From: Frank Brehm <frank@brehm-online.com>
Date: Mon, 15 Jun 2015 20:25:44 +0000 (+0200)
Subject: Current state
X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=fa06218c1263ec0a22d0a6332f65d68478a84e25;p=config%2Fuhu1%2Fetc.git

Current state
---

diff --git a/.etckeeper b/.etckeeper
index d746477..d875009 100755
--- a/.etckeeper
+++ b/.etckeeper
@@ -121,6 +121,8 @@ maybe chmod 0600 'autofs/autofs_ldap_auth.conf'
 maybe chmod 0755 'bash'
 maybe chmod 0644 'bash/bash_logout'
 maybe chmod 0644 'bash/bashrc'
+maybe chmod 0755 'bash/bashrc.d'
+maybe chmod 0644 'bash/bashrc.d/.keep_app-shells_bash-0'
 maybe chmod 0755 'bash_completion.d'
 maybe chown 'named' 'bind'
 maybe chmod 0755 'bind'
@@ -252,7 +254,9 @@ maybe chmod 0755 'config-archive/etc/bash'
 maybe chmod 0644 'config-archive/etc/bash/bashrc'
 maybe chmod 0644 'config-archive/etc/bash/bashrc.1'
 maybe chmod 0644 'config-archive/etc/bash/bashrc.2'
+maybe chmod 0644 'config-archive/etc/bash/bashrc.3'
 maybe chmod 0644 'config-archive/etc/bash/bashrc.dist'
+maybe chmod 0644 'config-archive/etc/bash/bashrc.dist.new'
 maybe chmod 0755 'config-archive/etc/bind'
 maybe chmod 0640 'config-archive/etc/bind/bind.keys'
 maybe chmod 0640 'config-archive/etc/bind/bind.keys.dist'
@@ -322,6 +326,7 @@ maybe chmod 0644 'config-archive/etc/eselect/postgresql/slots/9.1/server.2'
 maybe chmod 0644 'config-archive/etc/eselect/postgresql/slots/9.1/server.dist'
 maybe chmod 0755 'config-archive/etc/fail2ban'
 maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf'
+maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf.1'
 maybe chmod 0644 'config-archive/etc/fail2ban/fail2ban.conf.dist'
 maybe chmod 0644 'config-archive/etc/hosts'
 maybe chmod 0644 'config-archive/etc/hosts.dist.new'
@@ -705,7 +710,9 @@ maybe chmod 0660 'courier/authlib/authpgsqlrc'
 maybe chown 'mail' 'courier/authlib/authpgsqlrc.dist'
 maybe chgrp 'mail' 'courier/authlib/authpgsqlrc.dist'
 maybe chmod 0660 'courier/authlib/authpgsqlrc.dist'
-maybe chmod 0640 'courier/authlib/authsqliterc'
+maybe chown 'mail' 'courier/authlib/authsqliterc'
+maybe chgrp 'mail' 'courier/authlib/authsqliterc'
+maybe chmod 0660 'courier/authlib/authsqliterc'
 maybe chown 'mail' 'courier/authlib/authsqliterc.dist'
 maybe chgrp 'mail' 'courier/authlib/authsqliterc.dist'
 maybe chmod 0660 'courier/authlib/authsqliterc.dist'
@@ -903,7 +910,9 @@ maybe chmod 0644 'fail2ban/action.d/cloudflare.conf'
 maybe chmod 0644 'fail2ban/action.d/complain.conf'
 maybe chmod 0644 'fail2ban/action.d/dshield.conf'
 maybe chmod 0644 'fail2ban/action.d/dummy.conf'
+maybe chmod 0644 'fail2ban/action.d/firewallcmd-allports.conf'
 maybe chmod 0644 'fail2ban/action.d/firewallcmd-ipset.conf'
+maybe chmod 0644 'fail2ban/action.d/firewallcmd-multiport.conf'
 maybe chmod 0644 'fail2ban/action.d/firewallcmd-new.conf'
 maybe chmod 0644 'fail2ban/action.d/hostsdeny.conf'
 maybe chmod 0644 'fail2ban/action.d/ipfilter.conf'
@@ -923,12 +932,14 @@ maybe chmod 0644 'fail2ban/action.d/mail-whois-lines.conf'
 maybe chmod 0644 'fail2ban/action.d/mail-whois.conf'
 maybe chmod 0644 'fail2ban/action.d/mail.conf'
 maybe chmod 0644 'fail2ban/action.d/mynetwatchman.conf'
+maybe chmod 0644 'fail2ban/action.d/nsupdate.conf'
 maybe chmod 0644 'fail2ban/action.d/osx-afctl.conf'
 maybe chmod 0644 'fail2ban/action.d/osx-ipfw.conf'
 maybe chmod 0644 'fail2ban/action.d/pf.conf'
 maybe chmod 0644 'fail2ban/action.d/route.conf'
 maybe chmod 0644 'fail2ban/action.d/sendmail-buffered.conf'
 maybe chmod 0644 'fail2ban/action.d/sendmail-common.conf'
+maybe chmod 0644 'fail2ban/action.d/sendmail-geoip-lines.conf'
 maybe chmod 0644 'fail2ban/action.d/sendmail-whois-ipjailmatches.conf'
 maybe chmod 0644 'fail2ban/action.d/sendmail-whois-ipmatches.conf'
 maybe chmod 0644 'fail2ban/action.d/sendmail-whois-lines.conf'
@@ -948,6 +959,7 @@ maybe chmod 0644 'fail2ban/filter.d/apache-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/apache-badbots.conf'
 maybe chmod 0644 'fail2ban/filter.d/apache-botsearch.conf'
 maybe chmod 0644 'fail2ban/filter.d/apache-common.conf'
+maybe chmod 0644 'fail2ban/filter.d/apache-fakegooglebot.conf'
 maybe chmod 0644 'fail2ban/filter.d/apache-modsecurity.conf'
 maybe chmod 0644 'fail2ban/filter.d/apache-nohome.conf'
 maybe chmod 0644 'fail2ban/filter.d/apache-noscript.conf'
@@ -955,6 +967,7 @@ maybe chmod 0644 'fail2ban/filter.d/apache-overflows.conf'
 maybe chmod 0644 'fail2ban/filter.d/apache-shellshock.conf'
 maybe chmod 0644 'fail2ban/filter.d/assp.conf'
 maybe chmod 0644 'fail2ban/filter.d/asterisk.conf'
+maybe chmod 0644 'fail2ban/filter.d/botsearch-common.conf'
 maybe chmod 0644 'fail2ban/filter.d/common.conf'
 maybe chmod 0644 'fail2ban/filter.d/counter-strike.conf'
 maybe chmod 0644 'fail2ban/filter.d/courier-auth.conf'
@@ -963,6 +976,7 @@ maybe chmod 0644 'fail2ban/filter.d/cyrus-imap.conf'
 maybe chmod 0644 'fail2ban/filter.d/directadmin.conf'
 maybe chmod 0644 'fail2ban/filter.d/dovecot.conf'
 maybe chmod 0644 'fail2ban/filter.d/dropbear.conf'
+maybe chmod 0644 'fail2ban/filter.d/drupal-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/ejabberd-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/exim-common.conf'
 maybe chmod 0644 'fail2ban/filter.d/exim-spam.conf'
@@ -972,12 +986,15 @@ maybe chmod 0644 'fail2ban/filter.d/groupoffice.conf'
 maybe chmod 0644 'fail2ban/filter.d/gssftpd.conf'
 maybe chmod 0644 'fail2ban/filter.d/guacamole.conf'
 maybe chmod 0644 'fail2ban/filter.d/horde.conf'
+maybe chmod 0755 'fail2ban/filter.d/ignorecommands'
+maybe chmod 0755 'fail2ban/filter.d/ignorecommands/apache-fakegooglebot'
 maybe chmod 0644 'fail2ban/filter.d/kerio.conf'
 maybe chmod 0644 'fail2ban/filter.d/lighttpd-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/monit.conf'
 maybe chmod 0644 'fail2ban/filter.d/mysqld-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/nagios.conf'
 maybe chmod 0644 'fail2ban/filter.d/named-refused.conf'
+maybe chmod 0644 'fail2ban/filter.d/nginx-botsearch.conf'
 maybe chmod 0644 'fail2ban/filter.d/nginx-http-auth.conf'
 maybe chmod 0644 'fail2ban/filter.d/nsd.conf'
 maybe chmod 0644 'fail2ban/filter.d/openwebmail.conf'
@@ -986,6 +1003,7 @@ maybe chmod 0644 'fail2ban/filter.d/pam-generic.conf'
 maybe chmod 0644 'fail2ban/filter.d/perdition.conf'
 maybe chmod 0644 'fail2ban/filter.d/php-url-fopen.conf'
 maybe chmod 0644 'fail2ban/filter.d/portsentry.conf'
+maybe chmod 0644 'fail2ban/filter.d/postfix-rbl.conf'
 maybe chmod 0644 'fail2ban/filter.d/postfix-sasl.conf'
 maybe chmod 0644 'fail2ban/filter.d/postfix.conf'
 maybe chmod 0644 'fail2ban/filter.d/proftpd.conf'
diff --git a/bash/bashrc b/bash/bashrc
index 71fa4c5..d2dc7b7 100644
--- a/bash/bashrc
+++ b/bash/bashrc
@@ -21,15 +21,23 @@ fi
 shopt -s checkwinsize
 
