Upgraded to fresh upstream 0.8.1

2007-10-16 17:01:23 -04:00 · 2007-10-16 17:01:23 -04:00 · bce05a1285
parent 8323a8cac8 e40468dfd3
commit bce05a1285
32 changed files with 843 additions and 98 deletions
--- a/27
+++ b/27
@ -4,9 +4,34 @@
             |_| \__,_|_|_/___|_.__/\__,_|_||_|
 =============================================================
-Fail2Ban (version 0.8.0)                           2007/05/03
+Fail2Ban (version 0.8.1)                           2007/08/14
 =============================================================
 ver. 0.8.1 (2007/08/14) - stable
 ----------
 - Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
 - Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
 - Improved regular expressions. Thanks to Yaroslav Halchenko
  and others
 - Added sendmail actions. The action started with "mail" are
  now deprecated. Thanks to Raphaël Marichez
 - Added "ignoreregex" support to fail2ban-regex
 - Updated suse-initd and added it to MANIFEST. Thanks to
  Christian Rauch
 - Tightening up the pid check in redhat-initd. Thanks to
  David Nutter
 - Added webmin authentication filter. Thanks to Guillaume
  Delvit
 - Removed textToDns() which is not required anymore. Thanks
  to Yaroslav Halchenko
 - Added new action iptables-allports. Thanks to Yaroslav
  Halchenko
 - Added "named" date format to date detector. Thanks to
  Yaroslav Halchenko
 - Added filter file for named (bind9). Thanks to Yaroslav
  Halchenko
 - Fixed vsftpd filter. Thanks to Yaroslav Halchenko
 ver. 0.8.0 (2007/05/03) - stable
 ----------
 - Fixed RedHat init script. Thanks to Jonathan Underwood
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 Metadata-Version: 1.0
 Name: fail2ban
-Version: 0.8.0
+Version: 0.8.1
 Summary: Ban IPs that make too many password failure
 Home-page: http://fail2ban.sourceforge.net
 Author: Cyril Jaquier
--- a/10
+++ b/10
@ -4,7 +4,7 @@
             |_| \__,_|_|_/___|_.__/\__,_|_||_|
 =============================================================
-Fail2Ban (version 0.8.0)                           2007/05/03
+Fail2Ban (version 0.8.1)                           2007/08/14
 =============================================================
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@ -28,8 +28,8 @@ Optional:
 To install, just do:
-> tar xvfj fail2ban-0.8.0.tar.bz2
+> tar xvfj fail2ban-0.8.1.tar.bz2
-> cd fail2ban-0.8.0
+> cd fail2ban-0.8.1
 > python setup.py install
 This will install Fail2Ban into /usr/share/fail2ban. The
@ -73,7 +73,9 @@ Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
 Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
 Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
 René Berber, mEDI, Axel Thimm, Eric Gerbier, Christian Rauch,
-Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner
+Michael C. Haller, Jonathan Underwood, Hanno 'Rince' Wagner,
 Daniel B. Cid, David Nutter, Raphaël Marichez, Guillaume
 Delvit, Vaclav Misek
 License:
 --------
--- a/common/version.py
+++ b/common/version.py
@ -16,12 +16,12 @@
 # Author: Cyril Jaquier
 # 
-# $Revision: 578 $
+# $Revision: 614 $
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 578 $"
+__version__ = "$Revision: 614 $"
-__date__ = "$Date: 2007-05-03 22:30:28 +0200 (Thu, 03 May 2007) $"
+__date__ = "$Date: 2007-08-14 23:39:15 +0200 (Tue, 14 Aug 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
-version = "0.8.0"
+version = "0.8.1"
--- a/config/action.d/iptables-allports.conf
+++ b/config/action.d/iptables-allports.conf
@ -0,0 +1,65 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
 # Modified: Yaroslav O. Halchenko <debian@onerussian.com>
 # 			made active on all ports from original iptables.conf
 #
 # $Revision: 606 $
 #
 [Definition]
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I INPUT -p <protocol> -j fail2ban-<name>
 # Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = iptables -D INPUT -p <protocol> -j fail2ban-<name>
             iptables -F fail2ban-<name>
             iptables -X fail2ban-<name>
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = iptables -n -L INPUT | grep -q fail2ban-<name>
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
 [Init]
