Merge commit '0.9.1-44-gd65c4f8' into debian

* commit '0.9.1-44-gd65c4f8': (31 commits) moved debian's initd file to files/debian-initd from debian branch Update ChangeLog Monit config BF: adjusted for new IP of example.com downcase example Added an item to "Fixes" postfix-sasl failregex case insensitive clean all after test setup (removes a build directory in current root of fail2ban) exim filter: correct failregex for exim with extended log options small fix: no cover for failed case testSetupInstallRoot will be always skipped, because of "wrong" location of 'setup.py'; better and scalable solution for gh-867 (and gh-868), using only name convention like %(known/failregex)s to add custom expressions, so no interface changes in jail.conf are necessary (for example see test-known-interp in test cases); Changelog entry for preceding fix Separate php-url-fopen logpath by newline python 2.6 compatibility: preventing RuntimeError: dictionary changed size during iteration. interpolation of config readers extended with `%(known/parameter)s`. (means last known option with name `parameter`). test cases extended (now correct) BF: failregex declared direct in jail was joined to single line, (specifying of multiple expressions was not possible); feature request (gh-867): new options for jail introduced addfailregex/addignoreregex: extends regex specified in filter (opposite to failregex/ignoreregex that overwrites it); Add ignoreregex to avoid warning on start Add ignoreregex to avoid warning on start ...
2014-12-30 16:46:11 -05:00 · 2014-12-30 16:46:11 -05:00 · bfadd0100b
parent 47f331ef28 d65c4f8f5d
commit bfadd0100b
34 changed files with 600 additions and 137 deletions
--- a/31
+++ b/31
@ -4,9 +4,38 @@
                       |_| \__,_|_|_/___|_.__/\__,_|_||_|

 ================================================================================
-Fail2Ban (version 0.9.1)                                              2014/10/29
+Fail2Ban (version 0.9.1.dev)                                          2014/10/29
 ================================================================================

+ver. 0.9.2 (2014/XX/XXX) - wanna-be-released
+-----------
+
+- Fixes:
+   * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255
+   * grep'ing for IP in *mail-whois-lines.conf should now match also
+     at the begginning and EOL.  Thanks Dean Lee
+   * jail.conf
+     - php-url-fopen: separate logpath entries by newline
+   * failregex declared direct in jail was joined to single line (specifying of
+     multiple expressions was not possible).
+   * filters.d/exim.conf - cover different settings of exim logs
+     details. Thanks bes.internal
+   * filter.d/postfix-sasl.conf - failregex is now case insensitive
+
+- New Features:
+   - New interpolation feature for config readers - `%(known/parameter)s`.
+     (means last known option with name `parameter`). This interpolation makes
+     possible to extend a stock filter or jail regexp in .local file
+     (opposite to simply set failregex/ignoreregex that overwrites it),
+     see gh-867.
+   - Monit config for fail2ban in /files/monit
+
+- Enhancements:
+   * Enable multiport for firewallcmd-new action.  Closes gh-834
+   * files/debian-initd migrated from the debian branch and should be
+     suitable for manual installations now (thanks Juan Karlo de Guzman)
+
+
 ver. 0.9.1 (2014/10/29) - better, faster, stronger
 ----------

--- a/1
+++ b/1
@ -328,6 +328,7 @@ man/fail2ban-server.h2m
 man/fail2ban-regex.1
 man/fail2ban-regex.h2m
 man/generate-man
+files/debian-initd
 files/gentoo-initd
 files/gentoo-confd
 files/redhat-initd
--- a/README.md
+++ b/README.md
@ -2,7 +2,7 @@
                        / _|__ _(_) |_  ) |__  __ _ _ _  
                       |  _/ _` | | |/ /| '_ \/ _` | ' \ 
                       |_| \__,_|_|_/___|_.__/\__,_|_||_|
-                       v0.9.1                  2014/10/29
+                       v0.9.1.dev              2014/??/??

 ## Fail2Ban: ban hosts that cause multiple authentication errors

--- a/14
+++ b/14
@ -61,24 +61,24 @@ Preparation

  * Which indicates that testcases/files/logs/mysqld.log has been moved or is a directory::

-      tar -C /tmp -jxf dist/fail2ban-0.9.1.tar.bz2
+      tar -C /tmp -jxf dist/fail2ban-0.9.2.tar.bz2

 * clean up current direcory::

-    diff -rul --exclude \*.pyc . /tmp/fail2ban-0.9.1/
+    diff -rul --exclude \*.pyc . /tmp/fail2ban-0.9.2/

  * Only differences should be files that you don't want distributed.


 * Ensure the tests work from the tarball::

-    cd /tmp/fail2ban-0.9.1/ && export PYTHONPATH=`pwd` && bin/fail2ban-testcases
+    cd /tmp/fail2ban-0.9.2/ && export PYTHONPATH=`pwd` && bin/fail2ban-testcases

 * Add/finalize the corresponding entry in the ChangeLog

  * To generate a list of committers use e.g.::

-      git shortlog -sn 0.9.1.. | sed -e 's,^[ 0-9\t]*,,g' | tr '\n' '\|' | sed -e 's:|:, :g'
+      git shortlog -sn 0.9.2.. | sed -e 's,^[ 0-9\t]*,,g' | tr '\n' '\|' | sed -e 's:|:, :g'

  * Ensure the top of the ChangeLog has the right version and current date.
  * Ensure the top entry of the ChangeLog has the right version and current date.
@ -101,7 +101,7 @@ Preparation
 * Tag the release by using a signed (and annotated) tag.  Cut/paste
  release ChangeLog entry as tag annotation::

-    git tag -s 0.9.1
+    git tag -s 0.9.2

 Pre Release
 ===========
@ -144,7 +144,7 @@ Pre Release

    * https://bugs.mageia.org/buglist.cgi?quicksearch=fail2ban

-  * An potentially to the fail2ban-users email list.
+  * And potentially to the fail2ban-users email list.