 # Enable history appending instead of overwriting.  #139609
+# Disable completion when the input buffer is empty.  i.e. Hitting tab
+# and waiting a long time for bash to expand all of $PATH.
+shopt -s no_empty_cmd_completion
+
+# Enable history appending instead of overwriting when exiting.  #139609
 shopt -s histappend
 
 # Change the window title of X terminals 
 case ${TERM} in
 	xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
-		PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
+		PROMPT_COMMAND='history -a; echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
 		;;
 	screen*)
-		PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+		PROMPT_COMMAND='history -a; echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+		;;
+	*)
+		PROMPT_COMMAND='history -a'
 		;;
 esac
 
@@ -80,8 +88,12 @@ else
 	fi
 fi
 
+for sh in /etc/bash/bashrc.d/* ; do
+	[[ -r ${sh} ]] && source "${sh}"
+done
+
 # Try to keep environment pollution down, EPA loves us.
-unset use_color safe_term match_lhs
+unset use_color safe_term match_lhs sh
 
 if [ -d /usr/scripts ] ; then
   PATH=/usr/scripts:$PATH
diff --git a/bash/bashrc.d/.keep_app-shells_bash-0 b/bash/bashrc.d/.keep_app-shells_bash-0
new file mode 100644
index 0000000..e69de29
diff --git a/config-archive/etc/bash/bashrc b/config-archive/etc/bash/bashrc
index c5f19a6..71fa4c5 100644
--- a/config-archive/etc/bash/bashrc
+++ b/config-archive/etc/bash/bashrc
@@ -25,7 +25,7 @@ shopt -s histappend
 
 # Change the window title of X terminals 
 case ${TERM} in
-	xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix)
+	xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
 		PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
 		;;
 	screen*)
diff --git a/config-archive/etc/bash/bashrc.1 b/config-archive/etc/bash/bashrc.1
index b0904ff..c5f19a6 100644
--- a/config-archive/etc/bash/bashrc.1
+++ b/config-archive/etc/bash/bashrc.1
@@ -25,10 +25,10 @@ shopt -s histappend
 
 # Change the window title of X terminals 
 case ${TERM} in
-	xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix)
+	xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix)
 		PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
 		;;
-	screen)
+	screen*)
 		PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
 		;;
 esac
@@ -69,6 +69,8 @@ if ${use_color} ; then
 
 	alias ls='ls --color=auto'
 	alias grep='grep --colour=auto'
+	alias egrep='egrep --colour=auto'
+	alias fgrep='fgrep --colour=auto'
 else
 	if [[ ${EUID} == 0 ]] ; then
 		# show root@ when we don't have colors
diff --git a/config-archive/etc/bash/bashrc.2 b/config-archive/etc/bash/bashrc.2
index cb99ed9..b0904ff 100644
--- a/config-archive/etc/bash/bashrc.2
+++ b/config-archive/etc/bash/bashrc.2
@@ -91,9 +91,21 @@ if [ -d $HOME/bin ] ; then
   export PATH
 fi
 
-if [ -d $HOME/lib ] ; then
-  PERL5LIB=$HOME/lib
-  export PERL5LIB
+if [ -d "$HOME/lib" ] ; then
+    if [ -d "$HOME/lib/perl" ] ; then
+        if [ -z "${PERL5LIB}" ] ; then
+            export PERL5LIB="$HOME/lib/perl"
+        else
+            export PERL5LIB="$HOME/lib/perl:${PERL5LIB}"
+        fi
+    fi
+    if [ -d "$HOME/lib/python" ] ; then
+        if [ -z "${PYTHONPATH}" ] ; then
+            export PYTHONPATH="$HOME/lib/python"
+        else
+            export PYTHONPATH="$HOME/lib/python:${PYTHONPATH}"
+        fi
+    fi
 fi
 
 #if [[ ${EUID} == 0 ]] ; then
@@ -139,8 +151,7 @@ if [ -f /usr/share/mc/mc.gentoo ]; then
     . /usr/share/mc/mc.gentoo
 fi
 
-if [ -f /etc/profile.d/bash-completion ]; then
-    . /etc/profile.d/bash-completion
+if [ -e /etc/bash_completion.d/git ] ; then
     if [[ ${EUID} == 0 ]] ; then
         PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]'
     else
diff --git a/config-archive/etc/bash/bashrc.3 b/config-archive/etc/bash/bashrc.3
new file mode 100644
index 0000000..cb99ed9
--- /dev/null
+++ b/config-archive/etc/bash/bashrc.3
@@ -0,0 +1,152 @@
+# /etc/bash/bashrc
+#
+# This file is sourced by all *interactive* bash shells on startup,
+# including some apparently interactive shells such as scp and rcp
+# that can't tolerate any output.  So make sure this doesn't display
+# anything or bad things will happen !
+
+
+# Test for an interactive shell.  There is no need to set anything
+# past this point for scp and rcp, and it's important to refrain from
+# outputting anything in those cases.
+if [[ $- != *i* ]] ; then
+	# Shell is non-interactive.  Be done now!
+	return
+fi
+
+# Bash won't get SIGWINCH if another process is in the foreground.
+# Enable checkwinsize so that bash will check the terminal size when
+# it regains control.  #65623
+# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11)
+shopt -s checkwinsize
+
+# Enable history appending instead of overwriting.  #139609
+shopt -s histappend
+
+# Change the window title of X terminals 
+case ${TERM} in
+	xterm*|rxvt*|Eterm|aterm|kterm|gnome*|interix)
+		PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\007"'
+		;;
+	screen)
+		PROMPT_COMMAND='echo -ne "\033_${USER}@${HOSTNAME%%.*}:${PWD/#$HOME/~}\033\\"'
+		;;
+esac
+
+use_color=false
+
+# Set colorful PS1 only on colorful terminals.
+# dircolors --print-database uses its own built-in database
+# instead of using /etc/DIR_COLORS.  Try to use the external file
+# first to take advantage of user additions.  Use internal bash
+# globbing instead of external grep binary.
+safe_term=${TERM//[^[:alnum:]]/?}   # sanitize TERM
+match_lhs=""
+[[ -f ~/.dir_colors   ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
+[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
+[[ -z ${match_lhs}    ]] \
+	&& type -P dircolors >/dev/null \
+	&& match_lhs=$(dircolors --print-database)
+[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
+
+if ${use_color} ; then
+	# Enable colors for ls, etc.  Prefer ~/.dir_colors #64489
+	if type -P dircolors >/dev/null ; then
+		if [[ -f ~/.dir_colors ]] ; then
+			eval $(dircolors -b ~/.dir_colors)
+		elif [[ -f /etc/DIR_COLORS ]] ; then
+			eval $(dircolors -b /etc/DIR_COLORS)
+		fi
+	fi
+
+	if [[ ${EUID} == 0 ]] ; then
+		#PS1='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
+		PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w \$ \[\033[00m\]'
+	else
+		#PS1='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
+		PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w > \[\033[00m\]'
+	fi
+
+	alias ls='ls --color=auto'
+	alias grep='grep --colour=auto'
+else
+	if [[ ${EUID} == 0 ]] ; then
+		# show root@ when we don't have colors
+		PS1='\u@\h \W \$ '
+	else
+		PS1='\u@\h \w \$ '
+	fi
+fi
+
+# Try to keep environment pollution down, EPA loves us.
+unset use_color safe_term match_lhs
+
+if [ -d /usr/scripts ] ; then
+  PATH=/usr/scripts:$PATH
+  export PATH
+fi
+
+if [ -d $HOME/bin ] ; then
+  PATH=$PATH:$HOME/bin
+  export PATH
+fi
+
+if [ -d $HOME/lib ] ; then
+  PERL5LIB=$HOME/lib
+  export PERL5LIB
+fi
+
+#if [[ ${EUID} == 0 ]] ; then
+#  alias ll="ls -lA"
+#else
+#  alias ll="ls -l"
+#fi
+alias l="ls -l"
+alias ll="ls -lA"
+alias la="ls -la"
+alias md=mkdir
+alias rd=rmdir
+alias ..='cd ..'
+alias ...='cd ../..'
+alias cd..='cd ..'
+alias cd...='cd ../..'
+alias pl="ps -fu $(whoami)"
+
+lcd() {
+    cd $( perl -e '
+use strict;
+use Cwd;
+my $new = shift;
+my $cwd = Cwd::abs_path(getcwd());
+my $newa = $cwd;
+if ($new){
+    $newa = Cwd::abs_path($new);
+    $newa = $cwd unless $newa;
+};
+printf("%s\n", $newa);
+' $1 )
+}
+
+export LESS="-R -M -I --shift 5"
+export LESSCHARSET="utf-8"
+
+HISTCONTROL=ignoreboth
+HISTSIZE=50000
+HISTFILESIZE=50000
+HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S '
+
+if [ -f /usr/share/mc/mc.gentoo ]; then
+    . /usr/share/mc/mc.gentoo
+fi
+
+if [ -f /etc/profile.d/bash-completion ]; then