 # Defaut name of the chain
 #
 name = default
 # Option:  protocol
 # Notes.:  internally used by config reader for interpolations.
 # Values:  [ tcp | udp | icmp | all ] Default: tcp
 #
 protocol = tcp
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@ -12,7 +12,7 @@
 # Values:  CMD
 #
 actionstart = echo -en "Hi,\n
-              The jail <name> has been started successfuly.\n
+              The jail <name> has been started successfully.\n
              Output will be buffered until <lines> lines are available.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 # Modified-By: Yaroslav Halchenko to include grepping on IP over log files
-# $Revision: 520 $
+# $Revision: 595 $
 #
 [Definition]
@ -12,7 +12,7 @@
 # Values:  CMD
 #
 actionstart = echo -en "Hi,\n
-              The jail <name> has been started successfuly.\n
+              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 510 $
+# $Revision: 595 $
 #
 [Definition]
@ -12,7 +12,7 @@
 # Values:  CMD
 #
 actionstart = echo -en "Hi,\n
-              The jail <name> has been started successfuly.\n
+              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 510 $
+# $Revision: 595 $
 #
 [Definition]
@ -12,7 +12,7 @@
 # Values:  CMD
 #
 actionstart = echo -en "Hi,\n
-              The jail <name> has been started successfuly.\n
+              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban"|mail -s "[Fail2Ban] <name>: started" <dest>
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@ -0,0 +1,105 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
 #
 # $Revision: 604 $
 #
 [Definition]
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = echo -en "Subject: [Fail2Ban] <name>: started
              From: Fail2Ban <<sender>>
              To: <dest>\n
              Hi,\n
              The jail <name> has been started successfully.\n
              Output will be buffered until <lines> lines are available.\n
              Regards,\n
              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = if [ -f <tmpfile> ]; then
                 echo -en "Subject: [Fail2Ban] <name>: summary
                 From: Fail2Ban <<sender>>
                 To: <dest>\n
                 Hi,\n
                 These hosts have been banned by Fail2Ban.\n
                 `cat <tmpfile>`
                 Regards,\n
                 Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
                 rm <tmpfile>
             fi
             echo -en "Subject: [Fail2Ban] <name>: stopped
             From: Fail2Ban <<sender>>
             To: <dest>\n
             Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionban = echo `date`": <ip> (<failures> failures)" >> <tmpfile>
            LINE=$( wc -l <tmpfile> | awk '{ print $1 }' )
            if [ $LINE -eq <lines> ]; then
                echo -en "Subject: [Fail2Ban] <name>: summary
                From: Fail2Ban <<sender>>
                To: <dest>\n
                Hi,\n
                These hosts have been banned by Fail2Ban.\n
                `cat <tmpfile>`
                Regards,\n
                Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
                rm <tmpfile>
            fi
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionunban = 
 [Init]
 # Defaut name of the chain
 #
 name = default
 # Destination/Addressee of the mail
 #
 dest = root
 # Sender of the mail
 #
 sender = fail2ban
 # Default number of lines that are buffered
 #
 lines = 5
 # Default temporary file
 #
 tmpfile = /tmp/fail2ban-mail.txt
--- a/config/action.d/sendmail-whois-lines.conf
+++ b/config/action.d/sendmail-whois-lines.conf
@ -0,0 +1,88 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
 #
 # $Revision: 595 $
 #
 [Definition]
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = echo -en "Subject: [Fail2Ban] <name>: started
              From: Fail2Ban <<sender>>
              To: <dest>\n
              Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
             From: Fail2Ban <<sender>>
             To: <dest>\n
             Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
            From: Fail2Ban <<sender>>
            To: <dest>\n
            Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here are more information about <ip>:\n
            `/usr/bin/whois <ip>`\n\n
            Lines containing IP:<ip> in <logpath>\n
            `/bin/grep '\<<ip>\>' <logpath>`\n\n
            Regards,\n
            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionunban = 
 [Init]
 # Defaut name of the chain
 #
 name = default
 # Destination/Addressee of the mail
 #
 dest = root
 # Sender of the mail
 #
 sender = fail2ban
 # Path to the log files which contain relevant lines for the abuser IP
 #
 logpath = /dev/null
--- a/config/action.d/sendmail-whois.conf
+++ b/config/action.d/sendmail-whois.conf
@ -0,0 +1,82 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
 #
 # $Revision: 595 $
 #
 [Definition]
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = echo -en "Subject: [Fail2Ban] <name>: started
              From: Fail2Ban <<sender>>
              To: <dest>\n
              Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
             From: Fail2Ban <<sender>>
             To: <dest>\n
             Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
            From: Fail2Ban <<sender>>
            To: <dest>\n
            Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n\n
            Here are more information about <ip>:\n
            `/usr/bin/whois <ip>`\n
            Regards,\n
            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionunban = 
 [Init]
 # Defaut name of the chain
 #
 name = default
