" ] && exit 0
 [ -f /etc/fail2ban.conf ] || exit 0
 
-FAIL2BAN="/usr/bin/fail2ban.py"
+FAIL2BAN="/usr/bin/fail2ban"
 PIDFILE="/var/run/fail2ban.pid"
 
 RETVAL=0
 
 start() {
     echo -n $"Starting fail2ban: "
-    "${FAIL2BAN}" -b
+    "${FAIL2BAN}" -b > /dev/null
     RETVAL=$?
     echo
 }
@@ -36,7 +36,7 @@ start() {
 stop() {
     if [ -f "${PIDFILE}" ]; then
 	echo -n $"Stopping fail2ban: "
-	"${FAIL2BAN}" -k
+	"${FAIL2BAN}" -k > /dev/null
 	echo
     fi
 }
@@ -55,7 +55,7 @@ case "$1" in
         stop
         ;;
   status)
-        status fail2ban.py
+        status fail2ban
         RETVAL=$?
         ;;
   reload)
diff --git a/confreader/configreader.py b/confreader/configreader.py
index c3eb271b..150858b5 100644
--- a/confreader/configreader.py
+++ b/confreader/configreader.py
@@ -24,28 +24,22 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
+import logging
+
 from ConfigParser import *
 
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
 class ConfigReader:
 	""" This class allow the handling of the configuration options.
 		The DEFAULT section contains the global information about
 		Fail2Ban. Each other section is for a different log file.
 	"""
-	
-	# Each optionValues entry is composed of an array with:
-	# 0 -> the type of the option
-	# 1 -> the name of the option
-	# 2 -> the default value for the option
-	optionValues = (["bool", "enabled", True],
-					["str", "logfile", "/dev/null"],
-					["str", "timeregex", ""],
-					["str", "timepattern", ""],
-					["str", "failregex", ""])
-	
-	def __init__(self, logSys, confPath):
+
+	def __init__(self, confPath):
 		self.confPath = confPath
 		self.configParser = SafeConfigParser()
-		self.logSys = logSys
 		
 	def openConf(self):
 		""" Opens the configuration file.
@@ -54,16 +48,23 @@ class ConfigReader:
 	
 	def getSections(self):
 		""" Returns all the sections present in the configuration
-			file except the DEFAULT section.
+			file except the DEFAULT and MAIL sections.
 		"""
-		return self.configParser.sections()
-		
-	def getLogOptions(self, sec):
+		sections = self.configParser.sections()
+		sections.remove("MAIL")
+		logSys.debug("Found sections: " + `sections`)
+		return sections
+	
+	# Each optionValues entry is composed of an array with:
+	# 0 -> the type of the option
+	# 1 -> the name of the option
+	# 2 -> the default value for the option
+	def getLogOptions(self, sec, options):
 		""" Gets all the options of a given section. The options
 			are defined in the optionValues list.
 		"""
 		values = dict()
-		for option in self.optionValues:
+		for option in options:
 			try:
 				if option[0] == "bool":
 					v = self.configParser.getboolean(sec, option[1])
@@ -74,7 +75,11 @@ class ConfigReader:
 				
 				values[option[1]] = v
 			except NoOptionError:
-				self.logSys.warn("No '"+option[1]+"' defined in '"+sec+"'")
+				logSys.warn("No '" + option[1] + "' defined in '" + sec + "'")
+				values[option[1]] = option[2]
+			except ValueError:
+				logSys.warn("Wrong value for '" + option[1] + "' in '" + sec +
+							"'. Using default one: '" + `option[2]` + "'")
 				values[option[1]] = option[2]
 		return values
 		
\ No newline at end of file
diff --git a/fail2ban b/fail2ban
new file mode 100755
index 00000000..05213f9e
--- /dev/null
+++ b/fail2ban
@@ -0,0 +1,66 @@
+#!/usr/bin/env python
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import sys, traceback, logging
+
+# Appends our own modules path.
+sys.path.append("/usr/lib/fail2ban")
+
+# Now we can import our modules.
+import fail2ban
+from utils.pidlock import PIDLock
+
+# Get the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
+# Get PID lock file instance
+pidLock = PIDLock()
+
+# Start the application. Handle all the unhandled exceptions
+try:
+	fail2ban.main()
+except SystemExit:
+	# We called sys.exit(). Nothing wrong so just pass
+	pass
+except Exception, e:
+	# Print the exception data
+	(type, value, tb) = sys.exc_info()
+	tbStack = traceback.extract_tb(tb)
+	logSys.error("Fail2Ban got an unhandled exception and died.")
+	logSys.error("Type: " + `type.__name__` + "\n" +
+				 "Value: " + `e.args` + "\n" +
+				 "TB: " + `tbStack`)
+	# Try to clean up after ourselves
+	# just for extreme caution - wrapping with try
+	try:
+		fail2ban.restoreFwRules()
+	except Exception:
+		pass
+	# Remove the PID lock file. Should close #1239562
+	pidLock.remove()
+	logging.shutdown()
diff --git a/fail2ban.py b/fail2ban.py
index 5fdfe698..d2e88b3e 100755
--- a/fail2ban.py
+++ b/fail2ban.py
@@ -1,5 +1,3 @@
-#!/usr/bin/env python
-
 # This file is part of Fail2Ban.
 #
 # Fail2Ban is free software; you can redistribute it and/or modify
@@ -17,6 +15,7 @@
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 
 # Author: Cyril Jaquier
+# Modified by: Yaroslav Halchenko (SYSLOG, findtime)
 # 
 # $Revision$
 
@@ -26,50 +25,58 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import time, sys, getopt, os, signal, string
+import time, sys, getopt, os, string, signal, logging, logging.handlers, copy
 from ConfigParser import *
 
-# Checks if log4py is present.
-try:
-	import log4py
-except:
-	print "log4py is needed (see README)"
-	sys.exit(-1)
-
-# Appends our own modules path
-sys.path.append('/usr/lib/fail2ban')
-
-from firewall.iptables import Iptables
-from firewall.ipfw import Ipfw
-from firewall.ipfwadm import Ipfwadm
+from version import version
+from firewall.firewall import Firewall
 from logreader.logreader import LogReader
 from confreader.configreader import ConfigReader
-from version import version
+from utils.mail import Mail
+from utils.pidlock import PIDLock
+from utils.dns import *
+from utils.process import *
 
-def usage():
-	print "Usage: fail2ban.py [OPTIONS]"
+# Get the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
+# Get PID lock file instance
+pidLock = PIDLock()
+
+# Global variables
+logFwList = list()
+conf = dict()
+
+def dispUsage():
+	""" Prints Fail2Ban command line options and exits
+	"""
+	print "Usage: "+sys.argv[0]+" [OPTIONS]"
 	print
 	print "Fail2Ban v"+version+" reads log file that contains password failure report"
-	print "and bans the corresponding IP address using iptables."
+	print "and bans the corresponding IP addresses using firewall rules."
 	print
-	print "  -b         start fail2ban in background"
-	print "  -d         start fail2ban in debug mode"
-	print "  -e <INTF>  ban IP on the INTF interface"
+	print "  -b         start in background"
+	print "  -d         start in debug mode"
 	print "  -c <FILE>  read configuration file FILE"
 	print "  -p <FILE>  create PID lock in FILE"
 	print "  -h         display this help message"
 	print "  -i <IP(s)> IP(s) to ignore"
-	print "  -k         kill a currently running Fail2Ban instance"
-	print "  -l <FILE>  log message in FILE"
-	print "  -r <VALUE> allow a max of VALUE password failure"
-	print "  -t <TIME>  ban IP for TIME seconds"
+	print "  -k         kill a currently running instance"
+	print "  -r <VALUE> allow a max of VALUE password failure [maxfailures]"
+	print "  -t <TIME>  ban IP for TIME seconds [bantime]"
+	print "  -f <TIME>  lifetime in seconds of failed entry [findtime]"
 	print "  -v         verbose. Use twice for greater effect"
-	print "  -w <FIWA>  select the firewall to use. Can be iptables,"
-	print "             ipfwadm or ipfw"
+	print "  -V         print software version"
 	print
 	print "Report bugs to <lostcontrol@users.sourceforge.net>"
 	sys.exit(0)
 
+def dispVersion():
+	""" Prints Fail2Ban version and exits
+	"""
+	print sys.argv[0]+" "+version
+	sys.exit(0)
+
 def checkForRoot():
 	""" Check for root user.
 	"""
@@ -79,359 +86,249 @@ def checkForRoot():
 	else:
 		return False
 