 * Wait for feedback from distributors
@ -185,7 +185,7 @@ Post Release

 Add the following to the top of the ChangeLog::

-  ver. 0.9.2 (2014/XX/XXX) - wanna-be-released
+  ver. 0.9.3 (2014/XX/XXX) - wanna-be-released
  -----------
  
  - Fixes:
--- a/config/action.d/firewallcmd-new.conf
+++ b/config/action.d/firewallcmd-new.conf
@ -10,9 +10,9 @@ before = iptables-common.conf

 actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
              firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
-              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>

-actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
             firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
             firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>

@ -43,7 +43,7 @@ chain = INPUT_direct
 # success
 # $ firewall-cmd --direct --add-rule ipv4 filter fail2ban-name 1000 -j RETURN
 # success
-# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp --dport 22 -j fail2ban-name
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 22 -j fail2ban-name
 # success
 # $ firewall-cmd --direct --get-chains ipv4 filter
 # fail2ban-name
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@ -42,7 +42,7 @@ actionban = printf %%b "Hi,\n
            Here is more information about <ip>:\n
            `whois <ip> || echo missing whois program`\n\n
            Lines containing IP:<ip> in <logpath>\n
-            `grep '[^0-9]<ip>[^0-9]' <logpath>`\n\n
+            `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
            Regards,\n
            Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from  `uname -n`" <dest>

--- a/config/action.d/sendmail-whois-lines.conf
+++ b/config/action.d/sendmail-whois-lines.conf
@ -26,7 +26,7 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
            Here is more information about <ip>:\n
            `/usr/bin/whois <ip> || echo missing whois program`\n\n
            Lines containing IP:<ip> in <logpath>\n
-            `grep '[^0-9]<ip>[^0-9]' <logpath>`\n\n
+            `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
            Regards,\n
            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>

--- a/config/filter.d/exim.conf
+++ b/config/filter.d/exim.conf
@ -14,10 +14,10 @@ before = exim-common.conf
 [Definition]

 failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
-             ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\]: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
+             ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
             ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$
             ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
-             ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\]:\d+ )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
+             ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands \(last was "\S+"\)\s*$

 ignoreregex = 

--- a/config/filter.d/named-refused.conf
+++ b/config/filter.d/named-refused.conf
@ -38,6 +38,8 @@ failregex = ^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: (vie
            ^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: zone transfer '\S+/AXFR/\w+' denied\s*$
            ^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: bad zone transfer request: '\S+/IN': non-authoritative zone \(NOTAUTH\)\s*$

+ignoreregex =
+
 # DEV Notes:
 # Trying to generalize the
 #          structure which is general to capture general patterns in log
--- a/config/filter.d/postfix-sasl.conf
+++ b/config/filter.d/postfix-sasl.conf
@ -9,7 +9,7 @@ before = common.conf

 _daemon = postfix/(submission/)?smtp(d|s)

-failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
+failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$

 ignoreregex = 

--- a/config/filter.d/recidive.conf
+++ b/config/filter.d/recidive.conf
@ -29,6 +29,8 @@ _jailname = recidive

 failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$

+ignoreregex = 
+
 [Init]

 journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
--- a/config/jail.conf
+++ b/config/jail.conf
@ -286,7 +286,7 @@ maxretry = 2
 [apache-shellshock]

 port    = http,https
-logpath = $(apache_error_log)s
+logpath = %(apache_error_log)s
 maxretry = 1

 [nginx-http-auth]
@ -302,7 +302,8 @@ logpath = %(nginx_error_log)s
 [php-url-fopen]

 port    = http,https
-logpath = %(nginx_access_log)s %(apache_access_log)s
+logpath = %(nginx_access_log)s
+          %(apache_access_log)s


 [suhosin]
@ -723,4 +724,4 @@ port = 2222
 [portsentry]
 enabled  = false
 logpath  = /var/lib/portsentry/portsentry.history
-maxretry = 1
+maxretry = 1
--- a/fail2ban/client/configparserinc.py
+++ b/fail2ban/client/configparserinc.py
@ -226,6 +226,13 @@ after = 1.conf
 						if isinstance(s, dict):
 							s2 = alls.get(n)
 							if isinstance(s2, dict):
+								# save previous known values, for possible using in local interpolations later:
+								sk = {}
+								for k, v in s2.iteritems():
+									if not k.startswith('known/'):
+										sk['known/'+k] = v
+								s2.update(sk)
+								# merge section
 								s2.update(s)
 							else:
 								alls[n] = s.copy()
@ -242,3 +249,12 @@ after = 1.conf
 			return SafeConfigParser.read(self, fileNamesFull, encoding='utf-8')
 		else:
 			return SafeConfigParser.read(self, fileNamesFull)
+
+	def merge_section(self, section, options, pref='known/'):
+		alls = self.get_sections()
+		sk = {}
+		for k, v in options.iteritems():
+			if pref == '' or not k.startswith(pref):
+				sk[pref+k] = v
+		alls[section].update(sk)
+
--- a/fail2ban/client/configreader.py
+++ b/fail2ban/client/configreader.py
@ -116,6 +116,10 @@ class ConfigReader():
 			return self._cfg.has_section(sec)
 		return False

+	def merge_section(self, *args, **kwargs):
+		if self._cfg is not None:
+			return self._cfg.merge_section(*args, **kwargs)
+
 	def options(self, *args):
 		if self._cfg is not None:
 			return self._cfg.options(*args)
--- a/fail2ban/client/filterreader.py
+++ b/fail2ban/client/filterreader.py
@ -46,13 +46,21 @@ class FilterReader(DefinitionInitConfigReader):
 	
 	def getFile(self):
 		return self.__file
-	
-	def convert(self):
-		stream = list()
+
+	def getCombined(self):
 		combinedopts = dict(list(self._opts.items()) + list(self._initOpts.items()))
+		if not len(combinedopts):
+			return {};
 		opts = CommandAction.substituteRecursiveTags(combinedopts)
 		if not opts:
 			raise ValueError('recursive tag definitions unable to be resolved')
+		return opts;
+	
+	def convert(self):
+		stream = list()
+		opts = self.getCombined()
+		if not len(opts):
+			return stream;
 		for opt, value in opts.iteritems():
 			if opt == "failregex":
 				for regex in value.split('\n'):
--- a/fail2ban/client/jailreader.py
+++ b/fail2ban/client/jailreader.py
@ -87,6 +87,8 @@ class JailReader(ConfigReader):
 		return pathList

 	def getOptions(self):
+		opts1st = [["bool", "enabled", False],
+				["string", "filter", ""]]
 		opts = [["bool", "enabled", False],
 				["string", "logpath", None],
 				["string", "logencoding", None],
@ -101,7 +103,9 @@ class JailReader(ConfigReader):
 				["string", "ignoreip", None],
 				["string", "filter", ""],
 				["string", "action", ""]]
-		self.__opts = ConfigReader.getOptions(self, self.__name, opts)
+
+		# Read first options only needed for merge defaults ('known/...' from filter):
+		self.__opts = ConfigReader.getOptions(self, self.__name, opts1st)
 		if not self.__opts:
 			return False
 		
