Upgraded to fresh upstream 0.7.6

CHANGELOG

@@ -4,9 +4,26 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.7.5)                           2006/12/07
+Fail2Ban (version 0.7.6)                           2007/01/04
 =============================================================
 
+ver. 0.7.6 (2007/01/04) - beta
+----------
+- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
+- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
+- Use numeric output for iptables in "actioncheck"
+- Fixed removal of host in hosts.deny. Thanks to René Berber
+- Added new date format (2006-12-21 06:43:20) and Exim4
+  filter. Thanks to mEDI
+- Several "failregex" and "ignoreregex" are now accepted.
+  Creation of rules should be easier now.
+- Added license in COPYING. Thanks to Axel Thimm
+- Allow comma in action options. The value of the option must
+  be escaped with " or '. Thanks to Yaroslav Halchenko
+- Now Fail2ban goes in /usr/share/fail2ban instead of
+  /usr/lib/fail2ban. This is more compliant with FHS. Thanks
+  to Axel Thimm and Yaroslav Halchenko
+
 ver. 0.7.5 (2006/12/07) - beta
 ----------
 - Do not ban a host that is currently banned. Thanks to

PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 1.0
 Name: fail2ban
-Version: 0.7.5
+Version: 0.7.6
 Summary: Ban IPs that make too many password failure
 Home-page: http://fail2ban.sourceforge.net
 Author: Cyril Jaquier

README

@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-Fail2Ban (version 0.7.5)                           2006/12/07
+Fail2Ban (version 0.7.6)                           2007/01/04
 =============================================================
 
 Fail2Ban scans log files like /var/log/pwdfail and bans IP
@@ -28,11 +28,11 @@ Optional:
 
 To install, just do:
 
-> tar xvfj fail2ban-0.7.5.tar.bz2
-> cd fail2ban-0.7.5
+> tar xvfj fail2ban-0.7.6.tar.bz2
+> cd fail2ban-0.7.6
 > python setup.py install
 
-This will install Fail2Ban into /usr/lib/fail2ban. The
+This will install Fail2Ban into /usr/share/fail2ban. The
 executable scripts are placed into /usr/bin.
 
 Gentoo: ebuilds are available on the website.
@@ -72,7 +72,8 @@ Kévin Drapel, Marvin Rouge, Sireyessire, Robert Edeker,
 Tom Pike, Iain Lea, Andrey G. Grozin, Yaroslav Halchenko,
 Jonathan Kamens, Stephen Gildea, Markus Hoffmann, Mark
 Edgington, Patrick Börjesson, kojiro, zugeschmiert, Tyler,
-Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand
+Nick Munger, Christoph Haas, Justin Shore, Joël Bertrand,
+René Berber, mEDI, Axel Thimm
 
 License:
 --------

TODO

@@ -4,7 +4,7 @@
              |_| \__,_|_|_/___|_.__/\__,_|_||_|
 
 =============================================================
-ToDo                                         $Revision: 468 $
+ToDo                                         $Revision: 509 $
 =============================================================
 
 Legend:
@@ -13,6 +13,8 @@ Legend:
 # partially done
 * done
 
+- Improve parsing of the action parameters in jailreader.py
+
 - Better handling of the protocol in transmitter.py
 
 - Add gettext support (I18N)

client/beautifier.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 288 $
+# $Revision: 504 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 288 $"
-__date__ = "$Date: 2006-08-22 23:59:51 +0200 (Tue, 22 Aug 2006) $"
+__version__ = "$Revision: 504 $"
+__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -109,7 +109,18 @@ def beautify(self, response):
 					msg = "These IP addresses/networks are ignored:\n"
 					for ip in response[:-1]:
 						msg = msg + "|- " + ip + "\n"
-					msg = msg + "`- " + response[len(response)-1]				
+					msg = msg + "`- " + response[len(response)-1]
+			elif inC[2] in ("failregex", "addfailregex", "delfailregex",
+							"ignoreregex", "addignoreregex", "delignoreregex"):
+				if len(response) == 0:
+					msg = "No regular expression is defined"
+				else:
+					msg = "The following regular expression are defined:\n"
+					c = 0
+					for ip in response[:-1]:
+						msg = msg + "|- [" + str(c) + "]: " + ip + "\n"
+						c += 1
+					msg = msg + "`- [" + str(c) + "]: " + response[len(response)-1]
 		except Exception:
 			logSys.warn("Beautifier error. Please report the error")
 			logSys.error("Beautify " + `response` + " with " + `self.__inputCmd` +