-def createDaemon():
-	"""Detach a process from the controlling terminal and run it in the
-	background as a daemon.
-	
-	http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/278731
-	"""
-
-	try:
-		# Fork a child process so the parent can exit.  This will return control
-		# to the command line or shell.  This is required so that the new process
-		# is guaranteed not to be a process group leader.  We have this guarantee
-		# because the process GID of the parent is inherited by the child, but
-		# the child gets a new PID, making it impossible for its PID to equal its
-		# PGID.
-		pid = os.fork()
-	except OSError, e:
-		return((e.errno, e.strerror))	 # ERROR (return a tuple)
-
-	if (pid == 0):	   # The first child.
-
-		# Next we call os.setsid() to become the session leader of this new
-		# session.  The process also becomes the process group leader of the
-		# new process group.  Since a controlling terminal is associated with a
-		# session, and this new session has not yet acquired a controlling
-		# terminal our process now has no controlling terminal.  This shouldn't
-		# fail, since we're guaranteed that the child is not a process group
-		# leader.
-		os.setsid()
-	
-		# When the first child terminates, all processes in the second child
-		# are sent a SIGHUP, so it's ignored.
-		signal.signal(signal.SIGHUP, signal.SIG_IGN)
-	
-		try:
-			# Fork a second child to prevent zombies.  Since the first child is
-			# a session leader without a controlling terminal, it's possible for
-			# it to acquire one by opening a terminal in the future.  This second
-			# fork guarantees that the child is no longer a session leader, thus
-			# preventing the daemon from ever acquiring a controlling terminal.
-			pid = os.fork()		# Fork a second child.
-		except OSError, e:
-			return((e.errno, e.strerror))  # ERROR (return a tuple)
-	
-		if (pid == 0):	  # The second child.
-			# Ensure that the daemon doesn't keep any directory in use.  Failure
-			# to do this could make a filesystem unmountable.
-			os.chdir("/")
-			# Give the child complete control over permissions.
-			os.umask(0)
-		else:
-			os._exit(0)	  # Exit parent (the first child) of the second child.
-	else:
-		os._exit(0)		 # Exit parent of the first child.
-
-	# Close all open files.  Try the system configuration variable, SC_OPEN_MAX,
-	# for the maximum number of open files to close.  If it doesn't exist, use
-	# the default value (configurable).
-	try:
-		maxfd = os.sysconf("SC_OPEN_MAX")
-	except (AttributeError, ValueError):
-		maxfd = 256	   # default maximum
-
-	for fd in range(0, maxfd):
-		try:
-			os.close(fd)
-		except OSError:   # ERROR (ignore)
-			pass
-
-	# Redirect the standard file descriptors to /dev/null.
-   	os.open("/dev/null", os.O_RDONLY)	# standard input (0)
-	os.open("/dev/null", os.O_RDWR)		# standard output (1)
-	os.open("/dev/null", os.O_RDWR)		# standard error (2)
-
-	return True
-
 def sigTERMhandler(signum, frame):
 	""" Handles the TERM signal when in daemon mode in order to
 		exit properly.
 	"""
 	logSys.debug("Signal handler called with sig "+`signum`)
-	killApp()
+	killApp()	
+
+def setFwMustCheck(value):
+	""" Set the mustCheck value of the firewalls (True/False)
+	"""
+	for element in logFwList:
+		element[2].setMustCheck(value)
+
+def initializeFwRules():
+	""" Initializes firewalls by running cmdstart and then
+	    fwstart for each section
+	"""
+	# Execute global start command
+	executeCmd(conf["cmdstart"], conf["debug"])
+	# Execute start command of each section
+	for element in logFwList:
+		element[2].initialize(conf["debug"])
+
+def reBan():
+	""" For each section asks the Firewall to reban known IPs
+	"""
+	for element in logFwList:
+		element[2].reBan(conf["debug"])
+
+def restoreFwRules():
+	""" Flush the ban list
+	"""
+	logSys.warn("Restoring firewall rules...")
+	try:
+		for element in logFwList:
+			# Execute end command of each section
+			element[2].restore(conf["debug"])
+		# Execute global end command
+		executeCmd(conf["cmdend"], conf["debug"])
+	except ExternalError:
+		# nothing bad really - we can survive :-)
+		pass
 
 def killApp():
 	""" Flush the ban list, remove the PID lock file and exit
 		nicely.
 	"""
-	logSys.warn("Restoring firewall rules...")
-	fireWall.flushBanList(conf["debug"])
-	removePID(conf["pidlock"])
+	# Restore Fw rules
+	restoreFwRules()
+	# Remove the PID lock
+	pidLock.remove()
 	logSys.info("Exiting...")
+	logging.shutdown()
 	sys.exit(0)
-	
-def checkForPID(lockfile):
-	""" Checks for running Fail2Ban.
-	
-		Returns the current PID if Fail2Ban is running or False
-		if no instance found.
-	"""
-	try:
-		fileHandler = open(lockfile)
-		pid = fileHandler.readline()
-		return pid
-	except IOError:
-		return False
-		
-def createPID(lockfile):
-	""" Creates a PID lock file with the current PID.
-	"""
-	fileHandler = open(lockfile, mode='w')
-	pid = os.getpid()
-	fileHandler.write(`pid`+'\n')
-	fileHandler.close()
-	logSys.debug("Created PID lock ("+`pid`+") in "+lockfile)
-		
-def removePID(lockfile):
-	""" Remove PID lock.
-	"""
-	os.remove(lockfile)
-	logSys.debug("Removed PID lock "+lockfile)
 
