Merge branch 'master' into 0.9

* master: (51 commits) ENH: Use real (resolving) example.com instead of test.example.com DOC: Slight tune ups to ChangeLog -- we must release! Changelog entries for the latest merges BF: add bash-completion to MANIFEST DOC: ChangeLog for default action type change ENH: consolidate where blocktype is defined for iptables rules BF: default type to unreachable ENH: separate out regex and escape a . ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon) ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs DOC: Drop sudo from bash-completion DOC: Added bash-completion script ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop ENH: Removed unused log line ENH: logrotate file BF: missed MANIFEST include BF: missed MANIFEST include BF: missed MANIFEST include ENH: some form of logrotate based on what distros are doing ... Conflicts: ChangeLog MANIFEST client/actionreader.py config/jail.conf fail2ban/server/datedetector.py fail2ban/tests/datedetectortestcase.py
2013-05-08 13:43:45 -04:00 · 2013-05-08 13:43:45 -04:00 · f1b6806eb4
parent 93ad298aa8 2b1e19933f
commit f1b6806eb4
106 changed files with 760 additions and 162 deletions
--- a/57
+++ b/57
@ -41,23 +41,27 @@ code-review and minor additions from Yaroslav Halchenko.
   * [..e019ab7] Multiple instances of the same action are allowed in the
     same jail -- use actname option to disambiguate.
-ver. 0.8.9 (2013/04/XXX) - wanna-be-stable
+ver. 0.8.9 (2013/05/XX) - wanna-be-stable
 ----------
-Although primarily a bugfix release, it incorporates many new
+Originally targeted as a bugfix release, it incorporated many new
-enhancements, few new features, but more importantly -- quite extended
+enhancements, few new features, and more importantly -- quite extended
-tests battery with current 94% coverage.  This release incorporates
+tests battery with current 94% coverage.
 more than a 100 of non-merge commits from 14 contributors (sorted by
 number of commits): Yaroslav Halchenko, Daniel Black, Steven Hiscocks,
 ArndRa, hamilton5, pigsyn, Erwan Ben Souiden, Michael Gebetsroither,
 Orion Poplawski, Artur Penttinen, sebres, Nicolas Collignon, Pascal
 Borreli, blotus:
- Fixes:
+This release introduces over 200 of non-merge commits from 16
-  Yaroslav Halchenko
+contributors (sorted by number of commits): Yaroslav Halchenko, Daniel
-   * [6f4dad46] Documentation python-2.4 is the minimium version.
+Black, Steven Hiscocks, James Stout, Orion Poplawski, Enrico Labedzki,
-   * [1eb23cf8] do not rely on scripts being under /usr -- might differ eg on
+ArndRa, hamilton5, pigsyn, Erwan Ben Souiden, Michael Gebetsroither,
-     Fedora. Closes gh-112. Thanks to Camusensei for the bug report.
+Artur Penttinen, blotus, sebres, Nicolas Collignon, Pascal Borreli.
 Special Kudos also go to Fabian Wenk, Arturo 'Buanzo' Busleiman, Tom
 Hendrikx, Yehuda Katz and other TBN heroes supporting users on
 fail2ban-users mailing list and IRC.
 - Fixes: Yaroslav Halchenko
   * [6f4dad46] python-2.4 is the minimal version.
   * [1eb23cf8] do not rely on scripts being under /usr -- might differ e.g.
     on Fedora. Closes gh-112. Thanks to Camusensei for the bug report.
   * [bf4d4af1] Changes for atomic writes. Thanks to Steven Hiscocks for
     insight. Closes gh-103.
   * [ab044b75] delay check for the existence of config directory until read.
@ -84,6 +88,8 @@ Borreli, blotus:
     gh-70. Thanks to iGeorgeX for the idea.
  blotus
   * [96eb8986] ' and " should also be escaped in action tags Closes gh-109
  Christoph Theis, Nick Hilliard, Daniel Black
   * [b3bd877d,cde71080] Make syslog -v and syslog -vv formats work on FreeBSD
 - New features:
  Yaroslav Halchenko
   * [9ba27353] Add support for jail.d/{confilefile} and fail2ban.d/{configfile}
@ -103,9 +109,18 @@ Borreli, blotus:
   * [5f2d383] Add roundcube auth filter. Closes Debian bug #699442.
  Daniel Black
   * [be06b1b] Add action for iptables-ipsets. Closes gh-102.
  Nick Munger, Ken Menzel, Daniel Black, Christoph Theis & Fabian Wenk
   * [b6d0e8a] Add and enhance the bsd-ipfw action from
     FreeBSD ports.
  Soulard Morgan
   * [f336d9f] Add filter for webmin. Closes gh-99.
  Steven Hiscocks
   * [..746c7d9] bash interactive shell completions for fail2ban-*'s
  Nick Hilliard
   * [0c5a9c5] Add pf action.
 - Enhancements:
  Enrico Labedzki
   * [24a8d07] Added new date format for ASSP SMTP Proxy.
  Steven Hiscocks
   * [3d6791f] Ensure restart of Actions after a check fails occurs
     consistently. Closes gh-172.
@ -128,19 +143,23 @@ Borreli, blotus:
   * [7cd6dab] Added help command to fail2ban-client.
   * [c8c7b0b,23bbc60] Better logging of log file read errors.
   * [3665e6d] Added code coverage to development process.
-   * [41b9f7b,32d10e9] More complete ssh filter rules to match openssh source.
+   * [41b9f7b,32d10e9,39750b8] More complete ssh filter rules to match openssh
     source. Also include BSD changes.
   * [1d9abd1] Action files can have tags in definition that refer to other
     tags.
   * [10886e7,cec5da2,adb991a] Change actions to response with ICMP port
     unreachable rather than just a drop of the packet.
  Pascal Borreli
   * [a2b29b4] Fixed lots of typos in config files and documentation.
  hamilton5
   * [7ede1e8] Update dovecot filter config.
  Romain Riviere
   * [0ac8746] Enhance named-refused filter for views.