@ -113,14 +117,24 @@ class JailReader(ConfigReader):
 				self.__filter = FilterReader(
 					filterName, self.__name, filterOpt, share_config=self.share_config, basedir=self.getBaseDir())
 				ret = self.__filter.read()
-				if ret:
-					self.__filter.getOptions(self.__opts)
-				else:
+				# merge options from filter as 'known/...':
+				self.__filter.getOptions(self.__opts)
+				ConfigReader.merge_section(self, self.__name, self.__filter.getCombined(), 'known/')
+				if not ret:
 					logSys.error("Unable to read the filter")
 					return False
 			else:
 				self.__filter = None
 				logSys.warning("No filter set for jail %s" % self.__name)
+
+			# Read second all options (so variables like %(known/param) can be interpolated):
+			self.__opts = ConfigReader.getOptions(self, self.__name, opts)
+			if not self.__opts:
+				return False
+		
+			# cumulate filter options again (ignore given in jail):
+			if self.__filter:
+				self.__filter.getOptions(self.__opts)
 		
 			# Read action
 			for act in self.__opts["action"].split('\n'):
@ -202,7 +216,10 @@ class JailReader(ConfigReader):
 			elif opt == "usedns":
 				stream.append(["set", self.__name, "usedns", self.__opts[opt]])
 			elif opt == "failregex":
-				stream.append(["set", self.__name, "addfailregex", self.__opts[opt]])
+				for regex in self.__opts[opt].split('\n'):
+					# Do not send a command if the rule is empty.
+					if regex != '':
+						stream.append(["set", self.__name, "addfailregex", regex])
 			elif opt == "ignorecommand":
 				stream.append(["set", self.__name, "ignorecommand", self.__opts[opt]])
 			elif opt == "ignoreregex":
--- a/fail2ban/server/actions.py
+++ b/fail2ban/server/actions.py
@ -243,6 +243,45 @@ class Actions(JailThread, Mapping):
 		logSys.debug(self._jail.name + ": action terminated")
 		return True

+	def __getBansMerged(self, mi, overalljails=False):
+		"""Gets bans merged once, a helper for lambda(s), prevents stop of executing action by any exception inside.
+
+		This function never returns None for ainfo lambdas - always a ticket (merged or single one)
+		and prevents any errors through merging (to guarantee ban actions will be executed).
+		[TODO] move merging to observer - here we could wait for merge and read already merged info from a database
+
+		Parameters
+		----------
+		mi : dict
+			merge info, initial for lambda should contains {ip, ticket}
+		overalljails : bool
+			switch to get a merged bans :
+			False - (default) bans merged for current jail only
+			True - bans merged for all jails of current ip address
+
+		Returns
+		-------
+		BanTicket 
+			merged or self ticket only
+		"""
+		idx = 'all' if overalljails else 'jail'
+		if idx in mi:
+			return mi[idx] if mi[idx] is not None else mi['ticket']
+		try:
+			jail=self._jail
+			ip=mi['ip']
+			mi[idx] = None
+			if overalljails:
+				mi[idx] = jail.database.getBansMerged(ip=ip)
+			else:
+				mi[idx] = jail.database.getBansMerged(ip=ip, jail=jail)
+		except Exception as e:
+			logSys.error(
+				"Failed to get %s bans merged, jail '%s': %s",
+				idx, jail.name, e,
+				exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)
+		return mi[idx] if mi[idx] is not None else mi['ticket']
+
 	def __checkBan(self):
 		"""Check for IP address to ban.

@ -264,14 +303,12 @@ class Actions(JailThread, Mapping):
 			aInfo["time"] = bTicket.getTime()
 			aInfo["matches"] = "\n".join(bTicket.getMatches())
 			if self._jail.database is not None:
-				aInfo["ipmatches"] = lambda jail=self._jail: "\n".join(
-					jail.database.getBansMerged(ip=ip).getMatches())
-				aInfo["ipjailmatches"] = lambda jail=self._jail: "\n".join(
-					jail.database.getBansMerged(ip=ip, jail=jail).getMatches())
-				aInfo["ipfailures"] = lambda jail=self._jail: \
-					jail.database.getBansMerged(ip=ip).getAttempt()
-				aInfo["ipjailfailures"] = lambda jail=self._jail: \
-					jail.database.getBansMerged(ip=ip, jail=jail).getAttempt()
+				mi4ip = lambda overalljails=False, self=self, \
+					mi={'ip':ip, 'ticket':bTicket}: self.__getBansMerged(mi, overalljails)
+				aInfo["ipmatches"]      = lambda: "\n".join(mi4ip(True).getMatches())
+				aInfo["ipjailmatches"]  = lambda: "\n".join(mi4ip().getMatches())
+				aInfo["ipfailures"]     = lambda: mi4ip(True).getAttempt()
+				aInfo["ipjailfailures"] = lambda: mi4ip().getAttempt()
 			if self.__banManager.addBanTicket(bTicket):
 				logSys.notice("[%s] Ban %s" % (self._jail.name, aInfo["ip"]))
 				for name, action in self._actions.iteritems():
--- a/fail2ban/server/database.py
+++ b/fail2ban/server/database.py
@ -27,7 +27,7 @@ import sqlite3
 import json
 import locale
 from functools import wraps
-from threading import Lock
+from threading import RLock

 from .mytime import MyTime
 from .ticket import FailTicket
@ -123,7 +123,7 @@ class Fail2BanDb(object):

 	def __init__(self, filename, purgeAge=24*60*60):
 		try:
-			self._lock = Lock()
+			self._lock = RLock()
 			self._db = sqlite3.connect(
 				filename, check_same_thread=False,
 				detect_types=sqlite3.PARSE_DECLTYPES)
@ -365,6 +365,10 @@ class Fail2BanDb(object):
 			del self._bansMergedCache[(ticket.getIP(), jail)]
 		except KeyError:
 			pass
+		try:
+			del self._bansMergedCache[(ticket.getIP(), None)]
+		except KeyError:
+			pass
 		#TODO: Implement data parts once arbitrary match keys completed
 		cur.execute(
 			"INSERT INTO bans(jail, ip, timeofban, data) VALUES(?, ?, ?, ?)",
@ -455,40 +459,41 @@ class Fail2BanDb(object):
 			in a list. When `ip` argument passed, a single `Ticket` is
 			returned.
 		"""
-		cacheKey = None
-		if bantime is None or bantime < 0:
-			cacheKey = (ip, jail)
-			if cacheKey in self._bansMergedCache:
-				return self._bansMergedCache[cacheKey]
+		with self._lock:
+			cacheKey = None
+			if bantime is None or bantime < 0:
+				cacheKey = (ip, jail)
+				if cacheKey in self._bansMergedCache:
+					return self._bansMergedCache[cacheKey]