-def killPID(pid):
-	""" Kills the process with the given PID using the
-		INT signal (same effect as <ctrl>+<c>).
+def getCmdLineOptions(optList):
+	""" Gets the command line options
 	"""
-	try:
-		return os.kill(pid, 2)
-	except OSError:
-		logSys.error("Can not kill process " + `pid` + ". Please check that " +
-					"Fail2Ban is not running and remove the file " +
-					"'/tmp/fail2ban.pid'")
-
-if __name__ == "__main__":
-	
-	# Gets an instance of log4py.
-	logSys = log4py.Logger().get_instance()
-	logSys.set_formatstring("%T %L %M")
-	
-	conf = dict()
-	conf["verbose"] = 0
-	conf["background"] = False
-	conf["debug"] = False
-	conf["conffile"] = "/etc/fail2ban.conf"
-	conf["pidlock"] = "/var/run/fail2ban.pid"
-	conf["logging"] = False
-	conf["logfile"] = "/var/log/fail2ban.log"
-	conf["maxretry"] = 3
-	conf["bantime"] = 600
-	conf["ignoreip"] = ''
-	conf["interface"] = "eth0"
-	conf["firewall"] = "iptables"
-	conf["ipfw-start-rule"] = 0
-	conf["polltime"] = 1
-	
-	# Reads the command line options.
-	try:
-		optList, args = getopt.getopt(sys.argv[1:], 'hvbdkc:l:t:i:r:e:w:p:')
-	except getopt.GetoptError:
-		usage()
-	
-	# Pre-parsing of command line options for the -c option
 	for opt in optList:
-		if opt[0] == "-c":
-			conf["conffile"] = opt[1]
-	
-	# Config file
-	configParser = SafeConfigParser()
-	configParser.read(conf["conffile"])
-	
-	# background
-	try:
-		conf["background"] = configParser.getboolean("DEFAULT", "background")
-	except ValueError:
-		logSys.warn("background option should be a boolean")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("background option not in config file")
-		logSys.warn("Using default value")
-
-	# debug
-	try:
-		conf["debug"] = configParser.getboolean("DEFAULT", "debug")
-	except ValueError:
-		logSys.warn("debug option should be a boolean")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("debug option not in config file")
-		logSys.warn("Using default value")
-
-	# logfile
-	try:
-		conf["logfile"] = configParser.get("DEFAULT", "logfile")
-	except ValueError:
-		logSys.warn("logfile option should be a string")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("logfile option not in config file")
-		logSys.warn("Using default value")
-		
-	# pidlock
-	try:
-		conf["pidlock"] = configParser.get("DEFAULT", "pidlock")
-	except ValueError:
-		logSys.warn("pidlock option should be a string")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("pidlock option not in config file")
-		logSys.warn("Using default value")
-		
-	# maxretry
-	try:
-		conf["maxretry"] = configParser.getint("DEFAULT", "maxretry")
-	except ValueError:
-		logSys.warn("maxretry option should be an integer")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("maxretry option not in config file")
-		logSys.warn("Using default value")
-
-	# bantime
-	try:
-		conf["bantime"] = configParser.getint("DEFAULT", "bantime")
-	except ValueError:
-		logSys.warn("bantime option should be an integer")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("bantime option not in config file")
-		logSys.warn("Using default value")
-
-	# ignoreip
-	try:
-		conf["ignoreip"] = configParser.get("DEFAULT", "ignoreip")
-	except ValueError:
-		logSys.warn("ignoreip option should be a string")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("ignoreip option not in config file")
-		logSys.warn("Using default value")
-		
-	# interface
-	try:
-		conf["interface"] = configParser.get("DEFAULT", "interface")
-	except ValueError:
-		logSys.warn("interface option should be a string")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("interface option not in config file")
-		logSys.warn("Using default value")
-		
-	# firewall
-	try:
-		conf["firewall"] = configParser.get("DEFAULT", "firewall")
-	except ValueError:
-		logSys.warn("firewall option should be a string")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("firewall option not in config file")
-		logSys.warn("Using default value")
-	
-	# ipfw-start-rule
-	try:
-		conf["ipfw-start-rule"] = configParser.getint("DEFAULT",
-													"ipfw-start-rule")
-	except ValueError:
-		logSys.warn("ipfw-start-rule option should be an integer")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("ipfw-start-rule option not in config file")
-		logSys.warn("Using default value")
-
-	# polltime
-	try:
-		conf["polltime"] = configParser.getint("DEFAULT", "polltime")
-	except ValueError:
-		logSys.warn("polltime option should be an integer")
-		logSys.warn("Using default value")
-	except NoOptionError:
-		logSys.warn("polltime option not in config file")
-		logSys.warn("Using default value")
-	
-	for opt in optList:
-		if opt[0] == "-h":
-			usage()
 		if opt[0] == "-v":
 			conf["verbose"] = conf["verbose"] + 1
 		if opt[0] == "-b":
 			conf["background"] = True
 		if opt[0] == "-d":
 			conf["debug"] = True
-		if opt[0] == "-e":
-			conf["interface"] = opt[1]
-		if opt[0] == "-l":
-			conf["logging"] = True
-			conf["logfile"] = opt[1]
 		if opt[0] == "-t":
 			try:
 				conf["bantime"] = int(opt[1])
 			except ValueError:
 				logSys.warn("banTime must be an integer")
 				logSys.warn("Using default value")
+		if opt[0] == "-f":
+			try:
+				conf["findtime"] = int(opt[1])
+			except ValueError:
+				logSys.warn("findTime must be an integer")
+				logSys.warn("Using default value")
 		if opt[0] == "-i":
 			conf["ignoreip"] = opt[1]
 		if opt[0] == "-r":
-			conf["retrymax"] = int(opt[1])
-		if opt[0] == "-w":
-			conf["firewall"] = opt[1]
+			conf["maxfailures"] = int(opt[1])
 		if opt[0] == "-p":
 			conf["pidlock"] = opt[1]
 		if opt[0] == "-k":
-			pid = checkForPID(conf["pidlock"])
-			if pid:
-				killPID(int(pid))
-				logSys.warn("Killed Fail2Ban with PID "+pid)
-				sys.exit(0)
-			else:
-				logSys.error("No running Fail2Ban found")
-				sys.exit(-1)
+			conf["kill"] = True
+
+def main():
+	""" Fail2Ban main function
+	"""
+	
+	# Add the default logging handler
+	stdout = logging.StreamHandler(sys.stdout)
+	logSys.addHandler(stdout)
+	
+	# Default formatter
+	formatterstring='%(levelname)s: %(message)s'
+	formatter = logging.Formatter('%(asctime)s ' + formatterstring)
+	stdout.setFormatter(formatter)
+	
+	conf["kill"] = False
+	conf["verbose"] = 0
+	conf["conffile"] = "/etc/fail2ban.conf"
+	
+	# Reads the command line options.
+	try:
+		cmdOpts = 'hvVbdkc:t:i:r:p:'
+		cmdLongOpts = ['help','version']
+		optList, args = getopt.getopt(sys.argv[1:], cmdOpts, cmdLongOpts)
+	except getopt.GetoptError:
+		dispUsage()
+	
+	# Pre-parsing of command line options for the -c option
+	for opt in optList:
+		if opt[0] == "-c":
+			conf["conffile"] = opt[1]
+		if opt[0] in ["-h", "--help"]:
+ 			dispUsage()
+		if opt[0] in ["-V", "--version"]:
+			dispVersion()
+	
+	# Reads the config file and create a LogReader instance for
+	# each log file to check.
+	confReader = ConfigReader(conf["conffile"]);
+	confReader.openConf()
+	
+	# Options
+	optionValues = (["bool", "background", False],
+					["str", "logtargets", "/var/log/fail2ban.log"],
+					["str", "syslog-target", "/dev/log"],
+					["int", "syslog-facility", 1],
+					["bool", "debug", False],
+					["str", "pidlock", "/var/run/fail2ban.pid"],
+					["int", "maxfailures", 5],
+					["int", "bantime", 600],
+					["int", "findtime", 600],
+					["str", "ignoreip", ""],
+					["int", "polltime", 1],
+					["str", "cmdstart", ""],
+					["str", "cmdend", ""],
+					["int", "reinittime", 100],
+					["int", "maxreinits", 100])
+	
+	# Gets global configuration options
+	conf.update(confReader.getLogOptions("DEFAULT", optionValues))
+	
+	# Gets command line options
+	getCmdLineOptions(optList)
+	
+	# PID lock
+	pidLock.setPath(conf["pidlock"])
+	
+	# Now we can kill properly a running instance if needed
+	if conf["kill"]:
+		pid = pidLock.exists()
+		if pid:
+			killPID(int(pid))
+			logSys.warn("Killed Fail2Ban with PID "+pid)
+			sys.exit(0)
+		else:
+			logSys.error("No running Fail2Ban found")
+			sys.exit(-1)
+
+	# Start Fail2Ban in daemon mode
+	if conf["background"]:
+		retCode = createDaemon()
+		signal.signal(signal.SIGTERM, sigTERMhandler)
+		if not retCode:
+			logSys.error("Unable to start daemon")
+			sys.exit(-1)
 
 	# Process some options
-	for c in conf:
-		if c == "verbose":
-			logSys.warn("Verbose level is "+`conf[c]`)
-			if conf[c] == 1:
-				logSys.set_loglevel(log4py.LOGLEVEL_VERBOSE)
-			elif conf[c] > 1:
-				logSys.set_loglevel(log4py.LOGLEVEL_DEBUG)
-		elif c == "debug" and conf[c]:
-			logSys.set_loglevel(log4py.LOGLEVEL_DEBUG)
-			logSys.set_formatstring(log4py.FMT_DEBUG)
-		elif c == "background" and conf[c]:
-			retCode = createDaemon()
-			signal.signal(signal.SIGTERM, sigTERMhandler)
-			logSys.set_target(conf["logfile"])
-			if not retCode:
-				logSys.error("Unable to start daemon")
-				sys.exit(-1)
-		elif c == "logging" and conf[c]:
-			try:
-				open(conf["logfile"], "a")
-				logSys.set_target(conf["logfile"])
-			except IOError:
-				logSys.warn("Unable to log to "+conf["logfile"])
-				logSys.warn("Using default output for logging")
-		elif c == "ignoreip":
-			ignoreIPList = conf[c].split(' ')
-		elif c == "firewall":
-			conf[c] = string.lower(conf[c])
-			if conf[c] == "ipfw":
-				fireWallName = "Ipfw"
-			elif conf[c] == "ipfwadm":
-				fireWallName = "Ipfwadm"
+	# First setup Log targets
+	# Bug fix for #1234699
+	os.umask(0077)
+	for target in conf["logtargets"].split():
+		# target formatter 
+		# By default global formatter is taken. Is different for SYSLOG
+		tformatter = formatter
+		if target == "STDERR":
+			hdlr = logging.StreamHandler(sys.stderr)
+		elif target == "SYSLOG":
+			# SYSLOG target can be either
+			# a socket (file, so it starts with /)
+			# or hostname
+			# or hostname:port
+			syslogtargets = re.findall("(/[\w/]*)|([^/ ][^: ]*)(:(\d+)){,1}",
+									   conf["syslog-target"])
+			# we are waiting for a single match
+			syslogtargets = syslogtargets[0]
+
+			# assign facility if it was defined
+			if conf["syslog-facility"] < 0:
+				facility = handlers.SysLogHandler.LOG_USER
 			else:
-				fireWallName = "Iptables"
+				facility = conf["syslog-facility"]
+
+			if len(syslogtargets) == 0: # everything default
+				hdlr = logging.handlers.SysLogHandler()
+			else:
+				if not ( syslogtargets[0] == "" ): # got socket
+					syslogtarget = syslogtargets[0]
+				else:		# got hostname and maybe a port
+					if syslogtargets[3] == "": # no port specified
+						port = 514
+					else:
+						port = int(syslogtargets[3])
+					syslogtarget = (syslogtargets[1], port)
+				hdlr = logging.handlers.SysLogHandler(syslogtarget, facility)
+			tformatter = logging.Formatter("fail2ban[%(process)d]: " +
+										   formatterstring);
+		else:
+			# Target should be a file
+			try:
+				open(target, "a")
+				hdlr = logging.FileHandler(target)
+			except IOError:
+				logSys.error("Unable to log to " + target)
+				continue
+		# Set formatter and add handler to logger
+		hdlr.setFormatter(tformatter)
+		logSys.addHandler(hdlr)
 	
+	# Verbose level
+	if conf["verbose"]:
+		logSys.warn("Verbose level is "+`conf["verbose"]`)
+		if conf["verbose"] == 1:
+			logSys.setLevel(logging.INFO)
+		elif conf["verbose"] > 1:
+			logSys.setLevel(logging.DEBUG)
+		
+	# Set debug log level
+	if conf["debug"]:
+		logSys.setLevel(logging.DEBUG)
+		formatterstring = ('%(levelname)s: [%(filename)s (%(lineno)d)] ' +
+						   '%(message)s')
+		formatter = logging.Formatter("%(asctime)s " + formatterstring)
+		stdout.setFormatter(formatter)
+		logSys.warn("DEBUG MODE: FIREWALL COMMANDS ARE _NOT_ EXECUTED BUT " +
+					"ONLY DISPLAYED IN THE LOG MESSAGES")
+	
+	# Ignores IP list
+	ignoreIPList = conf["ignoreip"].split(' ')
+
 	# Checks for root user. This is necessary because log files
 	# are owned by root and firewall needs root access.
 	if not checkForRoot():
@@ -440,51 +337,93 @@ if __name__ == "__main__":
 			sys.exit(-1)
 			