-
+  James Stout
-Special Kudos also go to Fabian Wenk, Arturo 'Buanzo' Busleiman, Tom
+   * [..2143cdf] Solaris support enhancements:
-Hendrikx and other TBN heroes supporting users on fail2ban-users
+     - README.Solaris
-mailing list and IRC.
+     - failregex'es tune ups (sshd.conf)
     - hostsdeny: do not rely on support of '-i' in sed
 ver. 0.8.8 (2012/12/06) - stable
 ----------
--- a/3
+++ b/3
@ -269,6 +269,7 @@ Releasing
  * http://svnweb.freebsd.org/ports/head/security/py-fail2ban/
  * https://build.opensuse.org/package/show?package=fail2ban&project=openSUSE%3AFactory
  * http://sophie.zarb.org/sources/fail2ban (Mageia)
  * https://trac.macports.org/browser/trunk/dports/security/fail2ban
 # Check distribution outstanding bugs
@ -291,6 +292,8 @@ Releasing
            http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/metadata.xml?view=markup
  * openSUSE: Stephan Kulow <coolo@suse.com>
            https://build.opensuse.org/package/users?package=fail2ban&project=openSUSE%3AFactory
  * Mac Ports: @Malbrouck on github (gh-49)
            https://trac.macports.org/browser/trunk/dports/security/fail2ban/Portfile
 # Wait for feedback from distributors
--- a/8
+++ b/8
@ -58,6 +58,9 @@ fail2ban/tests/files/testcase02.log
 fail2ban/tests/files/testcase03.log
 fail2ban/tests/files/testcase04.log
 fail2ban/tests/files/testcase-usedns.log
 fail2ban/tests/files/logs/bsd/syslog-plain.txt
 fail2ban/tests/files/logs/bsd/syslog-v.txt
 fail2ban/tests/files/logs/bsd/syslog-vv.txt
 setup.py
 setup.cfg
 fail2ban/__init__.py
@ -99,7 +102,9 @@ config/filter.d/dropbear.conf
 config/filter.d/lighttpd-auth.conf
 config/filter.d/recidive.conf
 config/filter.d/roundcube-auth.conf
 config/action.d/bsd-ipfw.conf
 config/action.d/dummy.conf
 config/action.d/iptables-blocktype.conf
 config/action.d/iptables-ipset-proto4.conf
 config/action.d/iptables-ipset-proto6.conf
 config/action.d/iptables-xt_recent-echo.conf
@ -119,6 +124,7 @@ config/action.d/mail-buffered.conf
 config/action.d/mail-whois.conf
 config/action.d/mail-whois-lines.conf
 config/action.d/mynetwatchman.conf
 config/action.d/pf.conf
 config/action.d/sendmail.conf
 config/action.d/sendmail-buffered.conf
 config/action.d/sendmail-whois.conf
@ -141,8 +147,10 @@ files/macosx-initd
 files/solaris-fail2ban.xml
 files/solaris-svc-fail2ban
 files/suse-initd
 files/fail2ban-logrotate
 files/cacti/fail2ban_stats.sh
 files/cacti/cacti_host_template_fail2ban.xml
 files/cacti/README
 files/nagios/check_fail2ban
 files/nagios/f2ban.txt
 files/bash-completion
--- a/README.Solaris
+++ b/README.Solaris
@ -0,0 +1,141 @@
 # vim:tw=80:ft=txt
 README FOR SOLARIS INSTALLATIONS
 By Roy Sigurd Karlsbakk <roy@karlsbakk.net>
 ABOUT
 This readme is meant for those wanting to install fail2ban on Solaris 10,
 OpenSolaris, OpenIndiana etc. To some degree it may as well be useful for
 users of older Solaris versions and Nexenta, but don't rely on it.
 READ ME FIRST
 If I use the term Solaris, I am talking about any Solaris dialect, that is, the
 official Sun/Oracle ones or derivates. If I describe an OS as
 "OpenSolaris-based", it means it's either OpenSolaris, OpenIndiana or one of the
 other, but /not/ the Nexenta family, since this only uses the OpenSolaris/
 IllumOS kernel and not the userland. If I say Solaris 10, I mean Solaris 10 and
 perhaps, if you're lucky and have some good gods on your side, it may also apply
 to Solaris 9 or even 8 and hopefully in the new Solaris 11 whenever that may be
 released. Quoted lines of code, settings et cetera are indented with two spaces.
 This does _not_ mean you should use that indentation, especially in config files
 where they can be harmful. Optional settings are prefixed with OPT: while
 required settings are prefixed with REQ:. If no prefix is found, regard it as a
 required setting.
 INSTALLATION ON SOLARIS
 The installation is straight forward on Solaris as well as on linux/bsd/etc.
 ./setup.py install installs the general packages in /usr/bin on OpenSolaris-
 based distros or (at least on this box) under /usr/sfw/bin on Solaris 10. In
 the files/ directory you will find the file solaris-fail2ban.xml containing the
 Solaris service. To install this, run the following command as root (or with
 sudo):
  svccfg import files/solaris-fail2ban.xml
 This should normally without giving an error. If you get an error, deal with it,
 and please post any relevant info (or fixes?) to the fail2ban mailing list.
 Next install the service handler - copy the script in and allow it to be executed:
  cp files/solaris-svc-fail2ban /lib/svc/method/svc-fail2ban
  chmod +x /lib/svc/method/svc-fail2ban
 CONFIGURE SYSLOG
 For some reason, a default Solaris installation does not log ssh login attempts,
 and since fail2ban works by monitoring logs, enabling this logging is rather
 important for it to work. To enable this, edit /etc/syslog.conf and add a line
 at the end:
  auth.info					/var/adm/auth.log
 Save the file and exit, and run
  touch /var/adm/auth.log
 The Solaris system logger will _not_ create a non-existing file. Now, restart
 the system logger.
  svcadm restart system-log
 Try to ssh into localhost with ssh asdf@localhost and enter an invalid password.
 Make sure this is logged in the above file. When done, you may configure
 fail2ban.
 FAIL2BAN CONFIGURATION
 OPT: Create /etc/fail2ban/fail2ban.local containing:
 # Fail2Ban main configuration file
 #
 # Comments: use '#' for comment lines and ';' for inline comments
 #
 # Changes:  in most of the cases you should not modify this
 #           file, but provide customizations in fail2ban.local file, e.g.:
 #
 # [Definition]
 # loglevel = 4
 #
 [Definition]
 # Option:  logtarget
 # Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
 #          Only one log target can be specified.
 #          If you change logtarget from the default value and you are
 #          using logrotate -- also adjust or disable rotation in the
 #          corresponding configuration file
 #          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
 # Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
 #
 logtarget = /var/adm/fail2ban.log
 REQ: Create /etc/fail2ban/jail.local containing:
 [ssh-tcpwrapper]
 enabled     = true
 filter      = sshd
 action      = hostsdeny
              sendmail-whois[name=SSH, dest=you@example.com]
 ignoreregex = for myuser from
 logpath     = /var/adm/auth.log
 Set the sendmail dest address to something useful or drop the line to stop it spamming you.
 Set 'myuser' to your username to avoid banning yourself or drop it.
 START (OR RESTART) FAIL2BAN
 Enable the fail2ban service with
  svcadm enable fail2ban
 When done, check that all services are running well
  svcs -xv
 GOTCHAS AND FIXMES
 * It seems the installation may be starting fail2ban automatically. If this is
  done, fail2ban will not start, but no errors will be returned from svcs
  (above). Check if it's running with 'ps -ef | grep fail2ban' and manually kill
  the PID if it is. Re-enable fail2ban and try again
    svcadm disable fail2ban
    svcadm enable fail2ban
 * If svcs -xv says that fail2ban failed to start or svcs says it's in maintenance mode
  chcek /var/svc/log/network-fail2ban:default.log for clues. 
  Check permissions on /var/adm, /var/adm/auth.log /var/adm/fail2ban.log and /var/run/fail2ban
  You may need to:
  sudo mkdir /var/run/fail2ban
 * Fail2ban adds lines like these to /etc/hosts.deny:
    ALL: 1.2.3.4
  wouldn't it be better to just block sshd?
--- a/1
+++ b/1
@ -16,6 +16,7 @@ Daniel B. Cid
 Daniel Black
 David Nutter
 Eric Gerbier
 Enrico Labedzki
 Guillaume Delvit
 Hanno 'Rince' Wagner
 Iain Lea
--- a/2
+++ b/2
@ -13,6 +13,8 @@ Legend:
 # partially done
 * done
 - more detailed explaination in DEVELOP for new developers (eg. howto build this HEX numbers in ChangeLog)
 - Run tests though all filters/examples files - (see sshd example file) as unit
  test
--- a/config/action.d/bsd-ipfw.conf
+++ b/config/action.d/bsd-ipfw.conf
@ -0,0 +1,82 @@
 # Fail2Ban configuration file
 #
 # Author: Nick Munger
 # Modified by: Ken Menzel
 #              Daniel Black (start/stop)
 #              Fabian Wenk (many ideas as per fail2ban users list)
 #
 # Ensure firewall_enable="YES" in the top of /etc/rc.conf
 #
 [Definition]
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 actionstart = ipfw show | fgrep -q 'table(<table>)' || ( ipfw show | awk 'BEGIN { b = 1 } { if ($1 <= b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num deny <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" )
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop =  [ -f <startstatefile> ] && ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" )
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
 # requires an ipfw rule like "deny ip from table(1) to me"
 actionban = ipfw table <table> add <ip>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
 actionunban = ipfw table <table> delete <ip>
 [Init]
 # Option:  table
 # Notes:   The ipfw table to use. If a ipfw rule using this table already exists,
 #          this action will not create a ipfw rule to block it and the following
 #          options will have no effect.
 # Values:  NUM
 table = 1
 # Option:  port
 # Notes.:  Specifies port to monitor. Blank indicate block all ports.
 # Values:  [ NUM | STRING ]
 #
 port = 
 # Option:  startstatefile
 # Notes:   A file to indicate that the table rule that was added. Ensure it is unique per table.
 # Values:  STRING
 startstatefile = /var/run/fail2ban/ipfw-started-table_<table>
 # Option:  action
 # Notes:   This is the action to take for automaticly created rules. See the 
 #          ACTION defination at the top of man ipfw for allowed values.
 #          "deny" and "unreach port" are probably the useful.
 # Values:  STRING
 action = deny
 # Option: block
 # Notes:  This is how much to block.
 #         Can be "ip", "tcp", "udp" or various other options.
 # Values: STRING
 block = ip
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@ -25,7 +25,6 @@
 # configured at DShield), and <lines>/<minreportinterval>/<maxbufferage> (to
 # configure how often the buffer is flushed).
 #
 # $Revision$
 [Definition]
--- a/config/action.d/dummy.conf
+++ b/config/action.d/dummy.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/action.d/hostsdeny.conf
+++ b/config/action.d/hostsdeny.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
@ -40,7 +39,7 @@ actionban = IP=<ip> &&
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
+actionunban = IP=<ip> && sed  /ALL:\ $IP/d <file> > <file>.new && mv <file>.new <file>
 [Init]
--- a/config/action.d/ipfilter.conf
+++ b/config/action.d/ipfilter.conf
@ -37,7 +37,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = echo block in quick from <ip>/32 | /sbin/ipf -f -
+actionban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -f -
 # Option:  actionunban
@ -47,7 +47,12 @@ actionban = echo block in quick from <ip>/32 | /sbin/ipf -f -
 # Values:  CMD
 #
 # note -r option used to remove matching rule
-actionunban = echo block in quick from <ip>/32 | /sbin/ipf -r -f -
+actionunban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -r -f -
 [Init]