 # Destination/Addressee of the mail
 #
 dest = root
 # Sender of the mail
 #
 sender = fail2ban
--- a/config/action.d/sendmail.conf
+++ b/config/action.d/sendmail.conf
@ -0,0 +1,80 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
 #
 # $Revision: 595 $
 #
 [Definition]
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = echo -en "Subject: [Fail2Ban] <name>: started
              From: Fail2Ban <<sender>>
              To: <dest>\n
              Hi,\n
              The jail <name> has been started successfully.\n
              Regards,\n
              Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actionend
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = echo -en "Subject: [Fail2Ban] <name>: stopped
             From: Fail2Ban <<sender>>
             To: <dest>\n
             Hi,\n
             The jail <name> has been stopped.\n
             Regards,\n
             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionban = echo -en "Subject: [Fail2Ban] <name>: banned <ip>
            From: Fail2Ban <<sender>>
            To: <dest>\n
            Hi,\n
            The IP <ip> has just been banned by Fail2Ban after
            <failures> attempts against <name>.\n
            Regards,\n
            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionunban = 
 [Init]
 # Defaut name of the chain
 #
 name = default
 # Destination/Addressee of the mail
 #
 dest = root
 # Sender of the mail
 #
 sender = fail2ban
--- a/config/filter.d/named-refused.conf
+++ b/config/filter.d/named-refused.conf
@ -0,0 +1,34 @@
 # Fail2Ban configuration file for named (bind9). Trying to generalize the
 #          structure which is general to capture general patterns in log
 #          lines to cover different configurations/distributions
 #
 # Author: Yaroslav Halchenko
 #
 # $Revision: 608 $
 #
 [Definition]
 # if you want to catch only login erros from specific daemons, use smth like
 #_named_rcodes=(?:REFUSED|SERVFAIL)
 # To catch all REFUSED queries only
 _named_rcodes=REFUSED
 _daemon=named
 #
 # Shortcuts for easier comprehension of the failregex
 __pid_re=(?:\[\d+\])
 __daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
 __daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
 #       hostname       daemon_id         spaces
 # this can be optional (for instance if we match named native log files)
 __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)?
 # Option: failregex
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT
 #
 failregex = %(__line_prefix)sunexpected RCODE \(%(_named_rcodes)s\) resolving '.*': <HOST>#\S+$
 		    %(__line_prefix)sclient <HOST>#\S+: query(?: \(cache\))? '.*' denied\s*$
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@ -2,7 +2,7 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision: 510 $
+# $Revision: 603 $
 #
 [Definition]
@ -15,6 +15,7 @@
 # Values: TEXT
 #
 failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
            \(\S*\[<HOST>\]\) - USER \S+ \(Login failed\): Incorrect password.$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/pure-ftpd.conf
+++ b/config/filter.d/pure-ftpd.conf
@ -19,7 +19,7 @@ __errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'ut
 #         (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
-failregex = pure-ftpd: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
+failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/sshd-ddos.conf
+++ b/config/filter.d/sshd-ddos.conf
@ -2,7 +2,7 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision: 510 $
+# $Revision: 592 $
 #
 [Definition]
@ -14,7 +14,7 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = sshd\[\S*\]: Did not receive identification string from <HOST>
+failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 551 $
+# $Revision: 613 $
 #
 [Definition]
@ -14,10 +14,12 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
-failregex = Authentication failure for .* from <HOST>
+failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
-            Failed [-/\w]+ for .* from <HOST>
+            Failed [-/\w]+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
-            ROOT LOGIN REFUSED .* FROM <HOST>
+            ROOT LOGIN REFUSED.* FROM <HOST>\s*$
-            [iI](?:llegal|nvalid) user .* from <HOST>
+            [iI](?:llegal|nvalid) user .* from <HOST>\s*$
            User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
            User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 534 $
+# $Revision: 610 $
 #
 [Definition]
@ -14,8 +14,8 @@
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values: TEXT
 #
-failregex = vsftpd: .* authentication failure; .* rhost=<HOST>$
+failregex = vsftpd(?:\[\d+\])?: .* authentication failure; .* rhost=<HOST>\s*$
-            \[.+\] FAIL LOGIN: Client "<HOST>"$
+            \[.+\] FAIL LOGIN: Client "<HOST>"\s*$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
--- a/config/filter.d/webmin-auth.conf
+++ b/config/filter.d/webmin-auth.conf
@ -0,0 +1,28 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
 # Rule by : Delvit Guillaume
 #
 # $Revision: 601 $
 #
 [Definition]
 # patern :      webmin[15673]: Non-existent login as toto from 86.0.6.217
 #               webmin[29544]: Invalid login as root from 86.0.6.217
 #
 # Option:  failregex
 # Notes.:  regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 failregex = webmin.* Non-existent login as .+ from <HOST>$
            webmin.* Invalid login as .+ from <HOST>$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex = 
--- a/config/filter.d/wuftpd.conf
+++ b/config/filter.d/wuftpd.conf
@ -2,7 +2,7 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision:  $
+# $Revision: 592 $
 #
 [Definition]