 	# Checks that no instance of Fail2Ban is currently running.
-	pid = checkForPID(conf["pidlock"])
+	pid = pidLock.exists()
 	if pid:
 		logSys.error("Fail2Ban already running with PID "+pid)
 		sys.exit(-1)
 	else:
-		createPID(conf["pidlock"])
+		ret = pidLock.create()
+		if not ret:
+			# Unable to create PID lock. Exit
+			sys.exit(-1)
 	
-	logSys.debug("ConfFile is "+conf["conffile"])
-	logSys.debug("BanTime is "+`conf["bantime"]`)
-	logSys.debug("retryAllowed is "+`conf["maxretry"]`)
+	logSys.debug("ConfFile is " + conf["conffile"])
+	logSys.debug("BanTime is " + `conf["bantime"]`)
+	logSys.debug("FindTime is " + `conf["findtime"]`)
+	logSys.debug("MaxFailure is " + `conf["maxfailures"]`)
 	
-	# Reads the config file and create a LogReader instance for
-	# each log file to check.
-	confReader = ConfigReader(logSys, conf["conffile"]);
-	confReader.openConf()
-	logList = list()
+	# Options
+	optionValues = (["bool", "enabled", False],
+					["str", "host", "localhost"],
+					["int", "port", "25"],
+					["str", "from", "root"],
+					["str", "to", "root"],
+					["bool", "localtime", False],
+					["str", "subject", "[Fail2Ban] Banned <ip>"],
+					["str", "message", "Fail2Ban notification"])
+	
+	# Gets global configuration options
+	mailConf = confReader.getLogOptions("MAIL", optionValues)
+	
+	# Create mailer if enabled
+	if mailConf["enabled"]:
+		logSys.debug("Mail enabled")
+		mail = Mail(mailConf["host"], mailConf["port"])
+		mail.setFromAddr(mailConf["from"])
+		mail.setToAddr(mailConf["to"])
+		mail.setLocalTimeFlag(mailConf["localtime"])
+		logSys.debug("to: " + mailConf["to"] + " from: " + mailConf["from"])
+	
+	# Options
+	optionValues = (["bool", "enabled", False],
+					["str", "logfile", "/dev/null"],
+					["int", "maxfailures", conf["maxfailures"]],
+					["int", "bantime", conf["bantime"]],
+					["int", "findtime", conf["findtime"]],
+					["str", "timeregex", ""],
+					["str", "timepattern", ""],
+					["str", "failregex", ""],
+					["str", "fwstart", ""],
+					["str", "fwend", ""],
+					["str", "fwban", ""],
+					["str", "fwunban", ""],
+					["str", "fwcheck", ""])
+	
+	logSys.info("Fail2Ban v" + version + " is running")
+	
+	# Gets the options of each sections
 	for t in confReader.getSections():
-		l = confReader.getLogOptions(t)
+		l = confReader.getLogOptions(t, optionValues)
 		if l["enabled"]:
-			lObj = LogReader(logSys, l["logfile"], l["timeregex"],
-							l["timepattern"], l["failregex"], conf["bantime"])
-			lObj.setName(t)
-			logList.append(lObj)
-	
-	# Creates one instance of Iptables (thanks to Pyhton dynamic
-	# features).
-	fireWallObj = eval(fireWallName)
-	fireWall = fireWallObj(conf["bantime"], logSys, conf["interface"])
-	
-	# IPFW needs rules number. The configuration option "ipfw-start-rule"
-	# defines the first rule number used by Fail2Ban.
-	if fireWallName == "Ipfw":
-		fireWall.setCrtRuleNbr(conf["ipfw-start-rule"])
+			# Creates a logreader object
+			lObj = LogReader(l["logfile"], l["timeregex"], l["timepattern"],
+							 l["failregex"], l["maxfailures"], l["findtime"])
+			# Creates a firewall object
+			fObj = Firewall(l["fwstart"], l["fwend"], l["fwban"], l["fwunban"],
+							l["fwcheck"], l["bantime"])
+			# "Name" the firewall
+			fObj.setSection(t)
+			# Links them into a list. I'm not really happy
+			# with this :/
+			logFwList.append([t, lObj, fObj, dict(), l])
 	
 	# We add 127.0.0.1 to the ignore list has we do not want
 	# to be ban ourself.
-	for element in logList:
-		element.addIgnoreIP("127.0.0.1")
+	for element in logFwList:
+		element[1].addIgnoreIP("127.0.0.1")
 	while len(ignoreIPList) > 0:
 		ip = ignoreIPList.pop()
-		for element in logList:
-			element.addIgnoreIP(ip)
+		# Bug fix for #1239557
+		if isValidIP(ip):
+			for element in logFwList:
+				element[1].addIgnoreIP(ip)
+		else:
+			logSys.warn(ip + " is not a valid IP address")
 	
-	logSys.info("Fail2Ban v"+version+" is running")
-	failListFull = dict()
+	initializeFwRules()
+	# try to reinit once if it fails immediately
+	lastReinitTime = time.time() - conf["reinittime"] - 1
+	reinits = 0
 	# Main loop
 	while True:
 		try:
@@ -493,14 +432,15 @@ if __name__ == "__main__":
 			
 			# Checks if some IP have to be remove from ban
 			# list.
-			fireWall.checkForUnBan(conf["debug"])
-			
+			for element in logFwList:
+				element[2].checkForUnBan(conf["debug"])
+
 			# If the log file has not been modified since the
 			# last time, we sleep for 1 second. This is active
 			# polling so not very effective.
 			modList = list()
-			for element in logList:
-				if element.isModified():
+			for element in logFwList:
+				if element[1].isModified():
 					modList.append(element)
 			
 			if len(modList) == 0:
@@ -509,43 +449,73 @@ if __name__ == "__main__":
 			
 			# Gets the failure list from the log file. For a given IP,
 			# takes only the service which has the most password failures.
-			failList = dict()
 			for element in modList:
-				e = element.getFailures()
+				e = element[1].getFailures()
 				for key in e.iterkeys():
-					if failList.has_key(key):
-						if failList[key][0] < e[key][0]:
-							failList[key] = (e[key][0], e[key][1], element)
+					if element[3].has_key(key):
+						element[3][key] = (element[3][key][0] + e[key][0],
+											e[key][1])
 					else:
-						failList[key] = (e[key][0], e[key][1], element)
-				
-			# Add the last log failures to the global failure list.
-			for key in failList.iterkeys():
-				if failListFull.has_key(key):
-					failListFull[key] = (failListFull[key][0] + 1,
-										failList[key][1], failList[key][2])
-				else:
-					failListFull[key] = failList[key]
+						element[3][key] = (e[key][0], e[key][1])
 			
 			# Remove the oldest failure attempts from the global list.
-			unixTime = time.time()
-			failListFullTemp = failListFull.copy()
-			for key in failListFullTemp.iterkeys():
-				failTime = failListFullTemp[key][2].getFindTime()
-				if failListFullTemp[key][1] < unixTime - failTime:
-					del failListFull[key]
-			
 			# We iterate the failure list and ban IP that make
 			# *retryAllowed* login failures.
-			failListFullTemp = failListFull.copy()
-			for key in failListFullTemp.iterkeys():
-				element = failListFullTemp[key]
-				if element[0] >= conf["maxretry"]:
-					logSys.info(element[2].getName()+": "+key+" has "+
-								`element[0]`+" login failure(s). Banned.")
-					fireWall.addBanIP(key, conf["debug"])
-					del failListFull[key]
-			
+			unixTime = time.time()
+			for element in logFwList:
+				fails = element[3].copy()
+				findTime = element[1].getFindTime()
+				for attempt in fails:
+					failTime = fails[attempt][1]
+					if failTime < unixTime - findTime:
+						del element[3][attempt]
+					elif fails[attempt][0] >= element[1].getMaxRetry():
+						aInfo = {"section": element[0],
+								 "ip": attempt,
+								 "failures": element[3][attempt][0],
+								 "failtime": failTime}
+						logSys.info(element[0] + ": " + aInfo["ip"] +
+									" has " + `aInfo["failures"]` +
+									" login failure(s). Banned.")
+						element[2].addBanIP(aInfo, conf["debug"])
+						# Send a mail notification
+						if 'mail' in locals():
+							mail.sendmail(mailConf["subject"],
+										  mailConf["message"], aInfo)
+						del element[3][attempt]
+		except ExternalError, e:
+			# Something wrong while dealing with Iptables.
+			# May be chain got removed?
+			reinits += 1
+			logSys.error(e)
+			if ((unixTime - lastReinitTime > conf["reinittime"]) and
+				((conf["maxreinits"] < 0) or (reinits < conf["maxreinits"]))):
+				logSys.warn("#%d reinitialization of firewalls"%reinits)
+				lastReinitTime = unixTime
+			else:
+				logSys.error("Exiting: reinits follow too often, or too many " +
+							 "reinit attempts")
+				killApp()
+			# We already failed runCheck so disable it until
+			# restoring a safe state
+			setFwMustCheck(False)
+			# save firewalls to keep a list of IPs for rebanning
+			logFwListCopy = copy.deepcopy(logFwList)
+			try:
+				# restore as much as possible
+				restoreFwRules()
+				# reinitialize all the chains
+				initializeFwRules()
+				# restore the lists of baned IPs
+				logFwList.__init__(logFwListCopy)
+				# reBan known IPs
+				reBan()
+				# Now we can enable the runCheck test again
+				setFwMustCheck(True)
+			except ExternalError:
+				raise ExternalError("Big Oops happened: situation is out of " +
+									"control. Something is wrong with your " +
+									"setup. Please check your settings")
 		except KeyboardInterrupt:
 			# When the user press <ctrl>+<c> we exit nicely.
 			killApp()
diff --git a/firewall/firewall.py b/firewall/firewall.py
index a62a85ff..e50184bd 100644
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@@ -24,54 +24,130 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import time, os
+import time, os, logging, re
+
+from utils.process import executeCmd
+from utils.strings import replaceTag
+# unfortunately but I have to bring ExternalError in especially for
+# flushBanList: if one of IPs got flushed manually outside or something, we
+# might endup with not "full" flush unless we handle exception within the loop
+from utils.process import ExternalError
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban")
 
 class Firewall:
 	""" Manages the ban list and executes the command that ban
 		the IP.
 	"""
 	