+    . /etc/profile.d/bash-completion
+    if [[ ${EUID} == 0 ]] ; then
+        PS1='$? \[\033[01;31m\]\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] \$ \[\033[00m\]'
+    else
+        PS1='$? \[\033[01;32m\]\u@\h\[\033[01;30m\]:\[\033[01;34m\]\w\[\033[01;31m\]$(__git_ps1)\[\033[01;34m\] > \[\033[00m\]'
+    fi
+fi
+
+
+# vim: ts=4 expandtab
diff --git a/config-archive/etc/bash/bashrc.dist.new b/config-archive/etc/bash/bashrc.dist.new
new file mode 100644
index 0000000..7006bf9
--- /dev/null
+++ b/config-archive/etc/bash/bashrc.dist.new
@@ -0,0 +1,102 @@
+# /etc/bash/bashrc
+#
+# This file is sourced by all *interactive* bash shells on startup,
+# including some apparently interactive shells such as scp and rcp
+# that can't tolerate any output.  So make sure this doesn't display
+# anything or bad things will happen !
+
+
+# Test for an interactive shell.  There is no need to set anything
+# past this point for scp and rcp, and it's important to refrain from
+# outputting anything in those cases.
+if [[ $- != *i* ]] ; then
+	# Shell is non-interactive.  Be done now!
+	return
+fi
+
+# Bash won't get SIGWINCH if another process is in the foreground.
+# Enable checkwinsize so that bash will check the terminal size when
+# it regains control.  #65623
+# http://cnswww.cns.cwru.edu/~chet/bash/FAQ (E11)
+shopt -s checkwinsize
+
+# Disable completion when the input buffer is empty.  i.e. Hitting tab
+# and waiting a long time for bash to expand all of $PATH.
+shopt -s no_empty_cmd_completion
+
+# Enable history appending instead of overwriting when exiting.  #139609
+shopt -s histappend
+
+# Save each command to the history file as it's executed.  #517342
+# This does mean sessions get interleaved when reading later on, but this
+# way the history is always up to date.  History is not synced across live
+# sessions though; that is what `history -n` does.
+# Disabled by default due to concerns related to system recovery when $HOME
+# is under duress, or lives somewhere flaky (like NFS).  Constantly syncing
+# the history will halt the shell prompt until it's finished.
+#PROMPT_COMMAND='history -a'
+
+# Change the window title of X terminals 
+case ${TERM} in
+	xterm*|rxvt*|Eterm*|aterm|kterm|gnome*|interix|konsole*)
+		PS1='\[\033]0;\u@\h:\w\007\]'
+		;;
+	screen*)
+		PS1='\[\033k\u@\h:\w\033\\\]'
+		;;
+	*)
+		unset PS1
+		;;
+esac
+
+use_color=false
+
+# Set colorful PS1 only on colorful terminals.
+# dircolors --print-database uses its own built-in database
+# instead of using /etc/DIR_COLORS.  Try to use the external file
+# first to take advantage of user additions.  Use internal bash
+# globbing instead of external grep binary.
+safe_term=${TERM//[^[:alnum:]]/?}   # sanitize TERM
+match_lhs=""
+[[ -f ~/.dir_colors   ]] && match_lhs="${match_lhs}$(<~/.dir_colors)"
+[[ -f /etc/DIR_COLORS ]] && match_lhs="${match_lhs}$(</etc/DIR_COLORS)"
+[[ -z ${match_lhs}    ]] \
+	&& type -P dircolors >/dev/null \
+	&& match_lhs=$(dircolors --print-database)
+[[ $'\n'${match_lhs} == *$'\n'"TERM "${safe_term}* ]] && use_color=true
+
+if ${use_color} ; then
+	# Enable colors for ls, etc.  Prefer ~/.dir_colors #64489
+	if type -P dircolors >/dev/null ; then
+		if [[ -f ~/.dir_colors ]] ; then
+			eval $(dircolors -b ~/.dir_colors)
+		elif [[ -f /etc/DIR_COLORS ]] ; then
+			eval $(dircolors -b /etc/DIR_COLORS)
+		fi
+	fi
+
+	if [[ ${EUID} == 0 ]] ; then
+		PS1+='\[\033[01;31m\]\h\[\033[01;34m\] \W \$\[\033[00m\] '
+	else
+		PS1+='\[\033[01;32m\]\u@\h\[\033[01;34m\] \w \$\[\033[00m\] '
+	fi
+
+	alias ls='ls --color=auto'
+	alias grep='grep --colour=auto'
+	alias egrep='egrep --colour=auto'
+	alias fgrep='fgrep --colour=auto'
+else
+	if [[ ${EUID} == 0 ]] ; then
+		# show root@ when we don't have colors
+		PS1+='\u@\h \W \$ '
+	else
+		PS1+='\u@\h \w \$ '
+	fi
+fi
+
+for sh in /etc/bash/bashrc.d/* ; do
+	[[ -r ${sh} ]] && source "${sh}"
+done
+
+# Try to keep environment pollution down, EPA loves us.
+unset use_color safe_term match_lhs sh
diff --git a/config-archive/etc/fail2ban/fail2ban.conf b/config-archive/etc/fail2ban/fail2ban.conf
index f43afad..550b404 100644
--- a/config-archive/etc/fail2ban/fail2ban.conf
+++ b/config-archive/etc/fail2ban/fail2ban.conf
@@ -6,20 +6,22 @@
 #           file, but provide customizations in fail2ban.local file, e.g.:
 #
 # [Definition]
-# loglevel = 4
+# loglevel = DEBUG
 #
 
 [Definition]
 
 # Option: loglevel
 # Notes.: Set the log level output.
-#         1 = ERROR
-#         2 = WARN
-#         3 = INFO
-#         4 = DEBUG
-# Values: [ NUM ]  Default: 1
+#         CRITICAL
+#         ERROR
+#         WARNING
+#         NOTICE
+#         INFO
+#         DEBUG
+# Values: [ LEVEL ]  Default: ERROR
 #
-loglevel = 3
+loglevel = INFO
 
 # Option: logtarget
 # Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
@@ -47,4 +49,17 @@ socket = /run/fail2ban/fail2ban.sock
 #
 pidfile = /run/fail2ban/fail2ban.pid
 
+# Options: dbfile
+# Notes.: Set the file for the fail2ban persistent data to be stored.
+#         A value of ":memory:" means database is only stored in memory 
+#         and data is lost when fail2ban is stopped.
+#         A value of "None" disables the database.
+# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
+dbfile = /var/lib/fail2ban/fail2ban.sqlite3
+
+# Options: dbpurgeage
+# Notes.: Sets age at which bans should be purged from the database
+# Values: [ SECONDS ] Default: 86400 (24hours)
+dbpurgeage = 86400
+
 # vim: filetype=dosini
diff --git a/config-archive/etc/fail2ban/fail2ban.conf.1 b/config-archive/etc/fail2ban/fail2ban.conf.1
new file mode 100644
index 0000000..f43afad
--- /dev/null
+++ b/config-archive/etc/fail2ban/fail2ban.conf.1
@@ -0,0 +1,50 @@
+# Fail2Ban main configuration file
+#
+# Comments: use '#' for comment lines and ';' (following a space) for inline comments
+#
+# Changes:  in most of the cases you should not modify this
+#           file, but provide customizations in fail2ban.local file, e.g.:
+#
+# [Definition]
+# loglevel = 4
+#
+
+[Definition]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+#         1 = ERROR
+#         2 = WARN
+#         3 = INFO
+#         4 = DEBUG
+# Values: [ NUM ]  Default: 1
+#
+loglevel = 3
+
+# Option: logtarget
+# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
+#         Only one log target can be specified.
+#         If you change logtarget from the default value and you are
+#         using logrotate -- also adjust or disable rotation in the
+#         corresponding configuration file
+#         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+# Values: [ STDOUT | STDERR | SYSLOG | FILE ]  Default: STDERR
+#
+logtarget = /var/log/fail2ban.log
+
+# Option: socket
+# Notes.: Set the socket file. This is used to communicate with the daemon. Do
+#         not remove this file when Fail2ban runs. It will not be possible to
+#         communicate with the server afterwards.
+# Values: [ FILE ]  Default: /run/fail2ban/fail2ban.sock
+#
+socket = /run/fail2ban/fail2ban.sock
+
+# Option: pidfile
+# Notes.: Set the PID file. This is used to store the process ID of the
+#         fail2ban server.
+# Values: [ FILE ]  Default: /run/fail2ban/fail2ban.pid
+#
+pidfile = /run/fail2ban/fail2ban.pid
+
+# vim: filetype=dosini
diff --git a/config-archive/etc/fail2ban/fail2ban.conf.dist b/config-archive/etc/fail2ban/fail2ban.conf.dist
index 2ad9fe7..b721a72 100644
--- a/config-archive/etc/fail2ban/fail2ban.conf.dist
+++ b/config-archive/etc/fail2ban/fail2ban.conf.dist
@@ -34,6 +34,12 @@ loglevel = INFO
 #
 logtarget = /var/log/fail2ban.log
 
+# Option: syslogsocket
+# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
+#        auto uses platform.system() to determine predefined paths
+# Values: [ auto | FILE ]  Default: auto
+syslogsocket = auto
+
 # Option: socket
 # Notes.: Set the socket file. This is used to communicate with the daemon. Do
 #         not remove this file when Fail2ban runs. It will not be possible to
diff --git a/courier/authlib/authdaemonrc b/courier/authlib/authdaemonrc
index 4b758be..5bd2a35 100644
--- a/courier/authlib/authdaemonrc
+++ b/courier/authlib/authdaemonrc
@@ -1,4 +1,4 @@
-##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $
+##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$
 #
 # Copyright 2000-2005 Double Precision, Inc.  See COPYING for
 # distribution information.
diff --git a/courier/authlib/authdaemonrc.dist b/courier/authlib/authdaemonrc.dist
index 4645640..abdebbd 100644
--- a/courier/authlib/authdaemonrc.dist
+++ b/courier/authlib/authdaemonrc.dist
@@ -1,4 +1,4 @@
-##VERSION: $Id: authdaemonrc.in 239 2012-10-06 23:51:19Z mrsam $
+##VERSION: $Id: 2013-08-20 21:38:40 -0400 0404e6724c4edec3859842fb06d86c3ad52e8cc2$
 #
 # Copyright 2000-2005 Double Precision, Inc.  See COPYING for
 # distribution information.
diff --git a/courier/authlib/authldaprc b/courier/authlib/authldaprc
index 6ff1d1b..812c6f9 100644
--- a/courier/authlib/authldaprc
+++ b/courier/authlib/authldaprc
@@ -1,4 +1,4 @@
-##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $
+##VERSION: $Id: authldaprc 265 2013-02-25 03:49:33Z mrsam $
 #
 # Copyright 2000-2004 Double Precision, Inc.  See COPYING for
 # distribution information.
@@ -67,6 +67,15 @@ LDAP_TIMEOUT		5
 #
 # LDAP_AUTHBIND		1
 
+##NAME: LDAP_INITBIND:1
+#
+# Define this to do an initial bind to the adminstrator DN set in LDAP_BINDDN. 
+# If your LDAP server allows access without a bind, or you want to authenticate
+# using a rebind (and have set LDAP_AUTHBIND to 1, you can set this to 0 and
+# need not write the LDAP-Admin passwort into this file.
+# 
+LDAP_INITBIND		1
+
 ##NAME: LDAP_MAIL:0
 #
 # Here's the field on which we query
diff --git a/courier/authlib/authldaprc.dist b/courier/authlib/authldaprc.dist
index 6ff1d1b..812c6f9 100644
--- a/courier/authlib/authldaprc.dist
+++ b/courier/authlib/authldaprc.dist
@@ -1,4 +1,4 @@
-##VERSION: $Id: authldaprc 17 2011-04-04 02:07:37Z mrsam $
+##VERSION: $Id: authldaprc 265 2013-02-25 03:49:33Z mrsam $
 #
 # Copyright 2000-2004 Double Precision, Inc.  See COPYING for
 # distribution information.
@@ -67,6 +67,15 @@ LDAP_TIMEOUT		5
 #
 # LDAP_AUTHBIND		1
 