@ -11,4 +11,4 @@
 # Notes.: regex to match the password failures messages in the logfile.
 # Values: TEXT
 #
-failregex = wu-ftpd\[\d+\]:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>
+failregex = wu-ftpd(?:\[\d+\])?:\s+\(pam_unix\)\s+authentication failure.* rhost=<HOST>$
--- a/config/jail.conf
+++ b/config/jail.conf
@ -2,7 +2,7 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision: 552 $
+# $Revision: 611 $
 #
 # The DEFAULT allows a global definition of the options. They can be override
@ -45,7 +45,7 @@ backend = auto
 enabled  = false
 filter   = sshd
 action   = iptables[name=SSH, port=ssh, protocol=tcp]
-           mail-whois[name=SSH, dest=yourmail@mail.com]
+           sendmail-whois[name=SSH, dest=you@mail.com, sender=fail2ban@mail.com]
 logpath  = /var/log/sshd.log
 maxretry = 5
@ -54,7 +54,7 @@ maxretry = 5
 enabled  = false
 filter   = proftpd
 action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
-           mail-whois[name=ProFTPD, dest=yourmail@mail.com]
+           sendmail-whois[name=ProFTPD, dest=you@mail.com]
 logpath  = /var/log/proftpd/proftpd.log
 maxretry = 6
@ -66,7 +66,7 @@ enabled  = false
 filter   = sasl
 backend  = polling
 action   = iptables[name=sasl, port=smtp, protocol=tcp]
-           mail-whois[name=sasl, dest=yourmail@mail.com]
+           sendmail-whois[name=sasl, dest=you@mail.com]
 logpath  = /var/log/mail.log
 # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
@ -77,7 +77,7 @@ logpath  = /var/log/mail.log
 enabled     = false
 filter      = sshd
 action      = hostsdeny
-              mail-whois[name=SSH, dest=yourmail@mail.com]
+              sendmail-whois[name=SSH, dest=you@mail.com]
 ignoreregex = for myuser from
 logpath     = /var/log/sshd.log
@ -101,7 +101,7 @@ maxretry = 6
 enabled  = false
 filter   = postfix
 action   = hostsdeny[file=/not/a/standard/path/hosts.deny]
-           mail[name=Postfix, dest=yourmail@mail.com]
+           sendmail[name=Postfix, dest=you@mail.com]
 logpath  = /var/log/postfix.log
 bantime  = 300
@ -112,7 +112,7 @@ bantime  = 300
 enabled  = false
 filter   = vsftpd
-action   = mail-whois[name=VSFTPD, dest=yourmail@mail.com]
+action   = sendmail-whois[name=VSFTPD, dest=you@mail.com]
 logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800
@ -124,7 +124,7 @@ bantime  = 1800
 enabled  = false
 filter   = vsftpd
 action   = iptables[name=VSFTPD, port=ftp, protocol=tcp]
-           mail-whois[name=VSFTPD, dest=yourmail@mail.com]
+           sendmail-whois[name=VSFTPD, dest=you@mail.com]
 logpath  = /var/log/vsftpd.log
 maxretry = 5
 bantime  = 1800
@ -137,7 +137,7 @@ bantime  = 1800
 enabled  = false
 filter   = apache-badbots
 action   = iptables-multiport[name=BadBots, port="http,https"]
-           mail-buffered[name=BadBots, lines=5, dest=yourmail@mail.com]
+           sendmail-buffered[name=BadBots, lines=5, dest=you@mail.com]
 logpath  = /var/www/*/logs/access_log
 bantime  = 172800
 maxretry = 1
@ -149,7 +149,7 @@ maxretry = 1
 enabled  = false
 filter   = apache-noscript
 action   = shorewall
-           mail[name=Postfix, dest=yourmail@mail.com]
+           sendmail[name=Postfix, dest=you@mail.com]
 logpath  = /var/log/apache2/error_log
 # This jail uses ipfw, the standard firewall on FreeBSD. The "ignoreip"
@ -162,6 +162,44 @@ logpath  = /var/log/apache2/error_log
 enabled  = false
 filter   = sshd
 action   = ipfw[localhost=192.168.0.1]
-           mail-whois[name="SSH,IPFW", dest=yourmail@mail.com]
+           sendmail-whois[name="SSH,IPFW", dest=you@mail.com]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1