-	banList = dict()
-	
-	def __init__(self, banTime, logSys, interface):
+	def __init__(self, startRule, endRule, banRule, unBanRule, checkRule,
+				 banTime):
+		self.banRule = banRule
+		self.unBanRule = unBanRule
+		self.checkRule = checkRule
+		self.startRule = startRule
+		self.endRule = endRule
 		self.banTime = banTime
-		self.logSys = logSys
-		self.interface = interface
+		self.banList = dict()
+		self.section = ""
+		self.mustCheck = True
+
+	def setSection(self, section):
+		""" Set optional section name for clarify of logging
+		"""
+		self.section = section
+		
+	def getMustCheck(self):
+		""" Return true if the runCheck test is executed
+		"""
+		return self.mustCheck
 	
-	def addBanIP(self, ip, debug):
+	def setMustCheck(self, value):
+		""" Enable or disable the execution of runCheck test
+		"""
+		self.mustCheck = value
+
+  	def initialize(self, debug):
+		logSys.debug("%s: Initialize firewall rules"%self.section)
+  		executeCmd(self.startRule, debug)
+
+	def restore(self, debug):
+		logSys.debug("%s: Restore firewall rules"%self.section)
+		try:
+			self.flushBanList(debug)
+			executeCmd(self.endRule, debug)
+		except ExternalError:
+			pass
+
+	def addBanIP(self, aInfo, debug):
 		""" Bans an IP.
 		"""
+		ip = aInfo["ip"]
 		if not self.inBanList(ip):
-			self.logSys.warn("Ban "+ip)
-			self.banList[ip] = time.time()
-			self.__executeCmd(self.banIP(ip), debug)
+			crtTime = time.time()
+			logSys.warn("%s: Ban "%self.section + ip)
+			self.banList[ip] = crtTime
+			aInfo["bantime"] = crtTime
+			self.runCheck(debug)
+			cmd = self.banIP(aInfo)
+			if executeCmd(cmd, debug):
+				raise ExternalError("Firewall: execution of fwban command " +
+									"'%s' failed"%cmd)
 		else:
-			self.logSys.error(ip+" already in ban list")
+			self.runCheck(debug)
+			logSys.error("%s: "%self.section+ip+" already in ban list")
 	
-	def delBanIP(self, ip, debug):
+	def delBanIP(self, aInfo, debug):
 		""" Unban an IP.
 		"""
+		ip = aInfo["ip"]
 		if self.inBanList(ip):
-			self.logSys.warn("Unban "+ip)
+			logSys.warn("%s: Unban "%self.section + ip)
 			del self.banList[ip]
-			self.__executeCmd(self.unBanIP(ip), debug)
+			self.runCheck(debug)
+			executeCmd(self.unBanIP(aInfo), debug)
 		else:
-			self.logSys.error(ip+" not in ban list")
+			logSys.error("%s: "%self.section+ip+" not in ban list")
+
+	def reBan(self, debug):
+		""" Re-Bans known IPs.
+			TODO: implement "failures" and "failtime"
+		"""
+		for ip in self.banList:
+			aInfo = {"ip": ip,
+					 "bantime":self.banList[ip]}
+			logSys.warn("%s: ReBan "%self.section + ip)
+			# next piece is similar to the on in addBanIp
+			# so might be one more function will not hurt
+			self.runCheck(debug)
+			executeCmd(self.banIP(aInfo), debug)
 	
 	def inBanList(self, ip):
 		""" Checks if IP is in ban list.
 		"""
 		return self.banList.has_key(ip)
-	
+
+	def runCheck(self, debug):
+		""" Runs fwcheck command and throws an exception if it returns non-0
+			result
+		"""
+		if self.mustCheck:
+			executeCmd(self.checkRule, debug)
+		else:
+			return None
+
 	def checkForUnBan(self, debug):
 		""" Check for IP to remove from ban list.
 		"""
 		banListTemp = self.banList.copy()
 		for element in banListTemp.iteritems():
-			ip = element[0]
 			btime = element[1]
 			if btime < time.time()-self.banTime:
-				self.delBanIP(ip, debug)
+				aInfo = {"ip": element[0],
+						 "bantime": btime,
+						 "unbantime": time.time()}
+				self.delBanIP(aInfo, debug)
 	
 	def flushBanList(self, debug):
 		""" Flushes the ban list and of course the firewall rules.
@@ -79,18 +155,28 @@ class Firewall:
 		"""
 		banListTemp = self.banList.copy()
 		for element in banListTemp.iteritems():
-			ip = element[0]
-			self.delBanIP(ip, debug)
-	
-	def __executeCmd(self, cmd, debug):
-		""" Executes an OS command.
+			aInfo = {"ip": element[0],
+					 "bantime": element[1],
+					 "unbantime": time.time()}
+			try:
+				self.delBanIP(aInfo, debug)
+			except ExternalError:
+				# we must let it fail here in the loop, or we don't
+				# flush properly
+				pass
+			
+	def banIP(self, aInfo):
+		""" Returns query to ban IP.
 		"""
-		self.logSys.debug(cmd)
-		if not debug:
-			return os.system(cmd)
-		else:
-			return None
-		
+		query = replaceTag(self.banRule, aInfo)
+		return query
+	
+	def unBanIP(self, aInfo):
+		""" Returns query to unban IP.
+		"""
+		query = replaceTag(self.unBanRule, aInfo)
+		return query
+	
 	def viewBanList(self):
 		""" Prints the ban list on screen. Usefull for debugging.
 		"""
diff --git a/firewall/ipfw.py b/firewall/ipfw.py
deleted file mode 100644
index 41fbc29b..00000000
--- a/firewall/ipfw.py
+++ /dev/null
@@ -1,72 +0,0 @@
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-# Author: Cyril Jaquier
-# 
-# $Revision$
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
-__license__ = "GPL"
-
-import os
-
-from firewall import Firewall
-
-class Ipfw(Firewall):
-	""" This class contains specific methods and variables for the
-		iptables firewall. Must implements the 'abstracts' methods
-		banIP(ip) and unBanIP(ip).
-		
-		Must adds abstract methods definition:
-		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/266468
-	"""
-	
-	crtRuleNbr = 0
-	
-	def getCrtRuleNbr(self):
-		""" Gets the current rule number.
-		"""
-		return self.crtRuleNbr
-		
-	def setCrtRuleNbr(self, value):
-		""" Sets the current rule number.
-		"""
-		self.crtRuleNbr = value
-	
-	def banIP(self, ip):
-		""" Returns query to ban IP.
-		"""
-		query = "ipfw -q add "+`self.crtRuleNbr`+" deny ip from "+ip+" to any"
-		self.crtRuleNbr = self.crtRuleNbr + 1
-		return query
-	
-	def unBanIP(self, ip):
-		""" Returns query to unban IP.
-		"""
-		ruleNbr = str(self.__findRuleNumber(ip))
-		query = "ipfw -q delete "+ruleNbr
-		return query
-		
-	def __findRuleNumber(self, ip):
-		""" Uses shell commands in order to find the rule
-			number we want to delete.
-		"""
-		output = os.popen("ipfw list|grep \"from "+ip+" to\"|awk '{print $1}'",
-						  "r");
-		return output.read()
diff --git a/firewall/iptables.py b/firewall/iptables.py
deleted file mode 100644
index 7b78c69c..00000000
--- a/firewall/iptables.py
+++ /dev/null
@@ -1,48 +0,0 @@
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-# Author: Cyril Jaquier
-# 
-# $Revision$
-
-__author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
-__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
-__license__ = "GPL"
-
-from firewall import Firewall
-
-class Iptables(Firewall):
-	""" This class contains specific methods and variables for the
-		iptables firewall. Must implements the 'abstracts' methods
-		banIP(ip) and unBanIP(ip).
-		
-		Must adds abstract methods definition:
-		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/266468
-	"""
-	
-	def banIP(self, ip):
-		""" Returns query to ban IP.
-		"""
-		query = "iptables -I INPUT 1 -i "+self.interface+" -s "+ip+" -j DROP"
-		return query
-	
-	def unBanIP(self, ip):
-		""" Returns query to unban IP.
-		"""
-		query = "iptables -D INPUT -i "+self.interface+" -s "+ip+" -j DROP"
-		return query
diff --git a/log-test/apache b/log-test/apache
index 35248fd2..227f8df9 100644
--- a/log-test/apache
+++ b/log-test/apache
@@ -1,3 +1,4 @@
+[Wed Mar 31 15:11:28 2005] [error] [client www.google.ch] user cyril: authentication failure for "/phpinfo": Password Mismatch
 [Mon Jan 03 05:02:15 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
 [Mon Jan 03 05:02:20 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
 [Mon Jan 03 05:02:20 2005] [error] [client 81.83.248.17] File does not exist: /var/www/jaquier.dyndns.org/htdocs/msadc
@@ -98,5 +99,10 @@
 [Wed Jan 05 15:14:24 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
 [Wed Jan 05 15:14:29 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
 [Wed Jan 05 15:14:34 2005] [error] [client 192.168.0.129] File does not exist: /var/www/jaquier.dyndns.org/htdocs/favicon.ico
-[Wed Mar 05 15:08:28 2005] [error] [client 192.168.0.128] user cyril: authentication failure for "/phpinfo": Password Mismatch
-[Wed Mar 05 15:09:28 2005] [error] [client 192.168.0.128] user cyril: authentication failure for "/phpinfo": Password Mismatch
\ No newline at end of file
+[Wed Mar 10 15:08:28 2005] [error] [client www.google.ch] user cyril: authentication failure for "/phpinfo": Password Mismatch
+[Wed Mar 10 15:09:28 2005] [error] [client www.google.ch] user cyril: authentication failure for "/phpinfo": Password Mismatch
+[Wed Mar 10 15:11:28 2005] [error] [client www.google.ch] user cyril: authentication failure for "/phpinfo": Password Mismatch
+[Wed Mar 30 15:11:28 2005] [error] [client www.google.ch] user cyril: authentication failure for "/phpinfo": Password Mismatch
+[Wed Mar 30 15:11:28 2005] [error] [client www.google.ch] user cyril: authentication failure for "/phpinfo": Password Mismatch
+[Wed Mar 30 15:11:28 2005] [error] [client www.google.ch] user cyril: authentication failure for "/phpinfo": Password Mismatch
+[Wed Mar 30 15:11:28 2005] [error] [client www.google.ch] user cyril: authentication failure for "/phpinfo": Password Mismatch
\ No newline at end of file
diff --git a/log-test/current b/log-test/current
index d4b9f00a..18258689 100644
--- a/log-test/current
+++ b/log-test/current
@@ -3,3 +3,9 @@ Jan  7 17:53:26 [sshd] (pam_unix) authentication failure; logname= uid=0 euid=0
 Mar  7 17:53:28 [sshd] error: PAM: Authentication failure for kevin from 62.220.137.36
 Mar  7 17:55:28 [sshd] error: PAM: Authentication failure for kevin from 62.220.137.36
 Mar  7 17:57:28 [sshd] error: PAM: Authentication failure for kevin from 62.220.137.36
+Mar  7 17:57:28 [sshd] error: PAM: Authentication failure for kevin from 192.168.0.128
+Mar  7 17:57:28 [sshd] error: PAM: Authentication failure for kevin from 192.168.0.128
+Mar  7 17:57:28 [sshd] error: PAM: Authentication failure for kevin from 192.168.0.128
+Mar  7 17:57:28 [sshd] error: PAM: Authentication failure for kevin from 192.168.0.128
+Mar  7 17:57:28 [sshd] error: PAM: Authentication failure for kevin from www.google.ch
+Mar  7 17:57:28 [sshd] error: PAM: Authentication failure for kevin from www.google.ch
diff --git a/logreader/logreader.py b/logreader/logreader.py
index 4778b3ba..1876a395 100644
--- a/logreader/logreader.py
+++ b/logreader/logreader.py
@@ -24,39 +24,37 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import os, sys, time, re
+import os, sys, time, re, logging
 