-		tickets = []
-		ticket = None
+			tickets = []
+			ticket = None

-		results = list(self._getBans(ip=ip, jail=jail, bantime=bantime))
-		if results:
-			prev_banip = results[0][0]
-			matches = []
-			failures = 0
-			for banip, timeofban, data in results:
-				#TODO: Implement data parts once arbitrary match keys completed
-				if banip != prev_banip:
-					ticket = FailTicket(prev_banip, prev_timeofban, matches)
-					ticket.setAttempt(failures)
-					tickets.append(ticket)
-					# Reset variables
-					prev_banip = banip
-					matches = []
-					failures = 0
-				matches.extend(data['matches'])
-				failures += data['failures']
-				prev_timeofban = timeofban
-			ticket = FailTicket(banip, prev_timeofban, matches)
-			ticket.setAttempt(failures)
-			tickets.append(ticket)
+			results = list(self._getBans(ip=ip, jail=jail, bantime=bantime))
+			if results:
+				prev_banip = results[0][0]
+				matches = []
+				failures = 0
+				for banip, timeofban, data in results:
+					#TODO: Implement data parts once arbitrary match keys completed
+					if banip != prev_banip:
+						ticket = FailTicket(prev_banip, prev_timeofban, matches)
+						ticket.setAttempt(failures)
+						tickets.append(ticket)
+						# Reset variables
+						prev_banip = banip
+						matches = []
+						failures = 0
+					matches.extend(data['matches'])
+					failures += data['failures']
+					prev_timeofban = timeofban
+				ticket = FailTicket(banip, prev_timeofban, matches)
+				ticket.setAttempt(failures)
+				tickets.append(ticket)

-		if cacheKey:
-			self._bansMergedCache[cacheKey] = tickets if ip is None else ticket
-		return tickets if ip is None else ticket
+			if cacheKey:
+				self._bansMergedCache[cacheKey] = tickets if ip is None else ticket
+			return tickets if ip is None else ticket

 	@commitandrollback
 	def purge(self, cur):
--- a/fail2ban/server/filtersystemd.py
+++ b/fail2ban/server/filtersystemd.py
@ -167,9 +167,10 @@ class FilterSystemd(JournalFilter): # pragma: systemd no cover
 			logelements.append(logentry['_HOSTNAME'])
 		if logentry.get('SYSLOG_IDENTIFIER'):
 			logelements.append(logentry['SYSLOG_IDENTIFIER'])
-			if logentry.get('SYSLOG_PID') or logentry.get('_PID'):
-				logelements[-1] += ("[%i]" % logentry.get(
-					'SYSLOG_PID', logentry['_PID']))
+			if logentry.get('SYSLOG_PID'):
+				logelements[-1] += ("[%i]" % logentry['SYSLOG_PID'])
+			elif logentry.get('_PID'):
+				logelements[-1] += ("[%i]" % logentry['_PID'])
 			logelements[-1] += ":"
 		elif logentry.get('_COMM'):
 			logelements.append(logentry['_COMM'])
--- a/fail2ban/tests/clientreadertestcase.py
+++ b/fail2ban/tests/clientreadertestcase.py
@ -155,12 +155,16 @@ c = d ;in line comment

 class JailReaderTest(LogCaptureTestCase):

+	def __init__(self, *args, **kwargs):
+		super(JailReaderTest, self).__init__(*args, **kwargs)
+		self.__share_cfg = {}
+
 	def testIncorrectJail(self):
-		jail = JailReader('XXXABSENTXXX', basedir=CONFIG_DIR)
+		jail = JailReader('XXXABSENTXXX', basedir=CONFIG_DIR, share_config = self.__share_cfg)
 		self.assertRaises(ValueError, jail.read)
 		
 	def testJailActionEmpty(self):
-		jail = JailReader('emptyaction', basedir=IMPERFECT_CONFIG)
+		jail = JailReader('emptyaction', basedir=IMPERFECT_CONFIG, share_config = self.__share_cfg)
 		self.assertTrue(jail.read())
 		self.assertTrue(jail.getOptions())
 		self.assertTrue(jail.isEnabled())
@ -168,7 +172,7 @@ class JailReaderTest(LogCaptureTestCase):
 		self.assertTrue(self._is_logged('No actions were defined for emptyaction'))

 	def testJailActionFilterMissing(self):
-		jail = JailReader('missingbitsjail', basedir=IMPERFECT_CONFIG)
+		jail = JailReader('missingbitsjail', basedir=IMPERFECT_CONFIG, share_config = self.__share_cfg)
 		self.assertTrue(jail.read())
 		self.assertFalse(jail.getOptions())
 		self.assertTrue(jail.isEnabled())
@ -176,7 +180,7 @@ class JailReaderTest(LogCaptureTestCase):
 		self.assertTrue(self._is_logged('Unable to read the filter'))

 	def TODOtestJailActionBrokenDef(self):
-		jail = JailReader('brokenactiondef', basedir=IMPERFECT_CONFIG)
+		jail = JailReader('brokenactiondef', basedir=IMPERFECT_CONFIG, share_config = self.__share_cfg)
 		self.assertTrue(jail.read())
 		self.assertFalse(jail.getOptions())
 		self.assertTrue(jail.isEnabled())
@ -187,7 +191,7 @@ class JailReaderTest(LogCaptureTestCase):

 	if STOCK:
 		def testStockSSHJail(self):
-			jail = JailReader('sshd', basedir=CONFIG_DIR) # we are running tests from root project dir atm
+			jail = JailReader('sshd', basedir=CONFIG_DIR, share_config = self.__share_cfg) # we are running tests from root project dir atm
 			self.assertTrue(jail.read())
 			self.assertTrue(jail.getOptions())
 			self.assertFalse(jail.isEnabled())
@ -411,13 +415,17 @@ class JailsReaderTestCache(LogCaptureTestCase):

 class JailsReaderTest(LogCaptureTestCase):