 # Option: Blocktype
 # Notes : This is the return-icmp[return-code] mentioned in the ipf man page section 5. Keep this quoted to prevent
 #         Shell expansion. This should be blank (unquoted) to drop the packet.
 # Values: STRING
 blocktype = "return-icmp(port-unr)"
--- a/config/action.d/ipfw.conf
+++ b/config/action.d/ipfw.conf
@ -3,7 +3,6 @@
 # Author: Nick Munger
 # Modified by: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
@ -35,7 +34,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = ipfw add deny tcp from <ip> to <localhost> <port>
+actionban = ipfw add <blocktype> tcp from <ip> to <localhost> <port>
 # Option:  actionunban
@ -59,3 +58,11 @@ port = ssh
 # Values:  IP
 #
 localhost = 127.0.0.1
 # Option:  blocktype
 # Notes.:  How to block the traffic. Use a action from man 5 ipfw
 #          Common values: deny, unreach port, reset
 # Values:  STRING
 #
 blocktype = unreach port
--- a/config/action.d/iptables-allports.conf
+++ b/config/action.d/iptables-allports.conf
@ -4,9 +4,13 @@
 # Modified: Yaroslav O. Halchenko <debian@onerussian.com>
 # 			made active on all ports from original iptables.conf
 #
 # $Revision$
 #
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 # Option:  actionstart
@ -37,7 +41,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@ -45,7 +49,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 [Init]
--- a/config/action.d/iptables-blocktype.conf
+++ b/config/action.d/iptables-blocktype.conf
@ -0,0 +1,22 @@
 # Fail2Ban configuration file
 #
 # Author: Daniel Black
 #
 # This is a included configuration file and includes the defination for the blocktype
 # used in all iptables based actions by default.
 #
 # The user can override the default in iptables-blocktype.local
 [INCLUDES]
 after = iptables-blocktype.local
 [Init]
 # Option:  blocktype
 # Note:    This is what the action does with rules. This can be any jump target
 #          as per the iptables man page (section 8). Common values are DROP
 #          REJECT, REJECT --reject-with icmp-port-unreachable
 # Values:  STRING
 blocktype = REJECT --reject-with icmp-port-unreachable
--- a/config/action.d/iptables-ipset-proto4.conf
+++ b/config/action.d/iptables-ipset-proto4.conf
@ -18,6 +18,10 @@
 # apt-get install ipset xtables-addons-source 
 # module-assistant auto-install xtables-addons
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 # Option:  actionstart
@ -25,13 +29,13 @@
 # Values:  CMD
 #
 actionstart = ipset --create fail2ban-<name> iphash
-              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j DROP
+              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j DROP
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
             ipset --flush fail2ban-<name>
             ipset --destroy fail2ban-<name>
@ -68,4 +72,3 @@ port = ssh
 # Values:  [ tcp | udp | icmp | all ] Default: tcp
 #
 protocol = tcp
--- a/config/action.d/iptables-ipset-proto6.conf
+++ b/config/action.d/iptables-ipset-proto6.conf
@ -18,6 +18,11 @@
 # apt-get install ipset xtables-addons-source 
 # module-assistant auto-install xtables-addons
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 # Option:  actionstart
@ -74,5 +79,3 @@ protocol = tcp
 # Values:  [ NUM ]  Default: 600
 bantime = 600
--- a/config/action.d/iptables-multiport-log.conf
+++ b/config/action.d/iptables-multiport-log.conf
@ -7,9 +7,12 @@
 # make "fail2ban-<name>-log" chain to log and drop
 # insert a jump to fail2ban-<name> from -I <chain> if proto/port match
 #
 # $Revision$
 #
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 # Option:  actionstart
@ -21,7 +24,7 @@ actionstart = iptables -N fail2ban-<name>
              iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
              iptables -N fail2ban-<name>-log
              iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
-              iptables -A fail2ban-<name>-log -j DROP
+              iptables -A fail2ban-<name>-log -j <blocktype>
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
--- a/config/action.d/iptables-multiport.conf
+++ b/config/action.d/iptables-multiport.conf
@ -2,9 +2,12 @@
 #
 # Author: Cyril Jaquier
 # Modified by Yaroslav Halchenko for multiport banning
 # $Revision$
 #
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 # Option:  actionstart
@ -35,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@ -43,7 +46,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 [Init]
--- a/config/action.d/iptables-new.conf
+++ b/config/action.d/iptables-new.conf
@ -4,9 +4,13 @@
 # Copied from iptables.conf and modified by Yaroslav Halchenko 
 #  to fullfill the needs of bugreporter dbts#350746.
 #
 # $Revision$
 #
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 # Option:  actionstart
@ -37,7 +41,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@ -45,7 +49,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 [Init]
--- a/config/action.d/iptables-xt_recent-echo.conf
+++ b/config/action.d/iptables-xt_recent-echo.conf
@ -2,9 +2,13 @@
 #
 # Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
 #
 # $Revision: 1 $
 #
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 # Option:  actionstart
@ -29,7 +33,7 @@
 #    own rules. The 3600 second timeout is independent and acts as a
 #    safeguard in case the fail2ban process dies unexpectedly. The
 #    shorter of the two timeouts actually matters.
-actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j DROP
+actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j <blocktype>
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@ -2,9 +2,12 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [INCLUDES]
 before = iptables-blocktype.conf
 [Definition]
 # Option:  actionstart
@ -35,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@ -43,7 +46,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 [Init]
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 # Modified-By: Yaroslav Halchenko to include grepping on IP over log files
 # $Revision$
 #
 [Definition]
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@ -24,7 +24,6 @@
 # Another useful configuration value is <getcmd>, if you don't have wget
 # installed (an example config for curl is given below)
 #
 # $Revision$
 [Definition]
--- a/config/action.d/pf.conf
+++ b/config/action.d/pf.conf
@ -0,0 +1,62 @@
 # Fail2Ban configuration file
 #
 # OpenBSD pf ban/unban
 #
 # Author: Nick Hilliard <nick@foobar.org>
 #
 #
 [Definition]
 # Option:  actionstart
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
 # we don't enable PF automatically, as it will be enabled elsewhere
 actionstart = 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 # we don't disable PF automatically either
 actionstop = 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
 actioncheck = 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 actionban = /sbin/pfctl -t <tablename> -T add <ip>/32
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
 #          command is executed with Fail2Ban user rights.
 # Tags:    <ip>  IP address
 #          <failures>  number of failures
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
 # note -r option used to remove matching rule
 actionunban = /sbin/pfctl -t <tablename> -T delete <ip>/32
 [Init]
 # Option:  tablename
 # Notes.:  The pf table name.
 # Values:  [ STRING ]  Default: fail2ban
 #
 tablename = fail2ban
--- a/config/action.d/route.conf
+++ b/config/action.d/route.conf
@ -15,11 +15,10 @@
 #   - Blocking is per IP and NOT per service, but ideal as action against ssh password bruteforcing hosts
 [Definition]
-actionban   = ip route add <type> <ip>
+actionban   = ip route add <blocktype> <ip>
-actionunban = ip route del <type> <ip>
+actionunban = ip route del <blocktype> <ip>
-# Type of blocking
+# Option:  blocktype
-#
+# Note:    Type can be blackhole, unreachable and prohibit. Unreachable and prohibit correspond to the ICMP reject messages.
-# Type can be blackhole, unreachable and prohibit. Unreachable and prohibit correspond to the ICMP reject messages.
+# Values:  STRING
-
+blocktype = unreachable
 type = blackhole
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/action.d/sendmail-whois-lines.conf
+++ b/config/action.d/sendmail-whois-lines.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/action.d/sendmail-whois.conf
+++ b/config/action.d/sendmail-whois.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/action.d/sendmail.conf
+++ b/config/action.d/sendmail.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/action.d/shorewall.conf
+++ b/config/action.d/shorewall.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 # The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
 # file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
@ -39,7 +38,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = shorewall drop <ip>
+actionban = shorewall <blocktype> <ip>
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@ -48,3 +47,9 @@ actionban = shorewall drop <ip>
 # Values:  CMD
 #
 actionunban = shorewall allow <ip>
 # Option:  blocktype
 # Note:    This is what the action does with rules.
 #          See man page of shorewall for options that include drop, logdrop, reject, or logreject
 # Values:  STRING
 blocktype = reject
--- a/config/filter.d/apache-auth.conf
+++ b/config/filter.d/apache-auth.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/apache-badbots.conf
+++ b/config/filter.d/apache-badbots.conf
@ -5,7 +5,6 @@
 #
 # Author: Yaroslav Halchenko
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/apache-nohome.conf
+++ b/config/filter.d/apache-nohome.conf
@ -2,7 +2,6 @@
 #
 # Author: Yaroslav O. Halchenko <debian@onerussian.com>
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/apache-noscript.conf
+++ b/config/filter.d/apache-noscript.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/apache-overflows.conf
+++ b/config/filter.d/apache-overflows.conf
@ -2,7 +2,6 @@
 #
 # Author: Tim Connors
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/assp.conf
+++ b/config/filter.d/assp.conf
@ -0,0 +1,33 @@
 # Fail2Ban configuration file
 # for Anti-Spam SMTP Proxy Server also known as ASSP
 #    Honmepage:   http://www.magicvillage.de/~Fritz_Borgstedt/assp/0003D91C-8000001C/
 #    ProjektSite: http://sourceforge.net/projects/assp/?source=directory
 #
 # Author: Enrico Labedzki (enrico.labedzki@deiwos.de)
 #
 [Definition] 
 # Option:  failregex
 # Notes.:  regex to match the SMTP failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>\S+)
 # Values:  TEXT
 #
 # Examples: Apr-27-13 02:33:09 Blocking 217.194.197.97 - too much AUTH errors (41);
 #           Dec-29-12 17:10:31 [SSL-out] 200.247.87.82 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
 #           Dec-30-12 04:01:47 [SSL-out] 81.82.232.66 max sender authentication errors (5) exceeded 
 __assp_actions = (dropping|refusing)
 failregex = <HOST> max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: [a-zA-Z0-9]+;$
 			<HOST> SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$
 			Blocking <HOST> - too much AUTH errors \(\d{,3}\);$
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.
 # Values:  TEXT
 #
 ignoreregex = 
--- a/config/filter.d/asterisk.conf
+++ b/config/filter.d/asterisk.conf
@ -2,7 +2,6 @@
 #
 # Author: Xavier Devlamynck
 #
 # $Revision$
 #
--- a/config/filter.d/common.conf
+++ b/config/filter.d/common.conf
@ -3,7 +3,6 @@
 #
 # Author: Yaroslav Halchenko
 #
 # $Revision$
 #
 [INCLUDES]
@ -28,6 +27,10 @@ __pid_re = (?:\[\d+\])
 # EXAMPLES: pam_rhosts_auth, [sshd], pop(pam_unix)
 __daemon_re = [\[\(]?%(_daemon)s(?:\(\S+\))?[\]\)]?:?
 # extra daemon info
 # EXAMPLE: [ID 800047 auth.info]
 __daemon_extra_re = (?:\[ID \d+ \S+\])
 # Combinations of daemon name and PID
 # EXAMPLES: sshd[31607], pop(pam_unix)[4920]
 __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
@ -38,10 +41,16 @@ __kernel_prefix = kernel: \[\d+\.\d+\]
