* Made fail2ban-server tollerate multiple <HOST> entries in failregex

debian/changelog

@@ -1,7 +1,8 @@
-fail2ban (0.7.5-3~pre2) unstable; urgency=low
+fail2ban (0.7.5-3~pre3) unstable; urgency=low
 
   * Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
     (Closes: #404060)
+  * Made fail2ban-server tollerate multiple <HOST> entries in failregex
 
  -- Yaroslav Halchenko <debian@onerussian.com>  Thu, 21 Dec 2006 11:53:22 -0500
 

debian/patches/00list

@@ -5,3 +5,4 @@ X00_rigid_python24
 10_wuftpd_section
 00_mail-whois-lines
 10_vsftpd_regex
+10_multiple_HOST_regexp

debian/patches/10_multiple_HOST_regexp.dpatch

@@ -0,0 +1,54 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 10_multiple_HOST_regexp.dpatch by Yaroslav Halchenko <debian@onerussian.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad fail2ban-0.7.5~/server/filter.py fail2ban-0.7.5/server/filter.py
+--- fail2ban-0.7.5~/server/filter.py	2006-11-26 15:37:31.000000000 -0500
++++ fail2ban-0.7.5/server/filter.py	2006-12-22 13:30:25.000000000 -0500
+@@ -170,8 +170,17 @@
+ 				self.__failRegex = value
+ 				self.__failRegexObj = None
+ 			else:
+-				# Replace "<HOST>" with default regular expression for host.
+-				regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
++				# Replace "<HOST>"s with regular expression for a hostname,
++				# naming groups hostX where X is a number starting with 1
++				regex = value
++				oldregex = ''; k = 0
++				while ( regex != oldregex ):
++					oldregex = regex
++					k += 1
++					regex = regex.replace("<HOST>",
++										  "(?:::f{4,6}:)?(?P<host%d>\S+)" % k,
++										  1)
++
+ 				self.__failRegex = regex
+ 				self.__failRegexObj = re.compile(regex)
+ 			logSys.info("Set failregex = %s" % self.__failRegex)
+@@ -435,12 +444,18 @@
+ 							 + "this format")
+ 			else:
+ 				try:
+-					ipMatch = DNSUtils.textToIp(match.group("host"))
+-					if ipMatch:
+-						for ip in ipMatch:
+-							failList.append([ip, date])
++					allGroups = match.groupdict()
++					hostRe = re.compile('host\d*$')
++					# Select only groups named host\d*
++					hostGroups = filter(lambda x: hostRe.match(x[0]) and x[1],
++										allGroups.iteritems())
++					for hostGroup, hostEntry in hostGroups:
++						ipMatch = DNSUtils.textToIp(hostEntry)
++						if ipMatch:
++							for ip in ipMatch:
++								failList.append([ip, date])
+ 				except IndexError:
+-					logSys.error("There is no 'host' group in the rule. " +
++					logSys.error("There is no 'hostX' group in the rule. " +
+ 								 "Please correct your configuration.")
+ 		return failList
+ 	

debian/patches/10_vsftpd_regex.dpatch

@@ -13,7 +13,7 @@ diff -urNad fail2ban-0.7.5~/config/filter.d/vsftpd.conf fail2ban-0.7.5/config/fi
  # Values: TEXT
  #
 -failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
-+failregex = (?:vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>|\[.+\] FAIL LOGIN: Client "<HOST>")$
++failregex = (?:vsftpd: \(pam_unix\) authentication failure; .* rhost=(?:::f{4,6}:)?(?P<host>\S+)|\[.+\] FAIL LOGIN: Client "(?:::f{4,6}:)?(?P<host2>\S+)"$)
  
  # Option:  ignoreregex
  # Notes.:  regex to ignore. If this regex matches, the line is ignored.