+	def __init__(self, *args, **kwargs):
+		super(JailsReaderTest, self).__init__(*args, **kwargs)
+		self.__share_cfg = {}
+
 	def testProvidingBadBasedir(self):
 		if not os.path.exists('/XXX'):
 			reader = JailsReader(basedir='/XXX')
 			self.assertRaises(ValueError, reader.read)

 	def testReadTestJailConf(self):
-		jails = JailsReader(basedir=IMPERFECT_CONFIG)
+		jails = JailsReader(basedir=IMPERFECT_CONFIG, share_config=self.__share_cfg)
 		self.assertTrue(jails.read())
 		self.assertFalse(jails.getOptions())
 		self.assertRaises(ValueError, jails.convert)
@ -425,6 +433,11 @@ class JailsReaderTest(LogCaptureTestCase):
 		self.maxDiff = None
 		self.assertEqual(sorted(comm_commands),
 			sorted([['add', 'emptyaction', 'auto'],
+			 ['add', 'test-known-interp', 'auto'],
+			 ['set', 'test-known-interp', 'addfailregex', 'failure test 1 (filter.d/test.conf) <HOST>'],
+			 ['set', 'test-known-interp', 'addfailregex', 'failure test 2 (filter.d/test.local) <HOST>'],
+			 ['set', 'test-known-interp', 'addfailregex', 'failure test 3 (jail.local) <HOST>'],
+			 ['start', 'test-known-interp'],
 			 ['add', 'missinglogfiles', 'auto'],
 			 ['set', 'missinglogfiles', 'addfailregex', '<IP>'],
 			 ['add', 'brokenaction', 'auto'],
@ -447,7 +460,7 @@ class JailsReaderTest(LogCaptureTestCase):

 	if STOCK:
 		def testReadStockJailConf(self):
-			jails = JailsReader(basedir=CONFIG_DIR) # we are running tests from root project dir atm
+			jails = JailsReader(basedir=CONFIG_DIR, share_config=self.__share_cfg) # we are running tests from root project dir atm
 			self.assertTrue(jails.read())		  # opens fine
 			self.assertTrue(jails.getOptions())	  # reads fine
 			comm_commands = jails.convert()
@ -508,7 +521,7 @@ class JailsReaderTest(LogCaptureTestCase):

 		# Verify that all filters found under config/ have a jail
 		def testReadStockJailFilterComplete(self):
-			jails = JailsReader(basedir=CONFIG_DIR, force_enable=True)
+			jails = JailsReader(basedir=CONFIG_DIR, force_enable=True, share_config=self.__share_cfg)
 			self.assertTrue(jails.read())             # opens fine
 			self.assertTrue(jails.getOptions())       # reads fine
 			# grab all filter names
@ -525,7 +538,7 @@ class JailsReaderTest(LogCaptureTestCase):
 		def testReadStockJailConfForceEnabled(self):
 			# more of a smoke test to make sure that no obvious surprises
 			# on users' systems when enabling shipped jails
-			jails = JailsReader(basedir=CONFIG_DIR, force_enable=True) # we are running tests from root project dir atm
+			jails = JailsReader(basedir=CONFIG_DIR, force_enable=True, share_config=self.__share_cfg) # we are running tests from root project dir atm
 			self.assertTrue(jails.read())		  # opens fine
 			self.assertTrue(jails.getOptions())	  # reads fine
 			comm_commands = jails.convert(allow_no_files=True)
@ -620,7 +633,7 @@ action = testaction1[actname=test1]
 filter = testfilter1
 """)
 		jailfd.close()
-		jails = JailsReader(basedir=basedir)
+		jails = JailsReader(basedir=basedir, share_config=self.__share_cfg)
 		self.assertTrue(jails.read())
 		self.assertTrue(jails.getOptions())
 		comm_commands = jails.convert(allow_no_files=True)
--- a/fail2ban/tests/config/filter.d/test.conf
+++ b/fail2ban/tests/config/filter.d/test.conf
@ -0,0 +1,6 @@
+#[INCLUDES]
+#before = common.conf
+
+[Definition]
+failregex = failure test 1 (filter.d/test.conf) <HOST>
+
--- a/fail2ban/tests/config/filter.d/test.local
+++ b/fail2ban/tests/config/filter.d/test.local
@ -0,0 +1,7 @@
+#[INCLUDES]
+#before = common.conf
+
+[Definition]
+failregex = %(known/failregex)s
+            failure test 2 (filter.d/test.local) <HOST>
+
--- a/fail2ban/tests/config/jail.conf
+++ b/fail2ban/tests/config/jail.conf
@ -13,6 +13,12 @@ failregex = <IP>
 ignoreregex =
 ignoreip =

+[test-known-interp]
+enabled = true
+filter = test
+failregex = %(known/failregex)s
+            failure test 3 (jail.local) <HOST>
+
 [missinglogfiles]
 enabled = true
 logpath = /weapons/of/mass/destruction
--- a/fail2ban/tests/databasetestcase.py
+++ b/fail2ban/tests/databasetestcase.py
@ -32,18 +32,21 @@ import shutil
 from ..server.filter import FileContainer
 from ..server.mytime import MyTime
 from ..server.ticket import FailTicket
+from ..server.actions import Actions
 from .dummyjail import DummyJail
 try:
 	from ..server.database import Fail2BanDb
 except ImportError:
 	Fail2BanDb = None
+from .utils import LogCaptureTestCase

 TEST_FILES_DIR = os.path.join(os.path.dirname(__file__), "files")

-class DatabaseTest(unittest.TestCase):
+class DatabaseTest(LogCaptureTestCase):

 	def setUp(self):
 		"""Call before every test case."""
+		super(DatabaseTest, self).setUp()
 		if Fail2BanDb is None and sys.version_info >= (2,7): # pragma: no cover
 			raise unittest.SkipTest(
 				"Unable to import fail2ban database module as sqlite is not "
@ -55,6 +58,7 @@ class DatabaseTest(unittest.TestCase):

 	def tearDown(self):
 		"""Call after every test case."""
+		super(DatabaseTest, self).tearDown()
 		if Fail2BanDb is None: # pragma: no cover
 			return
 		# Cleanup
@ -267,6 +271,22 @@ class DatabaseTest(unittest.TestCase):
 		tickets = self.db.getBansMerged(bantime=-1)
 		self.assertEqual(len(tickets), 2)

