ENH: filter for stunnel from fail2ban wiki

ChangeLog

@@ -55,6 +55,7 @@ configuration before relying on it.
    * Added action xarf-login-attack to report formatted attack messages
      according to the XARF standard (v0.2). Close gh-105
    * Support PyPy
+   * Filter for stunnel
 
 - Enhancements
    * Multiline filter for sendmail-spam. Close gh-418

MANIFEST

@@ -136,6 +136,7 @@ fail2ban/tests/files/logs/selinux-ssh
 fail2ban/tests/files/logs/sendmail-spam
 fail2ban/tests/files/logs/sieve
 fail2ban/tests/files/logs/squid
+fail2ban/tests/files/logs/stunnel
 fail2ban/tests/files/logs/suhosin
 fail2ban/tests/files/logs/sogo-auth
 fail2ban/tests/files/logs/solid-pop3d
@@ -191,6 +192,7 @@ config/filter.d/sieve.conf
 config/filter.d/solid-pop3d.conf
 config/filter.d/sshd.conf
 config/filter.d/sshd-ddos.conf
+config/filter.d/stunnel.conf
 config/filter.d/vsftpd.conf
 config/filter.d/webmin-auth.conf
 config/filter.d/wuftpd.conf

config/filter.d/stunnel.conf

@@ -0,0 +1,8 @@
+# Fail2ban filter for stunnel
+# Based off: http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal#stunnel4
+
+[Definition]
+
+failregex = ^ LOG\d\[\d+:\d+\]:\ SSL_accept from <HOST>:\d+ : (?P<CODE>[\dA-F]+): error:(?P=CODE):SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate$
+
+datepattern = ^%Y.%m.%d %H:%M:%S

fail2ban/tests/files/logs/stunnel

@@ -0,0 +1,2 @@
+# failJSON: { "time": "2011-11-21T142916", "matches": true, "host": "10.7.41.61" }
+2011.11.21 14:29:16 LOG3[28228:140093368055552]: SSL_accept from 10.7.41.61:33454 : 140890C7: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate