__ _ _ ___ _ / _|__ _(_) |_ ) |__ __ _ _ _ | _/ _` | | |/ /| '_ \/ _` | ' \ |_| \__,_|_|_/___|_.__/\__,_|_||_| ============================================================= ToDo $Revision$ ============================================================= Legend: - not yet done ? maybe # partially done * done - correct handling of threads (join???) - signal handling (ctrl-c, etc) - add a reload option to fail2ban-client - see Feature Request Tracking System at SourceForge.net * findall in dns.py should be no more needed * remove utils/ directory - improve installation process (better prefix support) # improve documentation and website for user * use Doxygen - use PyLint to check the code * better configuration files - add a check to see if the time of the log messages is correctly detected (valid regexp) ? use Gentoo Portage style for scripts. - banning engines script in /etc/fail2ban/scripts.d Example: /etc/fail2ban/scripts.d/iptables Will be mostly bash scripting which is more "user friendly". - split configuration files in /etc/fail2ban/services.d for log files Example: /etc/fail2ban/services.d/apache Mainly regular expressions. - template for common regex in /etc/fail2ban/templates.d Example: /etc/fail2ban/templates.d/date Mainly regular expressions. * remove debug mode (root check) # better return values in function ? use more email.Utils in mail.py ? add gettext support. Is this really needed for a server utility? * send an email when fail2ban is running * add multithreading. Python threading is not really efficient. However, fail2ban could benefit of it. We could use threads like this: - one thread which check for host to unban. - one thread per file to watch. This will allow things like different polling time for each file. is read-only (we only read log files) thus no locks are required. However, is read-write and must take care of concurrency in case of multithreading. - add FAM/Gamin support. Should be quite efficient with threading. Take care that handle_one_event() release the Python lock. # add a test framework. We could use unittest which is in Python since 2.1. It should be possible to run all tests automatically. * add client/server using socket. Something similar to gdesklets. DBUS seems to be designed for desktop use. - fail2ban start -> start the daemon. - fail2ban stop -> stop the daemon. - fail2ban add -> add monitoring with ban method (iptables, hosts.deny, etc). - fail2ban del -> remove monitoring. - fail2ban status -> query current fail2ban status. Should return infos like a ban counter. Could be graph with rrdtool. - fail2ban pause -> suspend monitoring. - fail2ban resume -> resume monitoring. - fail2ban list -> list available services. - fail2ban flush -> flush the ban list. * remove PID file. * remove most of the command lines options if possible. - add the possibility to specify wildcard in log files. Example: logfile = /var/log/apache2/access-*.log Should we start one thread per file or just one thread per serivce? - autodetect date format in log file. Match the most popular format and sort them using the hit ratio. Should avoid user problem with regex and not have a big impact on perfs. - restart automatically the daemon if an exception occurs. - do not close socket after a send - refactoring in server.py, actions.py, filter.py