 # These jails block attacks against named (bind9). By default, logging is off
 # with bind9 installation. You will need something like this:
 #
 # logging {
 #     channel lame-servers_file {
 #         file "/var/log/named/lame-servers.log" versions 3 size 30m;
 #         severity dynamic;
 #         print-time yes;
 #     };
 #     category lame-servers {
 #         lame-servers_file;
 #     };
 # }
 #
 # in your named.conf to provide proper logging.
 # This jail blocks UDP traffic for DNS requests.
 [named-refused-udp]
 enabled  = false
 filter   = named-refused
 action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
           sendmail-whois[name=Named, dest=you@mail.com]
 logpath  = /var/log/named/lame-servers.log
 ignoreip = 168.192.0.1
 # This jail blocks TCP traffic for DNS requests.
 [named-refused-tcp]
 enabled  = false
 filter   = named-refused
 action   = iptables-multiport[name=Named, port="domain,953", protocol=tcp]
           sendmail-whois[name=Named, dest=you@mail.com]
 logpath  = /var/log/named/lame-servers.log
 ignoreip = 168.192.0.1
--- a/107
+++ b/107
@ -17,11 +17,11 @@
 # Author: Cyril Jaquier
 # 
-# $Revision: 530 $
+# $Revision: 596 $
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 530 $"
+__version__ = "$Revision: 596 $"
-__date__ = "$Date: 2007-01-29 21:31:04 +0100 (Mon, 29 Jan 2007) $"
+__date__ = "$Date: 2007-07-10 21:54:01 +0200 (Tue, 10 Jul 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
@ -68,6 +68,7 @@ class Fail2banRegex:
 	def __init__(self):
 		self.__filter = Filter(None)
 		self.__ignoreregex = list()
 		self.__failregex = list()
 		# Setup logging
 		logging.getLogger("fail2ban").handlers = []
@ -92,7 +93,7 @@ class Fail2banRegex:
 	@staticmethod
 	def dispUsage():
-		print "Usage: "+sys.argv[0]+" [OPTIONS] <LOG> <REGEX>"
+		print "Usage: "+sys.argv[0]+" [OPTIONS] <LOG> <REGEX> [IGNOREREGEX]"
 		print
 		print "Fail2Ban v" + version + " reads log file that contains password failure report"
 		print "and bans the corresponding IP addresses using firewall rules."
@ -111,6 +112,10 @@ class Fail2banRegex:
 		print "    string                  a string representing a 'failregex'"
 		print "    filename                path to a filter file (filter.d/sshd.conf)"
 		print
 		print "IgnoreRegex:"
 		print "    string                  a string representing an 'ignoreregex'"
 		print "    filename                path to a filter file (filter.d/sshd.conf)"
 		print
 		print "Report bugs to <lostcontrol@users.sourceforge.net>"
 	def getCmdLineOptions(self, optList):
@ -128,6 +133,35 @@ class Fail2banRegex:
 	def logIsFile(value):
 		return os.path.isfile(value)
 	def readIgnoreRegex(self, value):
 		if os.path.isfile(value):
 			reader = SafeConfigParser()
 			try:
 				reader.read(value)
 				print "Use ignoreregex file : " + value
 				self.__ignoreregex = [RegexStat(m)
 									for m in reader.get("Definition", "ignoreregex").split('\n')]
 			except NoSectionError:
 				print "No [Definition] section in " + value
 				print
 				return False
 			except NoOptionError:
 				print "No failregex option in " + value
 				print
 				return False
 			except MissingSectionHeaderError:
 				print "No section headers in " + value
 				print
 				return False
 		else:
 			if len(value) > 53:
 				stripReg = value[0:50] + "..."
 			else:
 				stripReg = value
 			print "Use ignoreregex line : " + stripReg
 			self.__ignoreregex = [RegexStat(value)]
 		return True
 	def readRegex(self, value):
 		if os.path.isfile(value):
 			reader = SafeConfigParser()
@ -157,8 +191,27 @@ class Fail2banRegex:
 			self.__failregex = [RegexStat(value)]
 		return True
 	def testIgnoreRegex(self, line):
 		found = False
 		for regex in self.__ignoreregex:
 			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
 			try:
 				self.__filter.addIgnoreRegex(regex.getFailRegex())
 				try:
 					ret = self.__filter.ignoreLine(line)
 					if ret:
 						regex.inc()
 				except RegexException, e:
 					print e
 					return False
 			finally:
 				self.__filter.delIgnoreRegex(0)
 				logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
 	def testRegex(self, line):
 		found = False
 		for regex in self.__ignoreregex:
 			self.__filter.addIgnoreRegex(regex.getFailRegex())
 		for regex in self.__failregex:
 			logging.getLogger("fail2ban").setLevel(logging.DEBUG)
 			try:
@ -182,6 +235,8 @@ class Fail2banRegex:
 			finally:
 				self.__filter.delFailRegex(0)
 				logging.getLogger("fail2ban").setLevel(logging.CRITICAL)