 from utils.dns import *
 
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
 class LogReader:
 	""" Reads a log file and reports information about IP that make password
 		failure, bad user or anything else that is considered as doubtful login
 		attempt.	
 	"""
 	
-	def __init__(self, logSys, logPath, timeregex, timepattern, failregex,
-		findTime = 3600):
+	def __init__(self, logPath, timeregex, timepattern, failregex,
+				  maxRetry, findTime):
 		self.logPath = logPath
+		self.maxRetry = maxRetry
 		self.timeregex = timeregex
 		self.timepattern = timepattern
 		self.failregex = failregex
 		self.findTime = findTime
 		self.ignoreIpList = []
 		self.lastModTime = 0
-		self.logSys = logSys
 		self.lastPos = 0
 		self.lastDate = 0
 		self.logStats = None
-		
-	def setName(self, name):
-		""" Sets the name of the log reader.
+	
+	def getMaxRetry(self):
+		""" Gets the maximum number of failures
 		"""
-		self.name = name
-		
-	def getName(self):
-		""" Gets the name of the log reader.
-		"""
-		return self.name
+		return self.maxRetry
 	
 	def getFindTime(self):
 		""" Gets the find time.
@@ -66,13 +64,23 @@ class LogReader:
 	def addIgnoreIP(self, ip):
 		""" Adds an IP to the ignore list.
 		"""
-		self.logSys.debug("Add "+ip+" to ignore list")
+		logSys.debug("Add "+ip+" to ignore list")
 		self.ignoreIpList.append(ip)
 		
 	def inIgnoreIPList(self, ip):
 		""" Checks if IP is in the ignore list.
 		"""
-		return ip in self.ignoreIpList
+		for i in self.ignoreIpList:
+			s = i.split('/', 1)
+			# IP address without CIDR mask
+			if len(s) == 1:
+				s.insert(1, '32')
+			s[1] = long(s[1])
+			a = cidr(s[0], s[1])
+			b = cidr(ip, s[1])
+			if a == b:
+				return True
+		return False
 	
 	def openLogFile(self):
 		""" Opens the log file specified on init.
@@ -80,8 +88,8 @@ class LogReader:
 		try:
 			fileHandler = open(self.logPath)
 		except OSError:
-			self.logSys.error("Unable to open "+self.logPath)
-			sys.exit(-1)
+			logSys.error("Unable to open "+self.logPath)
+			
 		return fileHandler
 		
 	def isModified(self):
@@ -89,16 +97,15 @@ class LogReader:
 		"""
 		try:
 			self.logStats = os.stat(self.logPath)
+			if self.lastModTime == self.logStats.st_mtime:
+				return False
+			else:
+				logSys.debug(self.logPath+" has been modified")
+				self.lastModTime = self.logStats.st_mtime
+				return True
 		except OSError:
-			self.logSys.error("Unable to get stat on "+self.logPath)
-			sys.exit(-1)
-		
-		if self.lastModTime == self.logStats.st_mtime:
+			logSys.error("Unable to get stat on "+self.logPath)
 			return False
-		else:
-			self.logSys.debug(self.logPath+" has been modified")
-			self.lastModTime = self.logStats.st_mtime
-			return True
 	
 	def setFilePos(self, file):
 		""" Sets the file position. We must take care of log file rotation
@@ -107,13 +114,13 @@ class LogReader:
 		"""
 		line = file.readline()
 		if self.lastDate < self.getTime(line):
-			self.logSys.debug("Date " + `self.lastDate` + " is " +
-							"smaller than " + `self.getTime(line)`)
-			self.logSys.debug("Log rotation detected for " + self.logPath)
+			logSys.debug("Date " + `self.lastDate` + " is " + "smaller than " +
+							`self.getTime(line)`)
+			logSys.debug("Log rotation detected for " + self.logPath)
 			self.lastPos = 0
 		
-		self.logSys.debug("Setting file position to " + `self.lastPos` + " for "
-						+ self.logPath)
+		logSys.debug("Setting file position to " + `self.lastPos` + " for " +
+						self.logPath)
 		file.seek(self.lastPos)
 	
 	def getFailures(self):
@@ -124,28 +131,31 @@ class LogReader:
 			and the latest failure time.
 		"""
 		ipList = dict()
-		self.logSys.debug(self.logPath)
+		logSys.debug(self.logPath)
 		logFile = self.openLogFile()
 		self.setFilePos(logFile)
-		lastLine = ''
-		for line in logFile.readlines():
+		lastLine = None
+		for line in logFile:
+			if not self.hasTime(line):
+				# There is no valid time in this line
+				continue
 			lastLine = line
-			failList = self.findFailure(line)
-			for element in failList:
+			for element in self.findFailure(line):
 				ip = element[0]
 				unixTime = element[1]
 				if unixTime < time.time()-self.findTime:
 					break
 				if self.inIgnoreIPList(ip):
-					self.logSys.debug("Ignore "+ip)
+					logSys.debug("Ignore "+ip)
 					continue
-				self.logSys.debug("Found "+ip)
+				logSys.debug("Found "+ip)
 				if ipList.has_key(ip):
 					ipList[ip] = (ipList[ip][0]+1, unixTime)
 				else:
 					ipList[ip] = (1, unixTime)
 		self.lastPos = logFile.tell()
-		self.lastDate = self.getTime(lastLine)
+		if lastLine:
+			self.lastDate = self.getTime(lastLine)
 		logFile.close()
 		return ipList
 
@@ -168,6 +178,15 @@ class LogReader:
 						failList.append([ip, date])
 		return failList
 	