client/filterreader.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 458 $
+# $Revision: 505 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 458 $"
-__date__ = "$Date: 2006-11-12 15:52:36 +0100 (Sun, 12 Nov 2006) $"
+__version__ = "$Revision: 505 $"
+__date__ = "$Date: 2006-12-24 00:20:16 +0100 (Sun, 24 Dec 2006) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -67,8 +67,14 @@ def convert(self):
 			elif opt == "timepattern":
 				stream.append(["set", self.__name, "timepattern", self.__opts[opt]])
 			elif opt == "failregex":
-				stream.append(["set", self.__name, "failregex", self.__opts[opt]])
+				for regex in self.__opts[opt].split('\n'):
+					# Do not send a command if the rule is empty.
+					if regex != '':
+						stream.append(["set", self.__name, "addfailregex", regex])
 			elif opt == "ignoreregex":
-				stream.append(["set", self.__name, "ignoreregex", self.__opts[opt]])		
+				for regex in self.__opts[opt].split('\n'):
+					# Do not send a command if the rule is empty.
+					if regex != '':
+						stream.append(["set", self.__name, "addignoreregex", regex])		
 		return stream
 

client/jailreader.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 470 $
+# $Revision: 509 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 470 $"
-__date__ = "$Date: 2006-11-18 16:15:58 +0100 (Sat, 18 Nov 2006) $"
+__version__ = "$Revision: 509 $"
+__date__ = "$Date: 2007-01-04 12:58:58 +0100 (Thu, 04 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -112,7 +112,9 @@ def convert(self):
 				stream.append(["set", self.__name, "maxretry", self.__opts[opt]])
 			elif opt == "ignoreip":
 				for ip in self.__opts[opt].split():
-					stream.append(["set", self.__name, "addignoreip", ip])
+					# Do not send a command if the rule is empty.
+					if ip != '':
+						stream.append(["set", self.__name, "addignoreip", ip])
 			elif opt == "findtime":
 				stream.append(["set", self.__name, "findtime", self.__opts[opt]])
 			elif opt == "bantime":
@@ -132,7 +134,31 @@ def splitAction(action):
 		m = JailReader.actionCRE.match(action)
 		d = dict()
 		if not m.group(2) == None:
-			for param in m.group(2).split(','):
+			# Huge bad hack :( This method really sucks. TODO Reimplement it.
+			actions = ""
+			escapeChar = None
+			allowComma = False
+			for c in m.group(2):
+				if c in ('"', "'") and not allowComma:
+					# Start
+					escapeChar = c
+					allowComma = True
+				elif c == escapeChar:
+					# End
+					escapeChar = None
+					allowComma = False
+				else:
+					if c == ',' and allowComma:
+						actions += "<COMMA>"
+					else:
+						actions += c
+
+			# Split using ,
+			actionsSplit = actions.split(',')
+			# Replace the tag <COMMA> with ,
+			actionsSplit = [n.replace("<COMMA>", ',') for n in actionsSplit]
+
+			for param in actionsSplit:
 				p = param.split('=')
 				try:
 					d[p[0].strip()] = p[1].strip()

common/__init__.py

@@ -16,10 +16,10 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 433 $
+# $Revision: 504 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 433 $"
-__date__ = "$Date: 2006-10-24 21:40:51 +0200 (Tue, 24 Oct 2006) $"
+__version__ = "$Revision: 504 $"
+__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"

common/protocol.py

@@ -16,11 +16,11 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 456 $
+# $Revision: 504 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 456 $"
-__date__ = "$Date: 2006-11-12 11:56:40 +0100 (Sun, 12 Nov 2006) $"
+__version__ = "$Revision: 504 $"
+__date__ = "$Date: 2006-12-23 17:37:17 +0100 (Sat, 23 Dec 2006) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -30,28 +30,34 @@
 # Describes the protocol used to communicate with the server.
 