 		for regex in self.__ignoreregex:
 					self.__filter.delIgnoreRegex(0)
 	def printStats(self):
 		print
@ -191,17 +246,19 @@ class Fail2banRegex:
 		# Print title
 		cnt = 1
-		print "Failregex:"
+		print "Failregex"
 		print "|- Regular expressions:"
 		for failregex in self.__failregex:
-			print "[" + str(cnt) + "] " + failregex.getFailRegex()
+			print "|  [" + str(cnt) + "] " + failregex.getFailRegex()
 			cnt += 1
 		cnt = 1
-		print
+		print "|"
 		# Print stats
 		cnt = 1
 		total = 0
-		print "Number of matches:"
+		print "`- Number of matches:"
 		for failregex in self.__failregex:
 			match = failregex.getStats()
 			total += match
@ -210,6 +267,30 @@ class Fail2banRegex:
 		print
 		# Print title
 		cnt = 1
 		print "Ignoreregex"
 		print "|- Regular expressions:"
 		for failregex in self.__ignoreregex:
 			print "|  [" + str(cnt) + "] " + failregex.getFailRegex()
 			cnt += 1
 		cnt = 1
 		print "|"
 		# Print stats
 		cnt = 1
 		print "`- Number of matches:"
 		for failregex in self.__ignoreregex:
 			match = failregex.getStats()
 			print "   [" + str(cnt) + "] " + str(match) + " match(es)"
 			cnt += 1
 		print
 		print "Summary"
 		print "======="
 		print
 		if total == 0:
 			print "Sorry, no match"
 			print
@ -236,7 +317,7 @@ class Fail2banRegex:
 			print "Date template hits:"
 			for template in self.__filter.dateDetector.getTemplates():
-				print `template.getHits()` + " hit: " + template.getName()
+				print `template.getHits()` + " hit(s): " + template.getName()
 			print
@ -260,7 +341,7 @@ if __name__ == "__main__":
 	# Process command line
 	fail2banRegex.getCmdLineOptions(optList)
 	# We need exactly 3 parameters
-	if not len(sys.argv) == 3:
+	if not len(sys.argv) in (3, 4):
 		fail2banRegex.dispUsage()
 		sys.exit(-1)
 	else:
@ -269,6 +350,10 @@ if __name__ == "__main__":
 		print "============="
 		print
 		if len(sys.argv) == 4:
 			if fail2banRegex.readIgnoreRegex(sys.argv[3]) == False:
 				sys.exit(-1)
 		if fail2banRegex.readRegex(sys.argv[2]) == False:
 			sys.exit(-1)
@ -278,6 +363,7 @@ if __name__ == "__main__":
 				print "Use log file   : " + sys.argv[1]
 				print
 				for line in hdlr:
 					fail2banRegex.testIgnoreRegex(line)
 					fail2banRegex.testRegex(line)
 			except IOError, e:
 				print e
@ -290,6 +376,7 @@ if __name__ == "__main__":
 				stripLog = sys.argv[1]
 			print "Use single line: " + stripLog
 			print
 			fail2banRegex.testIgnoreRegex(sys.argv[1])
 			fail2banRegex.testRegex(sys.argv[1])
 		if fail2banRegex.printStats():
--- a/files/redhat-initd
+++ b/files/redhat-initd
@ -20,7 +20,7 @@ FAIL2BAN="/usr/bin/fail2ban-client"
 RETVAL=0
 getpid() {
-    pid=`ps -ef | grep fail2ban-|grep -v grep|awk '{print $2}'`
+    pid=`ps -eo pid,comm | grep fail2ban- | awk '{ print $1 }'`
 }
 start() {
--- a/files/suse-initd
+++ b/files/suse-initd
@ -0,0 +1,96 @@
 #!/bin/sh
 #
 # /etc/init.d/fail2ban
 #   and its symbolic link
 # /usr/sbin/rcfail2ban
 #
 ### BEGIN INIT INFO
 # Provides:          fail2ban
 # Required-Start:    $syslog $remote_fs sendmail
 # Required-Stop:     $syslog $remote_fs
 # Should-Stop: $time ypbind sendmail
 # Default-Start:     3 5
 # Default-Stop:      0 1 2 6
 # Description:       startup Fail2Ban
 ### END INIT INFO
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/sbin:/usr/bin:/bin
 FAIL2BAN_BIN=/usr/local/bin/fail2ban-client
 FAIL2BAN_SERVER=/usr/local/bin/fail2ban-server
 FAIL2BAN_SOCKET=/tmp/fail2ban.sock
 test -x $FAIL2BAN_BIN || { echo "$FAIL2BAN_BIN not installed";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 5; fi; }
 # Check for existence of needed config file and read it
 FAIL2BAN_CONFIG=/etc/fail2ban/fail2ban.conf
 test -r $FAIL2BAN_CONFIG || { echo "$FAIL2BAN_CONFIG not existing";
        if [ "$1" = "stop" ]; then exit 0;
        else exit 6; fi; }
 . /etc/rc.status
 # Reset status of this service
 rc_reset
 case "$1" in
    start)
        echo -n "Starting Fail2Ban "
        /sbin/startproc $FAIL2BAN_BIN start &>/dev/null
        rc_status -v
        ;;
    stop)
        echo -n "Shutting down Fail2ban "
        /sbin/startproc $FAIL2BAN_BIN -q stop
        rc_status -v
        ;;
    try-restart|condrestart)
        if test "$1" = "condrestart"; then
                echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
        fi
        $0 status
        if test $? = 0; then
                $0 restart
        else
                rc_reset        # Not running is not a failure.