 __hostname = \S+
 # bsdverbose is where syslogd is started with -v or -vv and results in <4.3> or
 # <auth.info> appearing before the host as per testcases/files/logs/bsd/*.
 __bsd_syslog_verbose = (<[^.]+\.[^.]+>)
 #
 # Common line prefixes (beginnings) which could be used in filters
 #
-#       [hostname] [vserver tag] daemon_id spaces
+#      [bsdverbose]? [hostname] [vserver tag] daemon_id spaces
-# this can be optional (for instance if we match named native log files)
+#
-__prefix_line = \s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+# This can be optional (for instance if we match named native log files)
 __prefix_line = \s*%(__bsd_syslog_verbose)s?\s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s*
--- a/config/filter.d/courier-auth.conf
+++ b/config/filter.d/courier-auth.conf
@ -3,7 +3,6 @@
 # Author: Christoph Haas
 # Modified by: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/courier-smtp.conf
+++ b/config/filter.d/courier-smtp.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/cyrus-imap.conf
+++ b/config/filter.d/cyrus-imap.conf
@ -2,7 +2,6 @@
 #
 # Author: Jan Wagner <waja@cyconet.org>
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/dovecot.conf
+++ b/config/filter.d/dovecot.conf
@ -2,7 +2,6 @@
 #
 # Author: Martin Waschbuesch
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/dropbear.conf
+++ b/config/filter.d/dropbear.conf
@ -3,7 +3,6 @@
 # Author: Francis Russell
 #         Zak B. Elep
 #
 # $Revision$
 #
 # More information: http://bugs.debian.org/546913
--- a/config/filter.d/exim.conf
+++ b/config/filter.d/exim.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/gssftpd.conf
+++ b/config/filter.d/gssftpd.conf
@ -2,7 +2,6 @@
 #
 # Author: Kevin Zembower (copied from wsftpd.conf)
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/named-refused.conf
+++ b/config/filter.d/named-refused.conf
@ -4,7 +4,6 @@
 #
 # Author: Yaroslav Halchenko
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/pam-generic.conf
+++ b/config/filter.d/pam-generic.conf
@ -2,7 +2,6 @@
 #
 # Author: Yaroslav Halchenko
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/postfix.conf
+++ b/config/filter.d/postfix.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@ -2,7 +2,6 @@
 #
 # Author: Yaroslav Halchenko
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/pure-ftpd.conf
+++ b/config/filter.d/pure-ftpd.conf
@ -3,7 +3,6 @@
 # Author: Cyril Jaquier
 # Modified: Yaroslav Halchenko for pure-ftpd
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/qmail.conf
+++ b/config/filter.d/qmail.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/sasl.conf
+++ b/config/filter.d/sasl.conf
@ -2,7 +2,6 @@
 #
 # Author: Yaroslav Halchenko
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/sieve.conf
+++ b/config/filter.d/sieve.conf
@ -2,7 +2,6 @@
 #
 # Author: Jan Wagner <waja@cyconet.org>
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [INCLUDES]
@ -23,7 +22,7 @@ _daemon = sshd
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
+failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$
            ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
            ^%(__prefix_line)sFailed \S+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
            ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/webmin-auth.conf
+++ b/config/filter.d/webmin-auth.conf
@ -3,7 +3,6 @@
 # Author: Cyril Jaquier
 # Rule by : Delvit Guillaume
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/wuftpd.conf
+++ b/config/filter.d/wuftpd.conf
@ -2,7 +2,6 @@
 #
 # Author: Yaroslav Halchenko
 #
 # $Revision$
 #
 [Definition]
--- a/config/filter.d/xinetd-fail.conf
+++ b/config/filter.d/xinetd-fail.conf
@ -2,7 +2,6 @@
 #
 # Author: Guido Bozzetto
 #
 # $Revision$
 #
 [Definition]
--- a/config/jail.conf
+++ b/config/jail.conf
@ -182,6 +182,13 @@ maxretry  = 2
 # .. custom jails
 # ASSP SMTP Proxy Jail
 [assp]
 enabled  = false
 filter   = assp
 action = iptables-multiport[name=assp,port="25,465,587"]
 logpath  = /root/path/to/assp/logs/maillog.txt
 # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
 # used to avoid banning the user "myuser".
@ -223,7 +230,6 @@ logpath  = /var/log/sshd.log
 # option is overridden in this jail. Moreover, the action "mail-whois" defines
 # the variable "name" which contains a comma using "". The characters '' are
 # valid too.
 [sshd-ipfw]
 filter   = sshd
@ -232,6 +238,16 @@ action   = ipfw[localhost=192.168.0.1]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1
 # bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
 # table number must be unique.
 #
 # This will create a deny rule for that table ONLY if a rule
 # for the table doesn't ready exist.
 #
 [ssh-bsd-ipfw]
 filter   = sshd
 action   = bsd-ipfw[port=ssh,table=1]
 logpath  = /var/log/auth.log
 #
 # HTTP servers
@ -493,3 +509,14 @@ action   = iptables-allports[name=recidive]
 bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 maxretry = 5
 # PF is a BSD based firewall
 [ssh-pf]
 enabled=false
 filter = sshd
 action = pf
 logpath  = /var/log/sshd.log
 maxretry=5
--- a/fail2ban/init.py
+++ b/fail2ban/init.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/init.py
+++ b/fail2ban/client/init.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/actionreader.py
+++ b/fail2ban/client/actionreader.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/configparserinc.py
+++ b/fail2ban/client/configparserinc.py
@ -19,7 +19,6 @@
 # Author: Yaroslav Halchenko
 # Modified: Cyril Jaquier
 # $Revision$
 __author__ = 'Yaroslav Halhenko'
 __revision__ = '$Revision$'
--- a/fail2ban/client/configreader.py
+++ b/fail2ban/client/configreader.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # Modified by: Yaroslav Halchenko (SafeConfigParserWithIncludes)
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/configurator.py
+++ b/fail2ban/client/configurator.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/csocket.py
+++ b/fail2ban/client/csocket.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/fail2banreader.py
+++ b/fail2ban/client/fail2banreader.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/filterreader.py
+++ b/fail2ban/client/filterreader.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/jailreader.py
+++ b/fail2ban/client/jailreader.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/client/jailsreader.py
+++ b/fail2ban/client/jailsreader.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/helpers.py
+++ b/fail2ban/helpers.py
@ -20,7 +20,6 @@
 # Author: Cyril Jaquier
 # Author: Arturo 'Buanzo' Busleiman
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/protocol.py
+++ b/fail2ban/protocol.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/server/init.py
+++ b/fail2ban/server/init.py