+##NAME: LDAP_INITBIND:1
+#
+# Define this to do an initial bind to the adminstrator DN set in LDAP_BINDDN. 
+# If your LDAP server allows access without a bind, or you want to authenticate
+# using a rebind (and have set LDAP_AUTHBIND to 1, you can set this to 0 and
+# need not write the LDAP-Admin passwort into this file.
+# 
+LDAP_INITBIND		1
+
 ##NAME: LDAP_MAIL:0
 #
 # Here's the field on which we query
diff --git a/eselect/postgresql/slots/9.4/base b/eselect/postgresql/slots/9.4/base
index 50337b4..ae9c580 100644
--- a/eselect/postgresql/slots/9.4/base
+++ b/eselect/postgresql/slots/9.4/base
@@ -1 +1 @@
-postgres_ebuilds="${postgres_ebuilds} postgresql-9.4.1"
+postgres_ebuilds="${postgres_ebuilds} postgresql-9.4.2"
diff --git a/fail2ban/action.d/badips.py b/fail2ban/action.d/badips.py
index 250b1dc..c2a239f 100644
--- a/fail2ban/action.d/badips.py
+++ b/fail2ban/action.d/badips.py
@@ -111,6 +111,8 @@ class BadIPsAction(ActionBase):
 		------
 		HTTPError
 			Any issues with badips.com request.
+		ValueError
+			If badips.com response didn't contain necessary information
 		"""
 		try:
 			response = urlopen(
@@ -122,7 +124,13 @@ class BadIPsAction(ActionBase):
 				messages['err'])
 			raise
 		else:
-			categories = json.loads(response.read().decode('utf-8'))['categories']
+			response_json = json.loads(response.read().decode('utf-8'))
+			if not 'categories' in response_json:
+				err = "badips.com response lacked categories specification. Response was: %s" \
+				  % (response_json,)
+				self._logSys.error(err)
+				raise ValueError(err)
+			categories = response_json['categories']
 			categories_names = set(
 				value['Name'] for value in categories)
 			if incParents:
diff --git a/fail2ban/action.d/bsd-ipfw.conf b/fail2ban/action.d/bsd-ipfw.conf
index 475d247..d7e5e1b 100644
--- a/fail2ban/action.d/bsd-ipfw.conf
+++ b/fail2ban/action.d/bsd-ipfw.conf
@@ -38,7 +38,7 @@ actioncheck =
 # Values:  CMD
 #
 # requires an ipfw rule like "deny ip from table(1) to me"
-actionban = ipfw table <table> add <ip>
+actionban = e=`ipfw table <table> add <ip> 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XADD): File exists' ] || { echo "$e" 1>&2; exit $x; }
 
 
 # Option:  actionunban
@@ -47,7 +47,7 @@ actionban = ipfw table <table> add <ip>
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = ipfw table <table> delete <ip>
+actionunban = e=`ipfw table <table> delete <ip> 2>&1`; x=$?; [ $x -eq 0 -o "$e" = 'ipfw: setsockopt(IP_FW_TABLE_XDEL): No such process' ] || { echo "$e" 1>&2; exit $x; }
 
 [Init]
 # Option:  table
diff --git a/fail2ban/action.d/firewallcmd-allports.conf b/fail2ban/action.d/firewallcmd-allports.conf
new file mode 100644
index 0000000..ec52bab
--- /dev/null
+++ b/fail2ban/action.d/firewallcmd-allports.conf
@@ -0,0 +1,53 @@
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt 
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
+              firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -j f2b-<name>
+             firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
+             firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
+
+
+# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-recidive$'
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+chain = INPUT_direct
+
+# DEV NOTES:
+#
+# Author: Donald Yandt 
+# Uses "FirewallD" instead of the "iptables daemon".
+#
+#
+# Output:
+
+# actionstart:
+# $ firewall-cmd --direct --add-chain ipv4 filter f2b-recidive
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter f2b-recidive 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-recidive
+# success
+
diff --git a/fail2ban/action.d/firewallcmd-multiport.conf b/fail2ban/action.d/firewallcmd-multiport.conf
new file mode 100644
index 0000000..4d806e6
--- /dev/null
+++ b/fail2ban/action.d/firewallcmd-multiport.conf
@@ -0,0 +1,63 @@
+# Fail2Ban configuration file
+#
+# Author: Donald Yandt 
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
+              firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
+             firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
+
+# Example actioncheck: firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+name = default
+
+chain = INPUT_direct
+
+# Could also use port numbers separated by a comma. 
+port = 1:65535
+
+
+# Option:  protocol
+# Values:  [ tcp | udp | icmp | all ]
+
+protocol = tcp
+
+
+
+# DEV NOTES:
+#
+# Author: Donald Yandt 
+# Uses "FirewallD" instead of the "iptables daemon".
+#
+#
+# Output:
+# actionstart:
+# $ firewall-cmd --direct --add-chain ipv4 filter f2b-apache-modsecurity
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter f2b-apache-modsecurity 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 80,443 -j f2b-apache-modsecurity
+# success
+# actioncheck:
+# $ firewall-cmd --direct --get-chains ipv4 filter f2b-apache-modsecurity | sed -e 's, ,\n,g' | grep -q '^f2b-apache-modsecurity$'
+# f2b-apache-modsecurity
+
diff --git a/fail2ban/action.d/firewallcmd-new.conf b/fail2ban/action.d/firewallcmd-new.conf
index 9754e3f..ac72a68 100644
--- a/fail2ban/action.d/firewallcmd-new.conf
+++ b/fail2ban/action.d/firewallcmd-new.conf
@@ -10,9 +10,9 @@ before = iptables-common.conf
 
 actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
               firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
-              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
 
-actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> -m multiport --dports <port> -j f2b-<name>
              firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
              firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
 