        fi
        rc_status
        ;;
    restart)
        $0 stop
        echo -n "-wait a minute "
        i=60
        while [ -e $FAIL2BAN_SOCKET ] && [ $i -gt 0 ]; do
                sleep 1
                i=$[$i-1]
                echo -n "."
        done
        echo "."
        $0 start
        # Remember status and be quiet
        rc_status
        ;;
    force-reload)
        echo -n "Reload service Fail2ban "
        /sbin/startproc $FAIL2BAN_BIN -q reload
        rc_status -v
        ;;
    reload)
        echo -n "Reload service Fail2ban "
        /sbin/startproc $FAIL2BAN_BIN -q reload
        rc_status -v
        ;;
    status)
        echo -n "Checking for service Fail2ban "
        /sbin/checkproc $FAIL2BAN_SERVER
        rc_status -v
        ;;
    probe)
        test /etc/fail2ban/fail2ban.conf -nt /var/run/fail2ban.pid && echo reload
        ;;
    *)
        echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
        exit 1
        ;;
 esac
 rc_exit
--- a/man/fail2ban-client.1
+++ b/man/fail2ban-client.1
@ -1,11 +1,11 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-CLIENT "1" "May 2007" "fail2ban-client v0.8.0" "User Commands"
+.TH FAIL2BAN-CLIENT "1" "August 2007" "fail2ban-client v0.8.1" "User Commands"
 .SH NAME
 fail2ban-client \- configure and control the server
 .SH DESCRIPTION
 [?1034hUsage: ../fail2ban\-client [OPTIONS] <COMMAND>
 .PP
-Fail2Ban v0.8.0 reads log file that contains password failure report
+Fail2Ban v0.8.1 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .SH OPTIONS
 .TP
--- a/man/fail2ban-regex.1
+++ b/man/fail2ban-regex.1
@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-REGEX "1" "May 2007" "fail2ban-regex v0.8.0" "User Commands"
+.TH FAIL2BAN-REGEX "1" "August 2007" "fail2ban-regex v0.8.1" "User Commands"
 .SH NAME
 fail2ban-regex \- test Fail2ban "failregex" option
 .SH SYNOPSIS
 .B fail2ban-regex
-[\fIOPTIONS\fR] \fI<LOG> <REGEX>\fR
+[\fIOPTIONS\fR] \fI<LOG> <REGEX> \fR[\fIIGNOREREGEX\fR]
 .SH DESCRIPTION
-Fail2Ban v0.8.0 reads log file that contains password failure report
+Fail2Ban v0.8.1 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 This tools can test regular expressions for "fail2ban".
@ -31,6 +31,13 @@ a string representing a 'failregex'
 .TP
 \fBfilename\fR
 path to a filter file (filter.d/sshd.conf)
 .SS "IgnoreRegex:"
 .TP
 \fBstring\fR
 a string representing an 'ignoreregex'
 .TP
 \fBfilename\fR
 path to a filter file (filter.d/sshd.conf)
 .SH AUTHOR
 Written by Cyril Jaquier <lostcontrol@users.sourceforge.net>.
 Many contributions by Yaroslav O. Halchenko <debian@onerussian.com>.
--- a/man/fail2ban-server.1
+++ b/man/fail2ban-server.1
@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.36.
