date in following log line (from nginx) will be wrong detected:
2012/10/11 02:37:17 [error] 18434#0: *947 user "test" was not found in "/www/...", client: 192.168.1.5, ...
sometimes it is [correct] - 2012/10/11 (%Y/%m/%d) = 1349919861.71
sometimes it is [invalid] - 12/10/11 (%d/%m/%y) = 1349915838.06
and older as now - 1800 seconds (therefore will be not found)
solution: regular expression fixed, cause date in log used always after non symbol (\W) character, so r"\d{2}/\d{2}/\d{2}" will be r"(?<!\w)\d{2}/\d{2}/\d{2}".
* 'master' of git://github.com/fail2ban/fail2ban:
add blocking type
add example jail.conf for blocking through blackhole routes for ssh
add support for blocking through blackhole routes
Merge is done with -X ours -- since I have implemented more generic handling
for config files, including now the ones under .d/ subdirectories.
* github_kwirk_fail2ban/upstream#24:
Fix up for warning/error for inaccessible config files
Warn if config file present but unreadable
Additional changes:
ENH: make basedir for Config's a kwarg to the constructor
ENH: improved analysis/reporting on presence/accessibility of config
files. Got carried away and forgot about existing work done by
Steven Hiscocks in the gh-115 -- will merge it in the next
commit for the fair ack of his work
Now for any X.conf configuration file we have following ways to
provide customizations
X.local -- read after .conf (kept for backward compatibility)
X.d/ -- directory to contain additional .conf files, sorted
alphabetically, e.g
X.d/01_enable.conf - to enable the jail
X.d/02_custom_port.conf - to change the port
X could be a 'jail' or 'fail2ban' or any other configuration file in
fail2ban.
Mention that all files still must contain the corresponding sections
(most of the time duplicating it across all of them).
* github_kwirk_fail2ban/multi-line:
Revert changes to man/fail2ban-client.1
Removed "common.local" include for FilterReader test
Added 'maxlines' option to fail2ban-regex
Regex get(Un)MatchedLines now returns whole lines only
Added FilterReader test
Added multiregex test for multi-line filter
ignoreregex now functions correctly with multiline
Minor typo in server/failregex.py
Added <SKIPLINES> regex applicable for multi-line
Sanitise testcase log 04
Changed multi-line test to provided example
Filter for multi-line now stores last time match
Simplify and change some filter line buffer
Initial changes and test for multi-line filtering
Yaroslav Halchenko