 protocol = [
+['', "Basic", ""],
 ["start", "starts the server and the jails"], 
 ["reload", "reloads the configuration"], 
 ["stop", "stops all jails and terminate the server"], 
 ["status", "gets the current status of the server"], 
 ["ping", "tests if the server is alive"], 
-['', ''], 
+['', "Logging", ""],
 ["set loglevel <LEVEL>", "sets logging level to <LEVEL>. 0 is minimal, 4 is debug"], 
 ["get loglevel", "gets the logging level"], 
 ["set logtarget <TARGET>", "sets logging target to <TARGET>. Can be STDOUT, STDERR, SYSLOG or a file"], 
 ["get logtarget", "gets logging target"], 
-['', ''], 
+['', "Jail control", ""],
 ["add <JAIL> <BACKEND>", "creates <JAIL> using <BACKEND>"], 
-['', ''], 
+["start <JAIL>", "starts the jail <JAIL>"], 
+["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"], 
+["status <JAIL>", "gets the current status of <JAIL>"],
+['', "Jail configuration", ""],
 ["set <JAIL> idle on|off", "sets the idle state of <JAIL>"], 
 ["set <JAIL> addignoreip <IP>", "adds <IP> to the ignore list of <JAIL>"], 
 ["set <JAIL> delignoreip <IP>", "removes <IP> from the ignore list of <JAIL>"], 
 ["set <JAIL> addlogpath <FILE>", "adds <FILE> to the monitoring list of <JAIL>"], 
 ["set <JAIL> dellogpath <FILE>", "removes <FILE> to the monitoring list of <JAIL>"], 
 ["set <JAIL> timeregex <REGEX>", "sets the regular expression <REGEX> to match the date format for <JAIL>. This will disable the autodetection feature."], 
 ["set <JAIL> timepattern <PATTERN>", "sets the pattern <PATTERN> to match the date format for <JAIL>. This will disable the autodetection feature."], 
-["set <JAIL> failregex <REGEX>", "sets the regular expression <REGEX> which must match failures for <JAIL>"], 
-["set <JAIL> ignoreregex <REGEX>", "sets the regular expression <REGEX> which should match pattern to exclude for <JAIL>"], 
+["set <JAIL> addfailregex <REGEX>", "adds the regular expression <REGEX> which must match failures for <JAIL>"], 
+["set <JAIL> delfailregex <INDEX>", "removes the regular expression at <INDEX> for failregex"], 
+["set <JAIL> addignoreregex <REGEX>", "adds the regular expression <REGEX> which should match pattern to exclude for <JAIL>"],
+["set <JAIL> delignoreregex <INDEX>", "removes the regular expression at <INDEX> for ignoreregex"], 
 ["set <JAIL> findtime <TIME>", "sets the number of seconds <TIME> for which the filter will look back for <JAIL>"], 
 ["set <JAIL> bantime <TIME>", "sets the number of seconds <TIME> a host will be banned for <JAIL>"], 
 ["set <JAIL> maxretry <RETRY>", "sets the number of failures <RETRY> before banning the host for <JAIL>"], 
@@ -64,13 +70,13 @@
 ["set <JAIL> actioncheck <ACT> <CMD>", "sets the check command <CMD> of the action <ACT> for <JAIL>"], 
 ["set <JAIL> actionban <ACT> <CMD>", "sets the ban command <CMD> of the action <ACT> for <JAIL>"],
 ["set <JAIL> actionunban <ACT> <CMD>", "sets the unban command <CMD> of the action <ACT> for <JAIL>"], 
-['', ''], 
+['', "Jail information", ""],
 ["get <JAIL> logpath", "gets the list of the monitored files for <JAIL>"],
 ["get <JAIL> ignoreip", "gets the list of ignored IP addresses for <JAIL>"],
 ["get <JAIL> timeregex", "gets the regular expression used for the time detection for <JAIL>"],
 ["get <JAIL> timepattern", "gets the pattern used for the time detection for <JAIL>"],
-["get <JAIL> failregex", "gets the regular expression which matches the failures for <JAIL>"],
-["get <JAIL> ignoreregex", "gets the regular expression which matches patterns to ignore for <JAIL>"],
+["get <JAIL> failregex", "gets the list of regular expressions which matches the failures for <JAIL>"],
+["get <JAIL> ignoreregex", "gets the list of regular expressions which matches patterns to ignore for <JAIL>"],
 ["get <JAIL> findtime", "gets the time for which the filter will look back for failures for <JAIL>"],
 ["get <JAIL> bantime", "gets the time a host is banned for <JAIL>"],
 ["get <JAIL> maxretry", "gets the number of failures allowed for <JAIL>"],
@@ -80,10 +86,6 @@
 ["get <JAIL> actioncheck <ACT>", "gets the check command for the action <ACT> for <JAIL>"],
 ["get <JAIL> actionban <ACT>", "gets the ban command for the action <ACT> for <JAIL>"],
 ["get <JAIL> actionunban <ACT>", "gets the unban command for the action <ACT> for <JAIL>"],
-['', ''], 
-["start <JAIL>", "starts the jail <JAIL>"], 
-["stop <JAIL>", "stops the jail <JAIL>. The jail is removed"], 
-["status <JAIL>", "gets the current status of <JAIL>"]
 ]
 
