normalizing time config entries: use time abbreviation (str2seconds) for all time options such 'dbpurgeage', 'bantime', 'findtime', ex.: default '1d' instead '86400';

code review and test case extended;

config/fail2ban.conf

@@ -66,4 +66,4 @@ dbfile = /var/lib/fail2ban/fail2ban.sqlite3
 # Options: dbpurgeage
 # Notes.: Sets age at which bans should be purged from the database
 # Values: [ SECONDS ] Default: 86400 (24hours)
-dbpurgeage = 86400
+dbpurgeage = 1d

config/jail.conf

@@ -18,7 +18,7 @@
 # See man 5 jail.conf for details.
 #
 # [DEFAULT]
-# bantime = 3600
+# bantime = 1h
 #
 # [sshd]
 # enabled = true
@@ -56,11 +56,11 @@ ignoreip = 127.0.0.1/8
 ignorecommand =
 
 # "bantime" is the number of seconds that a host is banned.
-bantime  = 600
+bantime  = 10m
 
 # A host is banned if it has generated "maxretry" during the last "findtime"
 # seconds.
-findtime  = 600
+findtime  = 10m
 
 # "maxretry" is the number of failures before a host get banned.
 maxretry = 5
@@ -258,7 +258,7 @@ logpath  = %(apache_error_log)s
 # for email addresses. The mail outputs are buffered.
 port     = http,https
 logpath  = %(apache_access_log)s
-bantime  = 172800
+bantime  = 48h
 maxretry = 1
 
 
@@ -738,8 +738,8 @@ maxretry = 5
 
 logpath  = /var/log/fail2ban.log
 banaction = %(banaction_allports)s
-bantime  = 604800  ; 1 week
-findtime = 86400   ; 1 day
+bantime  = 1w
+findtime = 1d
 maxretry = 5
 
 
@@ -818,7 +818,7 @@ filter       = apache-pass
 logpath      = %(apache_access_log)s
 blocktype    = RETURN
 returntype   = DROP
-bantime      = 3600
+bantime      = 1h
 maxretry     = 1
 findtime     = 1
 

fail2ban/client/fail2banreader.py

@@ -49,7 +49,7 @@ class Fail2banReader(ConfigReader):
 				["string", "logtarget", "STDERR"],
 				["string", "syslogsocket", "auto"],
 				["string", "dbfile", "/var/lib/fail2ban/fail2ban.sqlite3"],
-				["int", "dbpurgeage", 86400]]
+				["string", "dbpurgeage", "1d"]]
 		self.__opts = ConfigReader.getOptions(self, "Definition", opts)
 	
 	def convert(self):

fail2ban/client/jailreader.py

@@ -97,9 +97,9 @@ class JailReader(ConfigReader):
 				["string", "logpath", None],
 				["string", "logencoding", None],
 				["string", "backend", "auto"],
-				["int", "maxretry", None],
-				["int", "findtime", None],
-				["int", "bantime", None],
+				["int",    "maxretry", None],
+				["string", "findtime", None],
+				["string", "bantime", None],
 				["string", "usedns", None],
 				["string", "failregex", None],
 				["string", "ignoreregex", None],

fail2ban/server/database.py

@@ -218,7 +218,7 @@ class Fail2BanDb(object):
 
 	@purgeage.setter
 	def purgeage(self, value):
-		self._purgeAge = int(value)
+		self._purgeAge = MyTime.str2seconds(value)
 
 	@commitandrollback
 	def createDb(self, cur):

fail2ban/server/mytime.py

@@ -116,8 +116,11 @@ class MyTime:
 	#
 	# @returns number (calculated seconds from expression "val")
 