+	def testActionWithDB(self):
+		# test action together with database functionality
+		self.testAddJail() # Jail required
+		self.jail.database = self.db;
+		actions = Actions(self.jail)
+		actions.add(
+			"action_checkainfo",
+			os.path.join(TEST_FILES_DIR, "action.d/action_checkainfo.py"),
+			{})
+		ticket = FailTicket("1.2.3.4", MyTime.time(), ['test', 'test'])
+		ticket.setAttempt(5)
+		self.jail.putFailTicket(ticket)
+		actions._Actions__checkBan()
+		self.assertTrue(self._is_logged("ban ainfo %s, %s, %s, %s" % (True, True, True, True)))
+
+
 	def testPurge(self):
 		if Fail2BanDb is None: # pragma: no cover
 			return
--- a/fail2ban/tests/files/action.d/action_checkainfo.py
+++ b/fail2ban/tests/files/action.d/action_checkainfo.py
@ -0,0 +1,14 @@
+
+from fail2ban.server.action import ActionBase
+
+class TestAction(ActionBase):
+
+    def ban(self, aInfo):
+        self._logSys.info("ban ainfo %s, %s, %s, %s",
+          aInfo["ipmatches"] != '', aInfo["ipjailmatches"] != '', aInfo["ipfailures"] > 0, aInfo["ipjailfailures"] > 0
+        )
+
+    def unban(self, aInfo):
+        pass
+
+Action = TestAction
--- a/fail2ban/tests/files/logs/exim
+++ b/fail2ban/tests/files/logs/exim
@ -40,3 +40,6 @@

 # failJSON: { "time": "2014-01-12T02:07:48", "match": true , "host": "85.214.85.40" }
 2014-01-12 02:07:48 dovecot_login authenticator failed for h1832461.stratoserver.net (User) [85.214.85.40]: 535 Incorrect authentication data (set_id=scanner)
+
+# failJSON: { "time": "2014-12-02T03:00:23", "match": true , "host": "193.254.202.35" }
+2014-12-02 03:00:23 auth_plain authenticator failed for (rom182) [193.254.202.35]:41556 I=[10.0.0.1]:25: 535 Incorrect authentication data (set_id=webmaster)
--- a/fail2ban/tests/files/logs/postfix-sasl
+++ b/fail2ban/tests/files/logs/postfix-sasl
@ -8,3 +8,7 @@ Mar 10 13:33:30 gandalf postfix/smtpd[3937]: warning: HOSTNAME[1.1.1.1]: SASL LO
 #3 Example from postfix post-debian changes to rename to add "submission" to syslog name
 # failJSON: { "time": "2004-09-06T00:44:56", "match": true , "host": "82.221.106.233" }
 Sep  6 00:44:56 trianon postfix/submission/smtpd[11538]: warning: unknown[82.221.106.233]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
+
+#4 Example from postfix post-debian changes to rename to add "submission" to syslog name + downcase
+# failJSON: { "time": "2004-09-06T00:44:57", "match": true , "host": "82.221.106.233" }
+Sep  6 00:44:57 trianon postfix/submission/smtpd[11538]: warning: unknown[82.221.106.233]: SASL login authentication failed: UGFzc3dvcmQ6
--- a/fail2ban/tests/files/testcase-usedns.log
+++ b/fail2ban/tests/files/testcase-usedns.log
@ -1,2 +1,2 @@
 Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2
-Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.119 port 51332 ssh2
+Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2
--- a/fail2ban/tests/filtertestcase.py
+++ b/fail2ban/tests/filtertestcase.py
@ -888,12 +888,12 @@ class GetFailures(unittest.TestCase):

 	def testGetFailuresUseDNS(self):
 		# We should still catch failures with usedns = no ;-)
-		output_yes = ('93.184.216.119', 2, 1124013539.0,
+		output_yes = ('93.184.216.34', 2, 1124013539.0,
 					  [u'Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2',
-					   u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.119 port 51332 ssh2'])
+					   u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2'])

-		output_no = ('93.184.216.119', 1, 1124013539.0,
-					  [u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.119 port 51332 ssh2'])
+		output_no = ('93.184.216.34', 1, 1124013539.0,
+					  [u'Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2'])

 		# Actually no exception would be raised -- it will be just set to 'no'
 		#self.assertRaises(ValueError,
@ -993,9 +993,9 @@ class DNSUtilsTests(unittest.TestCase):
 		res = DNSUtils.textToIp('www.example.com', 'no')
 		self.assertEqual(res, [])
 		res = DNSUtils.textToIp('www.example.com', 'warn')
-		self.assertEqual(res, ['93.184.216.119'])
+		self.assertEqual(res, ['93.184.216.34'])
 		res = DNSUtils.textToIp('www.example.com', 'yes')
-		self.assertEqual(res, ['93.184.216.119'])
+		self.assertEqual(res, ['93.184.216.34'])

 	def testTextToIp(self):
 		# Test hostnames
@ -1007,7 +1007,7 @@ class DNSUtilsTests(unittest.TestCase):
 		for s in hostnames:
 			res = DNSUtils.textToIp(s, 'yes')
 			if s == 'www.example.com':
-				self.assertEqual(res, ['93.184.216.119'])
+				self.assertEqual(res, ['93.184.216.34'])
 			else:
 				self.assertEqual(res, [])

--- a/fail2ban/tests/misctestcase.py
+++ b/fail2ban/tests/misctestcase.py
@ -55,21 +55,12 @@ class HelpersTest(unittest.TestCase):
 			# might be fragile due to ' vs "
 			self.assertEqual(args, "('Very bad', None)")

-# based on
-# http://stackoverflow.com/questions/2186525/use-a-glob-to-find-files-recursively-in-python
-def recursive_glob(treeroot, pattern):
-	results = []
-	for base, dirs, files in os.walk(treeroot):
-		goodfiles = fnmatch.filter(dirs + files, pattern)
-		results.extend(os.path.join(base, f) for f in goodfiles)
-	return results
-
 class SetupTest(unittest.TestCase):

 	def setUp(self):
-		setup = os.path.join(os.path.dirname(__file__), '..', 'setup.py')
+		setup = os.path.join(os.path.dirname(__file__), '..', '..', 'setup.py')
 		self.setup = os.path.exists(setup) and setup or None
-		if not self.setup and sys.version_info >= (2,7): # running not out of the source
+		if not self.setup and sys.version_info >= (2,7): # pragma: no cover - running not out of the source
 			raise unittest.SkipTest(
 				"Seems to be running not out of source distribution"
 				" -- cannot locate setup.py")
@ -77,42 +68,53 @@ class SetupTest(unittest.TestCase):
 	def testSetupInstallRoot(self):
 		if not self.setup: return			  # if verbose skip didn't work out
 		tmp = tempfile.mkdtemp()
-		os.system("%s %s install --root=%s >/dev/null"
-				  % (sys.executable, self.setup, tmp))
+		try:
+			os.system("%s %s install --root=%s >/dev/null"
+					  % (sys.executable, self.setup, tmp))