@ -19,10 +19,7 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/actions.py
+++ b/fail2ban/server/actions.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/asyncserver.py
+++ b/fail2ban/server/asyncserver.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/banmanager.py
+++ b/fail2ban/server/banmanager.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/datedetector.py
+++ b/fail2ban/server/datedetector.py
@ -161,6 +161,12 @@ class DateDetector:
 			template.setRegex("\S{3}\s{1,2}\d{1,2}, \d{4} \d{1,2}:\d{2}:\d{2} [AP]M")
 			template.setPattern("%b %d, %Y %I:%M:%S %p")
 			self._appendTemplate(template)
 			# ASSP: Apr-27-13 02:33:06
 			template = DateStrptime()
 			template.setName("Month-Day-Year Hour:Minute:Second")
 			template.setRegex("^[a-zA-Z]{3}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
 			template.setPattern("%b-%d-%y %H:%M:%S")
 			self._appendTemplate(template)
 		finally:
 			self.__lock.release()
--- a/fail2ban/server/datetemplate.py
+++ b/fail2ban/server/datetemplate.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
@ -218,3 +215,4 @@ class DateISO8601(DateTemplate):
 			value = dateMatch.group()
 			date = list(iso8601.parse_date(value).timetuple())
 		return date
--- a/fail2ban/server/faildata.py
+++ b/fail2ban/server/faildata.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/failmanager.py
+++ b/fail2ban/server/failmanager.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/filterpoll.py
+++ b/fail2ban/server/filterpoll.py
@ -21,8 +21,6 @@
 #
 __author__ = "Cyril Jaquier, Yaroslav Halchenko"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier; 2012 Yaroslav Halchenko"
 __license__ = "GPL"
--- a/fail2ban/server/jailthread.py
+++ b/fail2ban/server/jailthread.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/server.py
+++ b/fail2ban/server/server.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/ticket.py
+++ b/fail2ban/server/ticket.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/server/transmitter.py
+++ b/fail2ban/server/transmitter.py
@ -19,11 +19,8 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
 __date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
--- a/fail2ban/tests/init.py
+++ b/fail2ban/tests/init.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/tests/actiontestcase.py
+++ b/fail2ban/tests/actiontestcase.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
@ -89,6 +88,9 @@ class ExecuteAction(unittest.TestCase):
 			'ABC': "123",
 			'xyz': "890",
 		}
 		self.assertEqual(
 			self.__action.replaceTag("Text<br>text", aInfo),
 			"Text\ntext")
 		self.assertEqual(
 			self.__action.replaceTag("Text <HOST> text", aInfo),
 			"Text 192.0.2.0 text")
--- a/fail2ban/tests/banmanagertestcase.py
+++ b/fail2ban/tests/banmanagertestcase.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/tests/datedetectortestcase.py
+++ b/fail2ban/tests/datedetectortestcase.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
@ -90,6 +89,7 @@ class DateDetectorTest(unittest.TestCase):
 			"<01/23/05@21:59:59>",
 			"050123 21:59:59", # MySQL
 			"Jan 23, 2005 9:59:59 PM", # Apache Tomcat
 			"Jan-23-05 21:59:59", # ASSP like
 			):
 			log = sdate + "[sshd] error: PAM: Authentication failure"
 			# exclude
--- a/fail2ban/tests/failmanagertestcase.py
+++ b/fail2ban/tests/failmanagertestcase.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/tests/files/logs/sshd
+++ b/fail2ban/tests/files/logs/sshd
@ -1,6 +1,6 @@
 #1
 Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
-May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
+May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from example.com
 #2
 Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.69 port 50273 ssh2
@ -13,10 +13,10 @@ Jan  5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM ::ffff:1.2.3.4
 #4
 Jul 20 14:42:11 localhost sshd[22708]: Invalid user ftp from 211.114.51.213
 #5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
-Mar  3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
+# yoh: added ':' after [sshd] since the case without is not really common any more
-Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
+Mar  3 00:17:22 [sshd]: User root from 211.188.220.49 not allowed because not listed in AllowUsers
 Feb 25 14:34:11 belka sshd[31607]: User root from example.com not allowed because not listed in AllowUsers
 #6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
 Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)
@ -29,5 +29,20 @@ Oct 15 19:51:35 server sshd[7592]: Address 1.2.3.4 maps to 1234.bbbbbb.com, but
 #8 DenyUsers https://github.com/fail2ban/fail2ban/issues/47
 Apr 16 22:01:15 al-ribat sshd[5154]: User root from 46.45.128.3 not allowed because listed in DenyUsers
-# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648020
+#9 OpenSolaris patch - pull https://github.com/fail2ban/fail2ban/pull/182
-Nov  8 11:19:38 bar sshd[25427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.3.6
+Mar 29 05:59:23 dusky sshd[20878]: [ID 800047 auth.info] Failed keyboard-interactive for <invalid username> from 205.186.180.55 port 42742 ssh2
 Mar 29 05:20:09 dusky sshd[19558]: [ID 800047 auth.info] Failed keyboard-interactive for james from 205.186.180.30 port 54520 ssh2
 #10 OSX syslog error
 Apr 29 17:16:20 Jamess-iMac.local sshd[62312]: error: PAM: authentication error for james from example.com via 192.168.1.201
 Apr 29 20:11:08 Jamess-iMac.local sshd[63814]: [ID 800047 auth.info] Failed keyboard-interactive for <invalid username> from 205.186.180.35 port 42742 ssh2
 Apr 29 20:12:08 Jamess-iMac.local sshd[63814]: [ID 800047 auth.info] Failed keyboard-interactive for james from 205.186.180.22 port 54520 ssh2
 Apr 29 20:13:08 Jamess-iMac.local sshd[63814]: Failed keyboard-interactive for james from 205.186.180.42 port 54520 ssh2
 Apr 29 20:14:08 Jamess-iMac.local sshd[63814]: Failed keyboard-interactive for <invalid username> from 205.186.180.44 port 42742 ssh2
 Apr 30 01:42:12 Jamess-iMac.local sshd[2554]: Failed keyboard-interactive/pam for invalid user jamedds from 205.186.180.77 port 33723 ssh2
 Apr 29 12:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication failure for james from 205.186.180.88 via 192.168.1.201
 Apr 29 13:53:38 Jamess-iMac.local sshd[47831]: error: PAM: Authentication failure for james from 205.186.180.99 via 192.168.1.201
 Apr 29 15:53:38 Jamess-iMac.local sshd[47831]: error: PAM: Authentication error for james from 205.186.180.100 via 192.168.1.201
 Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error for james from 205.186.180.101 via 192.168.1.201
 Apr 29 17:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error for james from 205.186.180.102
 Apr 29 18:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error for james from 205.186.180.103
