- Added alias "<HOST>" for failregex

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@471 a942ae1a-1317-0410-a47c-b1dcaea8d605

config/filter.d/apache-auth.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option:  failregex
-# Notes.:  regex to match the password failure messages in the logfile.
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values:  TEXT
 #
-failregex = [[]client (?P<host>\S*)[]] user .*(?:: authentication failure|not found)
+failregex = [[]client <HOST>[]] user .*(?:: authentication failure|not found)
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/apache-noscript.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option:  failregex
-# Notes.:  regex to match the password failure messages in the logfile.
+# Notes.:  regex to match the password failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values:  TEXT
 #
-failregex = [[]client (?P<host>\S*)[]] File does not exist: .*(\.php|\.asp)
+failregex = [[]client <HOST>[]] File does not exist: .*(\.php|\.asp)
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/courierlogin.conf

@@ -9,10 +9,12 @@
 [Definition]
 
 # Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile.
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values:  TEXT
 #
-failregex = LOGIN FAILED, ip=\[::ffff:(?P<host>\S*)\]$
+failregex = LOGIN FAILED, ip=\[<HOST>\]$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/couriersmtp.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile.
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values:  TEXT
 #
-failregex = error,relay=(?:::f{4,6}:)?(?P<host>\S*),.*550 User unknown
+failregex = error,relay=<HOST>,.*550 User unknown
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/postfix.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile.
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values:  TEXT
 #
-failregex = reject: RCPT from (.*)\[(?P<host>\S*)\]: 554
+failregex = reject: RCPT from (.*)\[<HOST>\]: 554
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/proftpd.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option: failregex
-# Notes.: regex to match the password failures messages in the logfile.
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values: TEXT
 #
-failregex = USER \S+: no such user found from \S* ?\[(?P<host>\S+)\] to \S+\s*$
+failregex = USER \S+: no such user found from \S* ?\[<HOST>\] to \S+\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/qmail.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile.
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values:  TEXT
 #
-failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )(?P<host>\S*)
+failregex = (?:[\d,.]+[\d,.] rblsmtpd: |421 badiprbl: ip )<HOST>
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/sasl.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option: failregex
-# Notes.: regex to match the password failures messages in the logfile.
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values: TEXT
 #
-failregex = : warning: [-._\w]+\[(?P<host>[.\d]+)\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
+failregex = : warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/sshd.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option:  failregex
-# Notes.:  regex to match the password failures messages in the logfile.
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values:  TEXT
 #
-failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) (?:::f{4,6}:)?(?P<host>\S*)
+failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?: [iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

config/filter.d/vsftpd.conf

@@ -8,10 +8,12 @@
 [Definition]
 
 # Option: failregex
-# Notes.: regex to match the password failures messages in the logfile.
+# Notes.: regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching.
 # Values: TEXT
 #
-failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=(?P<host>\S*)
+failregex = vsftpd: \(pam_unix\) authentication failure; .* rhost=<HOST>
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

server/filter.py

@@ -167,13 +167,17 @@ class Filter(JailThread):
 	def setFailRegex(self, value):
 		try:
 			if value.lstrip() == '':
+				self.__failRegex = value
 				self.__failRegexObj = None
 			else:
-				self.__failRegexObj = re.compile(value)
-			self.__failRegex = value
-			logSys.info("Set failregex = %s" % value)
+				# Replace "<HOST>" with default regular expression for host.
+				regex = value.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>\S+)")
+				self.__failRegex = regex
+				self.__failRegexObj = re.compile(regex)
+			logSys.info("Set failregex = %s" % self.__failRegex)
 		except sre_constants.error:
-			logSys.error("Unable to compile regular expression " + value)
+			logSys.error("Unable to compile regular expression " +
+						self.__failRegex)
 	
 	##
 	# Get the regular expression which matches the failure.
@@ -475,6 +479,8 @@ class DNSUtils:
 		try:
 			return socket.gethostbyname_ex(dns)[2]
 		except socket.gaierror:
+			logSys.warn("Unable to find a corresponding IP address for %s"
+						% dns)
 			return list()
 	
 	@staticmethod