-.TH FAIL2BAN-SERVER "1" "May 2007" "fail2ban-server v0.8.0" "User Commands"
+.TH FAIL2BAN-SERVER "1" "August 2007" "fail2ban-server v0.8.1" "User Commands"
 .SH NAME
 fail2ban-server \- start the server
 .SH SYNOPSIS
 .B fail2ban-server
 [\fIOPTIONS\fR]
 .SH DESCRIPTION
-Fail2Ban v0.8.0 reads log file that contains password failure report
+Fail2Ban v0.8.1 reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .PP
 Only use this command for debugging purpose. Start the server with
--- a/server/datedetector.py
+++ b/server/datedetector.py
@ -16,11 +16,11 @@
 # Author: Cyril Jaquier
 # 
-# $Revision: 568 $
+# $Revision: 607 $
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 568 $"
+__version__ = "$Revision: 607 $"
-__date__ = "$Date: 2007-04-01 22:42:05 +0200 (Sun, 01 Apr 2007) $"
+__date__ = "$Date: 2007-08-09 00:16:22 +0200 (Thu, 09 Aug 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
@ -80,6 +80,12 @@ class DateDetector:
 			template.setRegex("\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
 			template.setPattern("%Y-%m-%d %H:%M:%S")
 			self.__templates.append(template)
 			# named 26-Jul-2007 15:20:52.252 
 			template = DateStrptime()
 			template.setName("Day-Month-Year Hour:Minute:Second[.Millisecond]")
 			template.setRegex("\d{2}-\S{3}-\d{4} \d{2}:\d{2}:\d{2}")
 			template.setPattern("%d-%b-%Y %H:%M:%S")
 			self.__templates.append(template)
 			# TAI64N
 			template = DateTai64n()
 			template.setName("TAI64N")
--- a/server/failregex.py
+++ b/server/failregex.py
@ -16,11 +16,11 @@
 # Author: Cyril Jaquier
 # 
-# $Revision: 503 $
+# $Revision: 589 $
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 503 $"
+__version__ = "$Revision: 589 $"
-__date__ = "$Date: 2006-12-23 17:31:00 +0100 (Sat, 23 Dec 2006) $"
+__date__ = "$Date: 2007-06-25 23:43:25 +0200 (Mon, 25 Jun 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
@ -40,9 +40,7 @@ class FailRegex(Regex):
 	# avoid construction of invalid object.
 	# @param value the regular expression
-	def __init__(self, value):
+	def __init__(self, regex):
 		# Replace "<HOST>" with default regular expression for host.
 		regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
 		# Initializes the parent.
 		Regex.__init__(self, regex)
 		# Check for group "host"
--- a/server/filter.py
+++ b/server/filter.py
@ -16,11 +16,11 @@
 # Author: Cyril Jaquier
 # 
-# $Revision: 567 $
+# $Revision: 605 $
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 567 $"
+__version__ = "$Revision: 605 $"
-__date__ = "$Date: 2007-03-26 23:17:31 +0200 (Mon, 26 Mar 2007) $"
+__date__ = "$Date: 2007-08-08 00:11:34 +0200 (Wed, 08 Aug 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
@ -413,6 +413,20 @@ class Filter(JailThread):
 		self.__closeLogFile()
 		return True
 	##
 	# Returns true if the line should be ignored.
 	#
 	# Uses ignoreregex.
 	# @param line: the line
 	# @return: a boolean
 	def ignoreLine(self, line):
 		for ignoreRegex in self.__ignoreRegex:
 			ignoreRegex.search(line)
 			if ignoreRegex.hasMatched():
 				return True
 		return False
 	##
 	# Finds the failure in a line.
 	#
@ -423,11 +437,8 @@ class Filter(JailThread):
 	def findFailure(self, line):
 		failList = list()
 		# Checks if we must ignore this line.
-		for ignoreRegex in self.__ignoreRegex:
+		if self.ignoreLine(line):
 			ignoreRegex.search(line)
 			if ignoreRegex.hasMatched():
 			# The ignoreregex matched. Return.
 				logSys.debug("Ignoring this line")
 			return failList
 		# Iterates over all the regular expressions.
 		for failRegex in self.__failRegex:
@ -492,17 +503,6 @@ class DNSUtils:
 						% dns)
 			return list()
 	@staticmethod
 	def textToDns(text):
 		""" Search for possible DNS in an arbitrary text.
 			Thanks to Tom Pike.
 		"""
 		match = DNSUtils.DNS_CRE.match(text)
 		if match:
 			return match
 		else:
 			return None
 	@staticmethod
 	def searchIP(text):
 		""" Search if an IP address if directly available and return
@ -538,9 +538,7 @@ class DNSUtils:
 				ipList.append(plainIPStr)
 		if not ipList:
 			# Try to get IP from possible DNS
-			dns = DNSUtils.textToDns(text)
+			ip = DNSUtils.dnsToIp(text)
 			if not dns == None:
 				ip = DNSUtils.dnsToIp(dns.group(0))
 			for e in ip:
 				ipList.append(e)
 		return ipList
--- a/server/regex.py
+++ b/server/regex.py
@ -16,11 +16,11 @@
 # Author: Cyril Jaquier
 # 
-# $Revision: 505 $
+# $Revision: 589 $
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 505 $"
+__version__ = "$Revision: 589 $"
-__date__ = "$Date: 2006-12-24 00:20:16 +0100 (Sun, 24 Dec 2006) $"
+__date__ = "$Date: 2007-06-25 23:43:25 +0200 (Mon, 25 Jun 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
@ -42,6 +42,9 @@ class Regex:
 	def __init__(self, regex):
 		self._matchCache = None
 		# Perform shortcuts expansions.
 		# Replace "<HOST>" with default regular expression for host.
 		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
 		if regex.lstrip() == '':
 			raise RegexException("Cannot add empty regex")
 		try: