* 'database-persistent-bans' of https://github.com/kwirk/fail2ban:
BF: bantime < 0 database should return all bans, as they are persistent
Conflicts:
ChangeLog - kept all ;)
- database_v1.db/bans/jail-name bug fixed - cause of different jail name in jails and bans, in test case (by updateDb): FOREIGN KEY constraint failed:
$ sqlite3 fail2ban/tests/files/database_v1.db
sqlite> select distinct jail from bans;
DummyJail #16244880 with 0 tickets
sqlite> select distinct name from jails;
DummyJail #29162448 with 0 tickets
sqlite> update bans set jail = (select distinct name from jails);
"bantimeextra.enabled" in jail.conf allows to use database for searching of previously banned ip's to increase a default ban time using special formula,
by default, each next ban it will be original banTime * 1, 2, 4, 8, 16, 32...
see "jail.conf" for some other options of "bantimeextra";
additional we can configure a little randomization of ban time, to prevent "clever" botnets calculate exact time IP can be unbanned.
WARNING: by first start the server upgrades sqlite database (table "bans" will recreated with another schema);
Note: recursive check ignored for "matches", as tags would be escaped,
and hence shouldn't match "<%s>" as "<ip>" would become "\<ip\>". This
therefore maintains advantage of delayed call for {ip,jail,}matches.
Fixes gh-713
(a) use static-network-up, since it is more generic than the started networking event
(b) do not hook into network deconfiguration to speed up shutdown
(c) expect fork, per the use of the "-f" option
(d) use a variable for the run directory to make changing it simpler
(e) handle the situation of a left over socket file
(f) use the -f option to be able to track the PID
The reason is that internally it does round, so even 1.005 then would not
be equal to 1. Making it spaces==1 should be sufficient for up to 1.05
i.e. we would allow 50ms "drift"
* origin/master:
Clean up setup.py
ENH: adding pruned with previous merge trailing \s* in nginx filter
nginx-http-auth: match when "referrer" is present
DOC: Update ChangeLog
DOC: Fix jail.conf(5) man page which had duplicate {fail,ignore}regex
Correct grammar
DOC: add thanks for last commit
DOC: nginx-http-auth filter
nginx-http-auth filter: match server_name = ""
ENH: Suppress configuration warnings if non-critical options are not set
Update comments in shorewall.conf for new settings
DOC: Improve error logging when specific backend set and fails
BF: Fix getting jail name from exceptions in beautifier for Python 3+
DOC: sphinx documentation
BF: On jail restart reinstatement of bans, fetch one ticket per IP
Fix 2 more typos that codespell didn't catch
Add documentation link to systemd service file
No longer directly exec the server, do not remove the PID file because it is unnecessary to do so. No longer respawns because Upstart can not track the process with the starter command.
Yaroslav Halchenko