-		def addpath(l):
-			return [os.path.join(tmp, x) for x in l]
+			def strippath(l):
+				return [x[len(tmp)+1:] for x in l]

-		def strippath(l):
-			return [x[len(tmp)+1:] for x in l]
+			got = strippath(sorted(glob('%s/*' % tmp)))
+			need = ['etc', 'usr', 'var']

-		got = strippath(sorted(glob('%s/*' % tmp)))
-		need = ['etc', 'usr', 'var']
+			# if anything is missing
+			if set(need).difference(got): # pragma: no cover
+				#  below code was actually to print out not missing but
+				#  rather files in 'excess'.  Left in place in case we
+				#  decide to revert to such more strict test

-		# if anything is missing
-		if set(need).difference(got):
-			#  below code was actually to print out not missing but
-			#  rather files in 'excess'.  Left in place in case we
-			#  decide to revert to such more strict test
-			files = {}
-			for missing in set(got).difference(need):
-				missing_full = os.path.join(tmp, missing)
-				files[missing] = os.path.exists(missing_full) \
-					and strippath(recursive_glob(missing_full, '*')) or None
+				# based on
+				# http://stackoverflow.com/questions/2186525/use-a-glob-to-find-files-recursively-in-python
+				def recursive_glob(treeroot, pattern):
+					results = []
+					for base, dirs, files in os.walk(treeroot):
+						goodfiles = fnmatch.filter(dirs + files, pattern)
+						results.extend(os.path.join(base, f) for f in goodfiles)
+					return results

-			self.assertEqual(
-				got, need,
-				msg="Got: %s Needed: %s under %s. Files under new paths: %s"
-				% (got, need, tmp, files))
+				files = {}
+				for missing in set(got).difference(need):
+					missing_full = os.path.join(tmp, missing)
+					files[missing] = os.path.exists(missing_full) \
+						and strippath(recursive_glob(missing_full, '*')) or None

-		# Assure presence of some files we expect to see in the installation
-		for f in ('etc/fail2ban/fail2ban.conf',
-				  'etc/fail2ban/jail.conf'):
-			self.assertTrue(os.path.exists(os.path.join(tmp, f)),
-							msg="Can't find %s" % f)
+				self.assertEqual(
+					got, need,
+					msg="Got: %s Needed: %s under %s. Files under new paths: %s"
+					% (got, need, tmp, files))

-		# clean up
-		shutil.rmtree(tmp)
+			# Assure presence of some files we expect to see in the installation
+			for f in ('etc/fail2ban/fail2ban.conf',
+					  'etc/fail2ban/jail.conf'):
+				self.assertTrue(os.path.exists(os.path.join(tmp, f)),
+								msg="Can't find %s" % f)
+		finally:
+			# clean up
+			shutil.rmtree(tmp)
+			# remove build directory
+			os.system("%s %s clean --all >/dev/null"
+					  % (sys.executable, self.setup))

 class TestsUtilsTest(unittest.TestCase):

--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@ -804,7 +804,7 @@ class RegexTests(unittest.TestCase):

 class _BadThread(JailThread):
 	def run(self):
-		int("ignore this exception -- raised for testing")
+		raise RuntimeError('run bad thread exception')

 class LoggingTests(LogCaptureTestCase):

@ -814,7 +814,15 @@ class LoggingTests(LogCaptureTestCase):
 		self.assertEqual(testLogSys.name, "fail2ban.name")

 	def testFail2BanExceptHook(self):
-		badThread = _BadThread()
-		badThread.start()
-		badThread.join()
-		self.assertTrue(self._is_logged("Unhandled exception"))
+		prev_exchook = sys.__excepthook__
+		x = []
+		sys.__excepthook__ = lambda *args: x.append(args)
+		try:
+			badThread = _BadThread()
+			badThread.start()
+			badThread.join()
+			self.assertTrue(self._is_logged("Unhandled exception"))
+		finally:
+			sys.__excepthook__ = prev_exchook
+		self.assertEqual(len(x), 1)
+		self.assertEqual(x[0][0], RuntimeError)
--- a/fail2ban/version.py
+++ b/fail2ban/version.py
@ -24,4 +24,4 @@ __author__ = "Cyril Jaquier, Yaroslav Halchenko, Steven Hiscocks, Daniel Black"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2014 Yaroslav Halchenko, 2013-2013 Steven Hiscocks, Daniel Black"
 __license__ = "GPL-v2+"

-version = "0.9.1"
+version = "0.9.1.dev"
--- a/files/debian-initd
+++ b/files/debian-initd
@ -0,0 +1,248 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          fail2ban
+# Required-Start:    $local_fs $remote_fs
+# Required-Stop:     $local_fs $remote_fs
+# Should-Start:      $time $network $syslog iptables firehol shorewall ipmasq arno-iptables-firewall iptables-persistent ferm
+# Should-Stop:       $network $syslog iptables firehol shorewall ipmasq arno-iptables-firewall iptables-persistent ferm
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Start/stop fail2ban
+# Description:       Start/stop fail2ban, a daemon scanning the log files and
+#                    banning potential attackers.
+### END INIT INFO
+
+# Author: Aaron Isotton <aaron@isotton.com>
+# Modified: by Yaroslav Halchenko <debian@onerussian.com>
+#  reindented + minor corrections + to work on sarge without modifications
+# Modified: by Glenn Aaldering <glenn@openvideo.nl>
+#  added exit codes for status command
+# Modified: by Juan Karlo de Guzman <jkarlodg@gmail.com>
+#  corrected the DAEMON's path and the SOCKFILE
+#  rename this file: (sudo) mv /etc/init.d/fail2ban.init /etc/init.d/fail2ban
+#  same with the logrotate file: (sudo) mv /etc/logrotate.d/fail2ban.logrotate /etc/logrotate.d/fail2ban
+#
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+DESC="authentication failure monitor"
+NAME=fail2ban
+
+# fail2ban-client is not a daemon itself but starts a daemon and
+# loads its with configuration
+DAEMON=/usr/local/bin/$NAME-client
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Ad-hoc way to parse out socket file name
+SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf /etc/$NAME/$NAME.local 2>/dev/null \
+          | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
+[ -z "$SOCKFILE" ] && SOCKFILE='/var/run/fail2ban.sock'
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Run as root by default.
+FAIL2BAN_USER=root
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+DAEMON_ARGS="$FAIL2BAN_OPTS"
+
+# Load the VERBOSE setting and other rcS variables
+[ -f /etc/default/rcS ] && . /etc/default/rcS
+
+# Predefine what can be missing from lsb source later on -- necessary to run
+# on sarge. Just present it in a bit more compact way from what was shipped
+log_daemon_msg () {
+	[ -z "$1" ] && return 1
+	echo -n "$1:"
+	[ -z "$2" ] || echo -n " $2"
+}
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+# Actually has to (>=2.0-7) present in sarge. log_daemon_msg is predefined
+#  so we must be ok
+. /lib/lsb/init-functions
+
+#
+# Shortcut function for abnormal init script interruption
+#
+report_bug()
+{
+	echo $*
+	echo "Please submit a bug report to Debian BTS (reportbug fail2ban)"
+	exit 1
+}
+
+#
+# Helper function to check if socket is present, which is often left after
+# abnormal exit of fail2ban and needs to be removed
+#
+check_socket()
+{
+	# Return
+	#	0 if socket is present and readable
+	#	1 if socket file is not present
+	#	2 if socket file is present but not readable
+	#	3 if socket file is present but is not a socket
+	[ -e "$SOCKFILE" ] || return 1
+	[ -r "$SOCKFILE" ] || return 2
+	[ -S "$SOCKFILE" ] || return 3
+	return 0
+}
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+	# Return
+	#	0 if daemon has been started
+	#	1 if daemon was already running
+	#	2 if daemon could not be started
+	do_status && return 1
+
+	if [ -e "$SOCKFILE" ]; then
+		log_failure_msg "Socket file $SOCKFILE is present"
+		[ "$1" = "force-start" ] \
+			&& log_success_msg "Starting anyway as requested" \
+			|| return 2
+		DAEMON_ARGS="$DAEMON_ARGS -x"
+	fi
+
+	# Assure that /var/run/fail2ban exists
+	[ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
+
+	if [ "$FAIL2BAN_USER" != "root" ]; then
+		# Make the socket directory, IP lists and fail2ban log
+		# files writable by fail2ban
+		chown "$FAIL2BAN_USER" /var/run/fail2ban
+		# Create the logfile if it doesn't exist
+		touch /var/log/fail2ban.log
+		chown "$FAIL2BAN_USER" /var/log/fail2ban.log
+		find /proc/net/xt_recent -name 'fail2ban-*' -exec chown "$FAIL2BAN_USER" {} \;
+	fi
+
+	start-stop-daemon --start --quiet --chuid "$FAIL2BAN_USER" --exec $DAEMON -- \
+		$DAEMON_ARGS start > /dev/null\
+		|| return 2
+
+	return 0
+}
+
+
+#
+# Function that checks the status of fail2ban and returns
+# corresponding code
+#
+do_status()
+{
+	$DAEMON ping > /dev/null 2>&1
+	return $?
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+	# Return
+	#	0 if daemon has been stopped
+	#	1 if daemon was already stopped
+	#	2 if daemon could not be stopped
+	#	other if a failure occurred
+	$DAEMON status > /dev/null 2>&1 || return 1
+	$DAEMON stop > /dev/null || return 2
+
+	# now we need actually to wait a bit since it might take time
+	# for server to react on client's stop request. Especially
+	# important for restart command on slow boxes
+	count=1
+	while do_status && [ $count -lt 60 ]; do
+		sleep 1
+		count=$(($count+1))
+	done
+	[ $count -lt 60 ] || return 3 # failed to stop
+
+	return 0
+}
+
+#
+# Function to reload configuration
+#
+do_reload() {
+	$DAEMON reload > /dev/null && return 0 || return 1
+	return 0
+}
+
+# yoh:
+# shortcut function to don't duplicate case statements and to don't use
+# bashisms (arrays). Fixes #368218
+#
+log_end_msg_wrapper()
+{
+	if [ "$3" != "no" ]; then
+		[ $1 -lt $2 ] && value=0 || value=1
+		log_end_msg $value
+	fi
+}
+
+command="$1"
+case "$command" in
+	start|force-start)
+		[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+		do_start "$command"
+		log_end_msg_wrapper $? 2 "$VERBOSE"
+		;;
+
+	stop)
+		[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+		do_stop
+		log_end_msg_wrapper $? 2 "$VERBOSE"
+		;;
+
+	restart|force-reload)
+		log_daemon_msg "Restarting $DESC" "$NAME"
+		do_stop
+		case "$?" in
+			0|1)
+				do_start
+				log_end_msg_wrapper $? 1 "always"
+				;;
+			*)
+				# Failed to stop
+				log_end_msg 1
+				;;
+ 		esac
+		;;
+
+	reload|force-reload)
+        log_daemon_msg "Reloading $DESC" "$NAME"
+        do_reload
+        log_end_msg $?
+        ;;
+
+	status)
+		log_daemon_msg "Status of $DESC"
+		do_status
+		case $? in
+			0)  log_success_msg " $NAME is running" ;;
+			255)
+				check_socket
+				case $? in
+					1)  log_failure_msg " $NAME is not running" && exit 3 ;;
+					0)  log_failure_msg " $NAME is not running but $SOCKFILE exists" && exit 3 ;;
+					2)  log_failure_msg " $SOCKFILE not readable, status of $NAME is unknown" && exit 3 ;;
+					3)  log_failure_msg " $SOCKFILE exists but not a socket, status of $NAME is unknown" && exit 3 ;;
+					*)  report_bug "Unknown return code from $NAME:check_socket." && exit 4 ;;
+				esac
+				;;
+			*)  report_bug "Unknown $NAME status code" && exit 4
+		esac
+		;;
+	*)
+		echo "Usage: $SCRIPTNAME {start|force-start|stop|restart|force-reload|status}" >&2
+		exit 3
+		;;
+esac
+
+:
--- a/files/monit/fail2ban
+++ b/files/monit/fail2ban
@ -0,0 +1,9 @@
+check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid
+    group services
+    start program = "/etc/init.d/fail2ban force-start"
+    stop  program = "/etc/init.d/fail2ban stop || :"
+    if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart
+    if 5 restarts within 5 cycles then timeout
+
+check file fail2ban_log with path /var/log/fail2ban.log
+    if match "ERROR|WARNING" then alert