+	def hasTime(self, line):
+		""" Return true if the line contains a date
+		"""
+		timeMatch = re.search(self.timeregex, line)
+		if timeMatch:
+			return True
+		else:
+			return False
+	
 	def getTime(self, line):
 		""" Gets the time of a log message.
 		"""
@@ -184,6 +203,12 @@ class LogReader:
 		"""
 		date = list(time.strptime(value, self.timepattern))
 		if date[0] < 2000:
+			# There is probably no year field in the logs
 			date[0] = time.gmtime()[0]
+			# Bug fix for #1241756
+			# If the date is greater than the current time, we suppose
+			# that the log is not from this year but from the year before
+			if time.mktime(date) > time.time():
+				date[0] -= 1
 		unixTime = time.mktime(date)
 		return unixTime
diff --git a/man/fail2ban.8 b/man/fail2ban.8
new file mode 100644
index 00000000..c43b71ec
--- /dev/null
+++ b/man/fail2ban.8
@@ -0,0 +1,61 @@
+.\" 
+.TH "FAIL2BAN" "8" "July 2005" "Cyril Jaquier" "System administration tools"
+.SH "NAME"
+fail2ban \- bans IP that makes too many password failures
+.SH "SYNOPSIS"
+.B fail2ban
+[\fIOPTIONS\fR]
+.SH "DESCRIPTION"
+\fBFail2Ban\fR reads log file that contains password failure report
+and bans the corresponding IP addresses using firewall rules. It updates
+firewall rules to reject the IP address.
+.SH "OPTIONS"
+.TP 
+\fB\-b\fR
+start in background
+.TP 
+\fB\-d\fR
+start in debug mode. Commands are NOT executed but only displayed
+.TP 
+\fB\-c\fR \fIFILE\fR
+read configuration file \fIFILE\fR
+.TP 
+\fB\-p\fR \fIFILE\fR
+create PID lock in \fIFILE\fR
+.TP 
+\fB\-h, \-\-help\fR
+display this help message
+.TP 
+\fB\-i\fR \fIIP\fR
+\fIIP\fR(s) to ignore
+.TP 
+\fB\-k\fR
+kill a currently running Fail2Ban instance
+.TP 
+\fB\-r\fR \fIVALUE\fR
+allow a max of \fIVALUE\fR password failure [maxfailures]
+.TP 
+\fB\-t\fR \fITIME\fR
+ban IP for \fITIME\fR seconds [bantime]
+.TP 
+\fB\-f\fR \fITIME\fR
+lifetime in seconds of failed entry [findtime]
+.TP 
+\fB\-v\fR
+verbose. Use twice for greater effect
+.TP 
+\fB\-V, \-\-version\fR
+print software version
+.SH "FILES"
+.I /etc/fail2ban.conf
+.RS
+The configuration file. See \fBfail2ban.conf\fR(5) for further details.
+.SH "REPORTING BUGS"
+Please report bugs at http://sourceforge.net/projects/fail2ban/
+via bug tracker
+.SH "AUTHOR"
+Cyril Jaquier <lostcontrol@users.sourceforge.net>
+.SH "SEE ALSO"
+.TP 
+See
+.BR "http://fail2ban.sourceforge.net/".
diff --git a/man/fail2ban.conf.5 b/man/fail2ban.conf.5
new file mode 100644
index 00000000..91328a35
--- /dev/null
+++ b/man/fail2ban.conf.5
@@ -0,0 +1,20 @@
+.\" 
+.TH "FAIL2BAN.CONF" "5" "July 2005" "Cyril Jaquier" "System administration tools"
+.SH "NAME"
+fail2ban.conf \- configuration data for fail2ban
+.SH "DESCRIPTION"
+\fB/etc/fail2ban.conf\fR contains data about the general configuration of fail2ban, the mail notification and services to monitor.
+.SH "VARIABLES"
+Please look at the file itself
+.SH "FILES"
+.I /etc/fail2ban.conf
+.SH "REPORTING BUGS"
+Please report bugs at http://sourceforge.net/projects/fail2ban/
+via bug tracker
+.SH "AUTHOR"
+Cyril Jaquier <lostcontrol@users.sourceforge.net>
+.SH "SEE ALSO"
+.BR fail2ban (8)
+.TP 
+See
+.BR "http://fail2ban.sourceforge.net/".
diff --git a/setup.py b/setup.py
index eee601bc..a4f096f3 100755
--- a/setup.py
+++ b/setup.py
@@ -28,15 +28,55 @@ __license__ = "GPL"
 
 from distutils.core import setup
 from version import version
+from os.path import isfile, join
+from sys import exit, argv
+
+longdesc = '''
+Fail2Ban scans log files like /var/log/pwdfail or
+/var/log/apache/error_log and bans IP that makes
+too many password failures. It updates firewall rules
+to reject the IP address or executes user defined
+commands.'''
 
 setup(
-        name = "fail2ban",
-        version = version,
-        description = "Ban IPs that make too many password failure",
-        author = "Cyril Jaquier",
-        author_email = "lostcontrol@users.sourceforge.net",
-        url = "http://www.sourceforge.net/projects/fail2ban",
-        scripts = ['fail2ban.py'],
-        py_modules = ['version'],
-        packages = ['firewall', 'logreader', 'confreader', 'utils']
+	name = "fail2ban",
+	version = version,
+	description = "Ban IPs that make too many password failure",
+	long_description = longdesc,
+	author = "Cyril Jaquier",
+	author_email = "lostcontrol@users.sourceforge.net",
+	url = "http://fail2ban.sourceforge.net",
+	license = "GPL",
+	platforms = "Posix",
+	scripts = ['fail2ban'],
+	py_modules = ['fail2ban', 'version'],
+	packages = ['firewall', 'logreader', 'confreader', 'utils']
 )
+
+# Do some checks after installation
+# Search for obsolete files.
+obsoleteFiles = []
+elements = {"/usr/bin/": ["fail2ban.py"],
+			"/usr/lib/fail2ban/firewall/": ["iptables.py", "ipfwadm.py",
+											"ipfw.py"]}
+for dir in elements:
+	for f in elements[dir]:
+		path = join(dir, f)
+		if isfile(path):
+			obsoleteFiles.append(path)
+if obsoleteFiles:
+	print
+	print "Obsolete files from previous Fail2Ban versions were found on " \
+		  "your system."
+	print "Please delete them:"
+	print
+	for f in obsoleteFiles:
+		print "\t" + f
+	print
+
+# Update config file
+if argv[1] == "install":
+	print
+	print "Please do not forget to update your configuration file."
+	print "Use config/fail2ban.conf.default as example."
+	print
diff --git a/utils/dns.py b/utils/dns.py
index ce629d69..8d099753 100644
--- a/utils/dns.py
+++ b/utils/dns.py
@@ -24,7 +24,7 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-import os, re, socket
+import os, re, socket, struct
 
 def dnsToIp(dns):
 	""" Convert a DNS into an IP address using the Python socket module.
@@ -55,6 +55,16 @@ def searchIP(text):
 	else:
 		return []
 