-	#@staticmethod
+	@staticmethod
 	def str2seconds(val):
+		# replace together standing abbreviations, example '1d12h' -> '1d 12h':
+		val = re.sub(r"(?i)(?<=[a-z])(\d)", r" \1", val)
+		# replace abbreviation with expression:
 		for rexp, rpl in (
 			(r"days?|da|dd?", 24*60*60), (r"week?|wee?|ww?", 7*24*60*60), (r"months?|mon?", (365*3+366)*24*60*60/4/12), (r"years?|yea?|yy?", (365*3+366)*24*60*60/4), 
 			(r"seconds?|sec?|ss?", 1), (r"minutes?|min?|mm?", 60), (r"hours?|ho|hh?", 60*60),
@@ -125,4 +128,3 @@ class MyTime:
 			val = re.sub(r"(?i)(?<=[\d\s])(%s)\b" % rexp, "*"+str(rpl), val)
 		val = re.sub(r"(\d)\s+(\d)", r"\1+\2", val);
 		return eval(val)
-	str2seconds = staticmethod(str2seconds)

fail2ban/server/transmitter.py

@@ -216,7 +216,7 @@ class Transmitter:
 			return self.__server.getUseDns(name)
 		elif command[1] == "findtime":
 			value = command[2]
-			self.__server.setFindTime(name, int(value))
+			self.__server.setFindTime(name, value)
 			return self.__server.getFindTime(name)
 		elif command[1] == "datepattern":
 			value = command[2]
@@ -233,7 +233,7 @@ class Transmitter:
 		# command
 		elif command[1] == "bantime":
 			value = command[2]
-			self.__server.setBanTime(name, int(value))
+			self.__server.setBanTime(name, value)
 			return self.__server.getBanTime(name)
 		elif command[1] == "banip":
 			value = command[2]

fail2ban/tests/clientreadertestcase.py

@@ -668,7 +668,7 @@ class JailsReaderTest(LogCaptureTestCase):
 			self.assertEqual(sorted(commands),
 							 [['set', 'dbfile',
 								'/var/lib/fail2ban/fail2ban.sqlite3'],
-							  ['set', 'dbpurgeage', 86400],
+							  ['set', 'dbpurgeage', '1d'],
 							  ['set', 'loglevel', "INFO"],
 							  ['set', 'logtarget', '/var/log/fail2ban.log'],
 							  ['set', 'syslogsocket', 'auto']])

fail2ban/tests/databasetestcase.py

@@ -70,6 +70,15 @@ class DatabaseTest(LogCaptureTestCase):
 			return
 		self.assertEqual(self.dbFilename, self.db.filename)
 
+	def testPurgeAge(self):
+		if Fail2BanDb is None: # pragma: no cover
+			return
+		self.assertEqual(self.db.purgeage, 86400)
+		self.db.purgeage = '1y6mon15d5h30m'
+		self.assertEqual(self.db.purgeage, 48652200)
+		self.db.purgeage = '2y 12mon 30d 10h 60m'
+		self.assertEqual(self.db.purgeage, 48652200*2)
+
 	def testCreateInvalidPath(self):
 		if Fail2BanDb is None: # pragma: no cover
 			return

fail2ban/tests/servertestcase.py

@@ -259,6 +259,7 @@ class Transmitter(TransmitterBase):
 	def testJailFindTime(self):
 		self.setGetTest("findtime", "120", 120, jail=self.jailName)
 		self.setGetTest("findtime", "60", 60, jail=self.jailName)
+		self.setGetTest("findtime", "30m", 30*60, jail=self.jailName)
 		self.setGetTest("findtime", "-60", -60, jail=self.jailName)
 		self.setGetTestNOK("findtime", "Dog", jail=self.jailName)
 
@@ -266,6 +267,7 @@ class Transmitter(TransmitterBase):
 		self.setGetTest("bantime", "600", 600, jail=self.jailName)
 		self.setGetTest("bantime", "50", 50, jail=self.jailName)
 		self.setGetTest("bantime", "-50", -50, jail=self.jailName)
+		self.setGetTest("bantime", "15d 5h 30m", 1315800, jail=self.jailName)
 		self.setGetTestNOK("bantime", "Cat", jail=self.jailName)
 
 	def testDatePattern(self):