@@ -43,7 +43,7 @@ chain = INPUT_direct
 # success
 # $ firewall-cmd --direct --add-rule ipv4 filter fail2ban-name 1000 -j RETURN
 # success
-# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp --dport 22 -j fail2ban-name
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp -m multiport --dports 22 -j fail2ban-name
 # success
 # $ firewall-cmd --direct --get-chains ipv4 filter
 # fail2ban-name
diff --git a/fail2ban/action.d/mail-whois-lines.conf b/fail2ban/action.d/mail-whois-lines.conf
index aa7d095..5f760ac 100644
--- a/fail2ban/action.d/mail-whois-lines.conf
+++ b/fail2ban/action.d/mail-whois-lines.conf
@@ -42,7 +42,7 @@ actionban = printf %%b "Hi,\n
             Here is more information about <ip>:\n
             `whois <ip> || echo missing whois program`\n\n
             Lines containing IP:<ip> in <logpath>\n
-            `grep '[^0-9]<ip>[^0-9]' <logpath>`\n\n
+            `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
             Regards,\n
             Fail2Ban"|mail -s "[Fail2Ban] <name>: banned <ip> from  `uname -n`" <dest>
 
diff --git a/fail2ban/action.d/nsupdate.conf b/fail2ban/action.d/nsupdate.conf
new file mode 100644
index 0000000..7886825
--- /dev/null
+++ b/fail2ban/action.d/nsupdate.conf
@@ -0,0 +1,114 @@
+# Fail2Ban configuration file
+#
+# Author: Andrew St. Jean
+#
+# Use nsupdate to perform dynamic DNS updates on a BIND zone file.
+# One may want to do this to update a local RBL with banned IP addresses.
+#
+# Options
+#
+# domain	DNS domain that will appear in nsupdate add and delete
+#		commands.
+#
+# ttl		The time to live (TTL) in seconds of the TXT resource
+#		record.
+#
+# rdata		Data portion of the TXT resource record.
+#
+# nsupdatecmd	Full path to the nsupdate command.
+#
+# keyfile	Full path to TSIG key file used for authentication between
+#		nsupdate and BIND.
+#
+# Create an nsupdate.local to set at least the <domain> and <keyfile>
+# options as they don't have default values.
+#
+# The ban and unban commands assume nsupdate will authenticate to the BIND
+# server using a TSIG key. The full path to the key file must be specified
+# in the <keyfile> parameter. Use this command to generate your TSIG key.
+#
+# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST <key_name>
+#
+# Replace <key_name> with some meaningful name.
+#
+# This command will generate two files. Specify the .private file in the
+# <keyfile> option. Note that the .key file must also be present in the same
+# directory for nsupdate to use the key.
+#
+# Don't forget to add the key and appropriate allow-update or update-policy
+# option to your named.conf file.
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = echo <ip> | awk -F. '{print "prereq nxrrset "$4"."$3"."$2"."$1".<domain> TXT"; print "update add "$4"."$3"."$2"."$1".<domain> <ttl> IN TXT \"<rdata>\""; print "send"}' | <nsupdatecmd> -k <keyfile>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = echo <ip> | awk -F. '{print "update delete "$4"."$3"."$2"."$1".<domain>"; print "send"}' | <nsupdatecmd> -k <keyfile>
+
+[Init]
+
+# Option:  domain
+# Notes.:  DNS domain that nsupdate will update.
+# Values:  STRING
+#
+domain = 
+
+# Option:  ttl
+# Notes.:  time to live (TTL) in seconds of TXT resource record
+#          added by nsupdate.
+# Values:  NUM
+#
+ttl = 60
+
+# Option:  rdata
+# Notes.:  data portion of the TXT resource record added by nsupdate.
+# Values:  STRING
+#
+rdata = Your IP has been banned
+
+# Option:  nsupdatecmd
+# Notes.:  specifies the full path to the nsupdate program that dynamically
+#          updates BIND zone files.
+# Values:  CMD
+#
+nsupdatecmd = /usr/bin/nsupdate
+
+# Option:  keyfile
+# Notes.:  specifies the full path to the file containing the
+#	   TSIG key for communicating with BIND.
+# Values:  STRING
+#
+keyfile = 
+
diff --git a/fail2ban/action.d/sendmail-common.conf b/fail2ban/action.d/sendmail-common.conf
index 26dcb4c..af0212b 100644
--- a/fail2ban/action.d/sendmail-common.conf
+++ b/fail2ban/action.d/sendmail-common.conf
@@ -15,7 +15,7 @@ after = sendmail-common.local
 # Values:  CMD
 #
 actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on `uname -n`
-              Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+              Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
               From: <sendername> <<sender>>
               To: <dest>\n
               Hi,\n
@@ -28,7 +28,7 @@ actionstart = printf %%b "Subject: [Fail2Ban] <name>: started on `uname -n`
 # Values:  CMD
 #
 actionstop = printf %%b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
-             Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+             Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
              From: <sendername> <<sender>>
              To: <dest>\n
              Hi,\n
diff --git a/fail2ban/action.d/sendmail-geoip-lines.conf b/fail2ban/action.d/sendmail-geoip-lines.conf
new file mode 100644
index 0000000..4225a3e
--- /dev/null
+++ b/fail2ban/action.d/sendmail-geoip-lines.conf
@@ -0,0 +1,49 @@
+# Fail2Ban configuration file
+#
+# Author: Viktor SzÃ©pe
+#
+#
+
+[INCLUDES]
+
+before = sendmail-common.conf
+
+[Definition]
+
+# Option:  actionban
+# Notes.:  Command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+#          You need to install geoiplookup and the GeoLite or GeoIP databases.
+#          (geoip-bin and geoip-database in Debian)
+#          The host command comes from bind9-host package.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
+            Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n\n
+            Here is more information about <ip>:\n
+            http://bgp.he.net/ip/<ip>
+            http://www.projecthoneypot.org/ip_<ip>
+            http://whois.domaintools.com/<ip>\n\n
+            Country:`geoiplookup -f /usr/share/GeoIP/GeoIP.dat "<ip>" | cut -d':' -f2-`
+            AS:`geoiplookup -f /usr/share/GeoIP/GeoIPASNum.dat "<ip>" | cut -d':' -f2-`
+            hostname: `host -t A <ip> 2>&1`\n\n
+            Lines containing IP:<ip> in <logpath>\n
+            `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Path to the log files which contain relevant lines for the abuser IP
+#
+logpath = /dev/null
diff --git a/fail2ban/action.d/sendmail-whois-ipjailmatches.conf b/fail2ban/action.d/sendmail-whois-ipjailmatches.conf
index 45b1f31..9c32f41 100644
--- a/fail2ban/action.d/sendmail-whois-ipjailmatches.conf
+++ b/fail2ban/action.d/sendmail-whois-ipjailmatches.conf
@@ -17,13 +17,13 @@ before = sendmail-common.conf
 # Values:  CMD
 #
 actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
-            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n
             Hi,\n
             The IP <ip> has just been banned by Fail2Ban after
             <failures> attempts against <name>.\n\n
-            Here are more information about <ip>:\n
+            Here is more information about <ip>:\n
             `/usr/bin/whois <ip>`\n\n
             Matches for <name> with <ipjailfailures> failures IP:<ip>\n
             <ipjailmatches>\n\n
diff --git a/fail2ban/action.d/sendmail-whois-ipmatches.conf b/fail2ban/action.d/sendmail-whois-ipmatches.conf
index 8193fb0..8c07454 100644
--- a/fail2ban/action.d/sendmail-whois-ipmatches.conf
+++ b/fail2ban/action.d/sendmail-whois-ipmatches.conf
@@ -17,13 +17,13 @@ before = sendmail-common.conf
 # Values:  CMD
 #
 actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
-            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n
             Hi,\n
             The IP <ip> has just been banned by Fail2Ban after
             <failures> attempts against <name>.\n\n
-            Here are more information about <ip>:\n
+            Here is more information about <ip>:\n
             `/usr/bin/whois <ip>`\n\n
             Matches with <ipfailures> failures IP:<ip>\n
             <ipmatches>\n\n
diff --git a/fail2ban/action.d/sendmail-whois-lines.conf b/fail2ban/action.d/sendmail-whois-lines.conf
index 270373e..135632c 100644
--- a/fail2ban/action.d/sendmail-whois-lines.conf
+++ b/fail2ban/action.d/sendmail-whois-lines.conf
@@ -17,7 +17,7 @@ before = sendmail-common.conf
 # Values:  CMD
 #
 actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
-            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n
             Hi,\n
@@ -26,7 +26,7 @@ actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
             Here is more information about <ip>:\n
             `/usr/bin/whois <ip> || echo missing whois program`\n\n
             Lines containing IP:<ip> in <logpath>\n
-            `grep '[^0-9]<ip>[^0-9]' <logpath>`\n\n
+            `grep -E '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
             Regards,\n
             Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
 