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
--- a/fail2ban/tests/sockettestcase.py
+++ b/fail2ban/tests/sockettestcase.py
@ -19,7 +19,6 @@
 # Author: Steven Hiscocks
 # 
 # $Revision$
 __author__ = "Steven Hiscocks"
 __version__ = "$Revision$"
--- a/fail2ban/version.py
+++ b/fail2ban/version.py
@ -19,7 +19,6 @@
 # Author: Cyril Jaquier
 # 
 # $Revision$
 __author__ = "Cyril Jaquier, Yaroslav Halchenko"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko"
--- a/files/bash-completion
+++ b/files/bash-completion
@ -0,0 +1,149 @@
 # fail2ban bash-completion                                 -*- shell-script -*-
 #
 # This file is part of Fail2Ban.
 #
 # Fail2Ban is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation; either version 2 of the License, or
 # (at your option) any later version.
 #
 # Fail2Ban is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with Fail2Ban; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 __fail2ban_jails () {
    "$1" status 2>/dev/null | awk -F"\t+" '/Jail list/{print $2}' | sed 's/, / /g'
 }
 _fail2ban () {
    local cur prev words cword
    _init_completion || return 
    case $prev in
        -V|--version|-h|--help)
            return 0 # No further completion valid
            ;;
        -c)
            _filedir -d # Directories
            return 0
            ;;
        -s|-p)
            _filedir # Files
            return 0
            ;;
        *)
            if [[ "$cur" == "-"* ]];then
                COMPREPLY=( $( compgen -W \
                    "$( _parse_help "$1" --help 2>/dev/null) -V" \
                     -- "$cur") )
                return 0
            fi
            ;;
    esac
    if [[ "$1" == *"fail2ban-regex" ]];then
        _filedir
        return 0
    elif [[ "$1" == *"fail2ban-client" ]];then
        local cmd jail
        case $prev in
            "$1")
                COMPREPLY=( $( compgen -W \
                    "$( "$1" --help 2>/dev/null | awk '/^    [a-z]+/{print $1}')" \
                    -- "$cur") )
                return 0
                ;;
            start|reload|stop|status)
                COMPREPLY=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) )
                return 0
                ;;
            set|get)
                COMPREPLY=( $( compgen -W \
                    "$( "$1" --help 2>/dev/null | awk '/^    '$prev' [^<]/{print $2}')" \
                    -- "$cur") )
                COMPREPLY+=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) )
                return 0
                ;;
            *)
                if [[ "${words[$cword-2]}" == "add" ]];then
                    COMPREPLY=( $( compgen -W "auto polling gamin pyinotify" -- "$cur" ) )
                    return 0
                elif [[ "${words[$cword-2]}" == "set" ||  "${words[$cword-2]}" == "get" ]];then
                    cmd="${words[cword-2]}"
                    # Handle in section below
                elif [[ "${words[$cword-3]}" == "set" || "${words[$cword-3]}" == "get" ]];then
                    cmd="${words[$cword-3]}"
                    jail="${words[$cword-2]}"
                    # Handle in section below
                fi
            ;;
        esac
        if [[ -z "$jail" && -n "$cmd" ]];then
            case $prev in
                loglevel)
                    if [[ "$cmd" == "set" ]];then
                        COMPREPLY=( $( compgen -W "0 1 2 3 4" -- "$cur" ) )
                    fi
                    return 0
                    ;;
                logtarget)
                    if [[ "$cmd" == "set" ]];then
                        COMPREPLY=( $( compgen -W "STDOUT STDERR SYSLOG" -- "$cur" ) )
                        _filedir # And files
                    fi
                    return 0
                    ;;
                *) # Jail name
                    COMPREPLY=( $( compgen -W \
                        "$( "$1" --help 2>/dev/null | awk '/^    '${cmd}' <JAIL>/{print $3}')" \
                        -- "$cur") )
                    return 0
                    ;;
            esac
        elif [[ -n "$jail" && "$cmd" == "set" ]];then
            case $prev in
                addlogpath)
                    _filedir
                    return 0
                    ;;
                dellogpath|delignoreip)
                    COMPREPLY=( $( compgen -W \
                        "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F- '{print $2}')" \
                    -- "$cur" ) )
                    if [[ -z "$COMPREPLY" && "$prev" == "dellogpath" ]];then
                        _filedir
                    fi
                    return 0
                    ;;
                delfailregex|delignoregex)
                    COMPREPLY=( $( compgen -W \
                        "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F"[][]" '{print $2}')" \
                    -- "$cur" ) )
                    return 0
                    ;;
                unbanip)
                    COMPREPLY=( $( compgen -W \
                        "$( "$1" status "$jail" 2>/dev/null | awk -F"\t+" '/IP list:/{print $2}')" \
                    -- "$cur" ) )
                    return 0
                    ;;
                idle)
                    COMPREPLY=( $( compgen -W "on off" -- "$cur" ) )
                    return 0
                    ;;
                usedns)
                    COMPREPLY=( $( compgen -W "yes no warn" -- "$cur" ) )
                    return 0
                    ;;
            esac
        fi
    fi # fail2ban-client
 } &&
 complete -F _fail2ban fail2ban-client fail2ban-server fail2ban-regex
--- a/files/cacti/fail2ban_stats.sh
+++ b/files/cacti/fail2ban_stats.sh
@ -25,7 +25,6 @@
 #
 # Author: Cyril Jaquier
 # 
 # $Revision$
 FAIL2BAN="fail2ban-client"
--- a/files/fail2ban-logrotate
+++ b/files/fail2ban-logrotate
@ -0,0 +1,18 @@
 #
 # Gentoo:
 # http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-logrotate?view=markup
 #
 # Debian:
 # https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.logrotate
 #
 # Fedora view:
 #  http://pkgs.fedoraproject.org/cgit/fail2ban.git/tree/fail2ban-logrotate
 /var/log/fail2ban.log {
    rotate 7
    missingok
    compress
    postrotate
      /usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 1>/dev/null || true
    endscript
 }
--- a/Show More
+++ b/Show More