+def isValidIP(str):
+	""" Return true if str is a valid IP
+	"""
+	s = str.split('/', 1)
+	try:
+		socket.inet_aton(s[0])
+		return True
+	except socket.error:
+		return False
+
 def textToIp(text):
 	""" Return the IP of DNS found in a given text.
 	"""
@@ -62,7 +72,8 @@ def textToIp(text):
 	# Search for plain IP
 	plainIP = searchIP(text)
 	for element in plainIP:
-		ipList.append(element)
+		if isValidIP(element):
+			ipList.append(element)
 	if not ipList:
 		# Try to get IP from possible DNS
 		dnsList = textToDns(text)
@@ -71,3 +82,21 @@ def textToIp(text):
 			for e in dns:
 				ipList.append(e)
 	return ipList
+
+def cidr(i, n):
+	""" Convert an IP address string with a CIDR mask into a 32-bit
+		integer.
+	"""
+	# 32-bit IPv4 address mask
+	MASK = 0xFFFFFFFFL
+	return ~(MASK >> n) & MASK & addr2bin(i)
+
+def addr2bin(str):
+	""" Convert a string IPv4 address into an unsigned integer.
+	"""
+	return struct.unpack("!L", socket.inet_aton(str))[0]
+
+def bin2addr(addr):
+	""" Convert a numeric IPv4 address into string n.n.n.n form.
+	"""
+	return socket.inet_ntoa(struct.pack("!L", addr))
diff --git a/utils/mail.py b/utils/mail.py
new file mode 100644
index 00000000..8a244d4f
--- /dev/null
+++ b/utils/mail.py
@@ -0,0 +1,79 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import logging, smtplib, email.Utils
+
+from utils.strings import replaceTag
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
+class Mail:
+	""" Mailer class
+	"""
+	
+	def __init__(self, host, port = 25):
+		self.host = host
+		self.port = port
+		self.localTimeFlag = False
+		
+	def setFromAddr(self, fromAddr):
+		""" Set from: address
+		"""
+		self.fromAddr = fromAddr
+	
+	def setToAddr(self, toAddr):
+		""" Set to: address
+		"""
+		self.toAddr = toAddr.split()
+
+	def setLocalTimeFlag(self, localTimeFlag):
+		""" Set to: address
+		"""
+		self.localTimeFlag = localTimeFlag
+
+	def sendmail(self, subject, message, aInfo):
+		""" Send an email using smtplib
+		"""
+		subj = replaceTag(subject, aInfo)
+		msg = replaceTag(message, aInfo)
+		
+		mail = ("From: %s\r\nTo: %s\r\nDate: %s\r\nSubject: %s\r\n\r\n" %
+				(self.fromAddr, ", ".join(self.toAddr),
+				email.Utils.formatdate(localtime = self.localTimeFlag),
+				subj)) + msg
+		
+		try:
+			server = smtplib.SMTP(self.host, self.port)
+			#server.set_debuglevel(1)
+			server.sendmail(self.fromAddr, self.toAddr, mail)
+			logSys.debug("Email sent to " + `self.toAddr`)
+			server.quit()	
+		except Exception, e:
+			logSys.error("Unable to send mail to " + self.host + ":" +
+						 `self.port` + " from " + self.fromAddr + " to " +
+						 `self.toAddr` + ": " + `e` + ": " + `e.args`)
+		
diff --git a/utils/pidlock.py b/utils/pidlock.py
new file mode 100644
index 00000000..4659dfb3
--- /dev/null
+++ b/utils/pidlock.py
@@ -0,0 +1,109 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import os, logging
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
+class PIDLock:
+	""" Manages the PID lock file.
+	
+		The following class shows how to implement the singleton pattern[1] in
+		Python. A singleton is a class that makes sure only one instance of it
+		is ever created. Typically such classes are used to manage resources
+		that by their very nature can only exist once.
+		
+		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/52558
+	"""
+	
+	class __impl:
+		""" Implementation of the singleton interface """
+
+		def setPath(self, path):
+			""" Set PID lock file path.
+			"""
+			self.path = path
+		
+		def create(self):
+			""" Create PID lock.
+			"""
+			try:
+				fileHandler = open(self.path, mode='w')
+				pid = os.getpid()
+				fileHandler.write(`pid` + '\n')
+				fileHandler.close()
+				logSys.debug("Created PID lock (" + `pid` + ") in " + self.path)
+				return True
+			except:
+				logSys.error("Unable to create PID lock " + self.path)
+				return False	
+		
+		def remove(self):
+			""" Remove PID lock.
+			"""
+			try:
+				os.remove(self.path)
+				logSys.debug("Removed PID lock " + self.path)
+			except OSError:
+				logSys.error("Unable to remove PID lock " + self.path)
+			except AttributeError:
+				# AttributeError if self.path wasn't specified yet
+				logSys.debug("PID lock not removed because not defined yet")
+		
+		def exists(self):
+			""" Returns the current PID if Fail2Ban is running or False
+				if no instance found.
+			"""
+			try:
+				fileHandler = open(self.path)
+				pid = fileHandler.readline()
+				fileHandler.close()
+				return pid
+			except IOError:
+				return False
+
+	# storage for the instance reference
+	__instance = None
+
+	def __init__(self):
+		""" Create singleton instance """
+		# Check whether we already have an instance
+		if PIDLock.__instance is None:
+			# Create and remember instance
+			PIDLock.__instance = PIDLock.__impl()
+
+		# Store instance reference as the only member in the handle
+		self.__dict__['_PIDLock__instance'] = PIDLock.__instance
+
+	def __getattr__(self, attr):
+		""" Delegate access to implementation """
+		return getattr(self.__instance, attr)
+
+	def __setattr__(self, attr, value):
+		""" Delegate access to implementation """
+		return setattr(self.__instance, attr, value)
+	
\ No newline at end of file
diff --git a/utils/process.py b/utils/process.py
new file mode 100644
index 00000000..b310f090
--- /dev/null
+++ b/utils/process.py
@@ -0,0 +1,137 @@
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+# Author: Cyril Jaquier
+# 
+# $Revision$
+
+__author__ = "Cyril Jaquier"
+__version__ = "$Revision$"
+__date__ = "$Date$"
+__copyright__ = "Copyright (c) 2004 Cyril Jaquier"
+__license__ = "GPL"
+
+import os, logging, signal
+
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
+class ExternalError(UserWarning):
+	""" Exception to warn about failed fwcheck or fwban command
+	"""
+	pass
+
+def createDaemon():
+	""" Detach a process from the controlling terminal and run it in the
+		background as a daemon.
+	
+		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/278731
+	"""
+
+	try:
+		# Fork a child process so the parent can exit.  This will return control
+		# to the command line or shell.  This is required so that the new process
+		# is guaranteed not to be a process group leader.  We have this guarantee
+		# because the process GID of the parent is inherited by the child, but
+		# the child gets a new PID, making it impossible for its PID to equal its
+		# PGID.
+		pid = os.fork()
+	except OSError, e:
+		return((e.errno, e.strerror))	 # ERROR (return a tuple)
+
+	if (pid == 0):	   # The first child.
+
+		# Next we call os.setsid() to become the session leader of this new
+		# session.  The process also becomes the process group leader of the
+		# new process group.  Since a controlling terminal is associated with a
+		# session, and this new session has not yet acquired a controlling
+		# terminal our process now has no controlling terminal.  This shouldn't
+		# fail, since we're guaranteed that the child is not a process group
+		# leader.
+		os.setsid()
+	
+		# When the first child terminates, all processes in the second child
+		# are sent a SIGHUP, so it's ignored.
+		signal.signal(signal.SIGHUP, signal.SIG_IGN)
+	
+		try:
+			# Fork a second child to prevent zombies.  Since the first child is
+			# a session leader without a controlling terminal, it's possible for
+			# it to acquire one by opening a terminal in the future.  This second
+			# fork guarantees that the child is no longer a session leader, thus
+			# preventing the daemon from ever acquiring a controlling terminal.
+			pid = os.fork()		# Fork a second child.
+		except OSError, e:
+			return((e.errno, e.strerror))  # ERROR (return a tuple)
+	
+		if (pid == 0):	  # The second child.
+			# Ensure that the daemon doesn't keep any directory in use.  Failure
+			# to do this could make a filesystem unmountable.
+			os.chdir("/")
+		else:
+			os._exit(0)	  # Exit parent (the first child) of the second child.
+	else:
+		os._exit(0)		 # Exit parent of the first child.
+
+	# Close all open files.  Try the system configuration variable, SC_OPEN_MAX,
+	# for the maximum number of open files to close.  If it doesn't exist, use
+	# the default value (configurable).
+	try:
+		maxfd = os.sysconf("SC_OPEN_MAX")
+	except (AttributeError, ValueError):
+		maxfd = 256	   # default maximum
+
+	for fd in range(0, maxfd):
+		try:
+			os.close(fd)
+		except OSError:   # ERROR (ignore)
+			pass
+
+	# Redirect the standard file descriptors to /dev/null.
+   	os.open("/dev/null", os.O_RDONLY)	# standard input (0)
+	os.open("/dev/null", os.O_RDWR)		# standard output (1)
+	os.open("/dev/null", os.O_RDWR)		# standard error (2)
+
+	return True
+
+def killPID(pid):
+	""" Kills the process with the given PID using the
+		INT signal (same effect as <ctrl>+<c>).
+	"""
+	try:
+		return os.kill(pid, 2)
+	except OSError:
+		logSys.error("Can not kill process " + `pid` + ". Please check that " +
+					"Fail2Ban is not running and remove the file " +
+					"'/tmp/fail2ban.pid'")
+		return False
+
+def executeCmd(cmd, debug):
+	""" Executes an OS command.
+	"""
+	if cmd == "":
+		logSys.debug("Nothing to do")
+		return None
+	
+	logSys.debug(cmd)
+	if not debug:
+		retval = os.system(cmd)
+		if not retval == 0:
+			logSys.error("'" + cmd + "' returned " + `retval`)
+			raise ExternalError("Execution of command '%s' failed" % cmd)
+		return retval
+	else:
+		return None
diff --git a/firewall/ipfwadm.py b/utils/strings.py
similarity index 60%
rename from firewall/ipfwadm.py
rename to utils/strings.py
index cfdccbd8..6ed7ece8 100644
--- a/firewall/ipfwadm.py
+++ b/utils/strings.py
@@ -24,25 +24,17 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-from firewall import Firewall
+import logging
 
-class Ipfwadm(Firewall):
-	""" This class contains specific methods and variables for the
-		iptables firewall. Must implements the 'abstracts' methods
-		banIP(ip) and unBanIP(ip).
-		
-		Must adds abstract methods definition:
-		http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/266468
+# Gets the instance of the logger.
+logSys = logging.getLogger("fail2ban")
+
+def replaceTag(query, aInfo):
+	""" Replace tags in query
 	"""
-	
-	def banIP(self, ip):
-		""" Returns query to ban IP.
-		"""
-		query = "ipfwadm -I -a deny -W "+self.interface+" -S "+ip
-		return query
-	
-	def unBanIP(self, ip):
-		""" Returns query to unban IP.
-		"""
-		query = "ipfwadm -I -d deny -W "+self.interface+" -S "+ip
-		return query
+	string = query
+	for tag in aInfo:
+		string = string.replace('<'+tag+'>', `aInfo[tag]`)
+	# New line
+	string = string.replace('<br>', '\n')
+	return string
diff --git a/version.py b/version.py
index 3d2fe563..794dd43b 100644
--- a/version.py
+++ b/version.py
@@ -24,4 +24,4 @@ __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.4.1"
+version = "0.6.0"