 ##
@@ -94,14 +96,41 @@ def printFormatted():
 	INDENT=4
 	MARGIN=41
 	WIDTH=34
+	firstHeading = False
 	for m in protocol:
-		if m[0] == '':
+		if m[0] == '' and firstHeading:
 			print
+		firstHeading = True
 		first = True
 		for n in textwrap.wrap(m[1], WIDTH):
 			if first:
-				n = ' ' * INDENT + m[0] + ' ' * (MARGIN - len(m[0])) + n
+				line = ' ' * INDENT + m[0] + ' ' * (MARGIN - len(m[0])) + n
 				first = False
 			else:
-				n = ' ' * (INDENT + MARGIN) + n
-			print n
+				line = ' ' * (INDENT + MARGIN) + n
+			print line
+
+##
+# Prints the protocol in a "mediawiki" format.
+
+def printWiki():
+	firstHeading = False
+	for m in protocol:
+		if m[0] == '':
+			if firstHeading:
+				print "|}"
+			__printWikiHeader(m[1], m[2])
+			firstHeading = True
+		else:
+			print "|-"
+			print "| <span style=\"white-space:nowrap;\"><tt>" + m[0] + "</tt></span> || || " + m[1]
+	print "|}"
+
+def __printWikiHeader(section, desc):
+	print
+	print "=== " + section + " ==="
+	print
+	print desc
+	print
+	print "{|"
+	print "| '''Command''' || || '''Description'''"

common/version.py

@@ -16,12 +16,12 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision: 480 $
+# $Revision: 512 $
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision: 480 $"
-__date__ = "$Date: 2006-12-07 22:47:53 +0100 (Thu, 07 Dec 2006) $"
+__version__ = "$Revision: 512 $"
+__date__ = "$Date: 2007-01-04 13:59:09 +0100 (Thu, 04 Jan 2007) $"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
-version = "0.7.5"
+version = "0.7.6"