diff --git a/fail2ban/action.d/sendmail-whois-matches.conf b/fail2ban/action.d/sendmail-whois-matches.conf
index ed66476..64bac3e 100644
--- a/fail2ban/action.d/sendmail-whois-matches.conf
+++ b/fail2ban/action.d/sendmail-whois-matches.conf
@@ -17,13 +17,13 @@ before = sendmail-common.conf
 # Values:  CMD
 #
 actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
-            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n
             Hi,\n
             The IP <ip> has just been banned by Fail2Ban after
             <failures> attempts against <name>.\n\n
-            Here are more information about <ip>:\n
+            Here is more information about <ip>:\n
             `/usr/bin/whois <ip>`\n\n
             Matches:\n
             <matches>\n\n
diff --git a/fail2ban/action.d/sendmail-whois.conf b/fail2ban/action.d/sendmail-whois.conf
index fc60127..9403a38 100644
--- a/fail2ban/action.d/sendmail-whois.conf
+++ b/fail2ban/action.d/sendmail-whois.conf
@@ -17,7 +17,7 @@ before = sendmail-common.conf
 # Values:  CMD
 #
 actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
-            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n
             Hi,\n
diff --git a/fail2ban/action.d/sendmail.conf b/fail2ban/action.d/sendmail.conf
index 46050e1..4b088dc 100644
--- a/fail2ban/action.d/sendmail.conf
+++ b/fail2ban/action.d/sendmail.conf
@@ -17,7 +17,7 @@ before = sendmail-common.conf
 # Values:  CMD
 #
 actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
-            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            Date: `LC_TIME=C date +"%%a, %%d %%h %%Y %%T %%z"`
             From: <sendername> <<sender>>
             To: <dest>\n
             Hi,\n
diff --git a/fail2ban/action.d/ufw.conf b/fail2ban/action.d/ufw.conf
index 04b8b32..d2f731f 100644
--- a/fail2ban/action.d/ufw.conf
+++ b/fail2ban/action.d/ufw.conf
@@ -13,9 +13,11 @@ actionstop =
 
 actioncheck = 
 
-actionban = [ -n "<application>" ] && app="app <application>" ; ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
+actionban = [ -n "<application>" ] && app="app <application>"
+            ufw insert <insertpos> <blocktype> from <ip> to <destination> $app
 
-actionunban = [ -n "<application>" ] && app="app <application>" ; ufw delete <blocktype> from <ip> to <destination> $app
+actionunban = [ -n "<application>" ] && app="app <application>"
+              ufw delete <blocktype> from <ip> to <destination> $app
 
 [Init]
 # Option: insertpos
diff --git a/fail2ban/action.d/xarf-login-attack.conf b/fail2ban/action.d/xarf-login-attack.conf
index 6d6a74f..19b3167 100644
--- a/fail2ban/action.d/xarf-login-attack.conf
+++ b/fail2ban/action.d/xarf-login-attack.conf
@@ -46,7 +46,7 @@ actionban = oifs=${IFS}; IFS=.;SEP_IP=( <ip> ); set -- ${SEP_IP}; ADDRESSES=$(di
             REPORTID=<time>@`uname -n`
             TLP=<tlp>
             PORT=<port>
-            DATE=`LC_TIME=C date -u --date=@<time> +"%%a, %%d %%h %%Y %%T +0000"`
+            DATE=`LC_TIME=C date --date=@<time> +"%%a, %%d %%h %%Y %%T %%z"`
             if [ ! -z "$ADDRESSES" ]; then
                 (printf -- %%b "<header>\n<message>\n<report>\n";
                  date '+Note: Local timezone is %%z (%%Z)';
diff --git a/fail2ban/fail2ban.conf b/fail2ban/fail2ban.conf
index 550b404..7137846 100644
--- a/fail2ban/fail2ban.conf
+++ b/fail2ban/fail2ban.conf
@@ -34,6 +34,12 @@ loglevel = INFO
 #
 logtarget = /var/log/fail2ban.log
 
+# Option: syslogsocket
+# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
+#        auto uses platform.system() to determine predefined paths
+# Values: [ auto | FILE ]  Default: auto
+syslogsocket = auto
+
 # Option: socket
 # Notes.: Set the socket file. This is used to communicate with the daemon. Do
 #         not remove this file when Fail2ban runs. It will not be possible to
diff --git a/fail2ban/filter.d/apache-botsearch.conf b/fail2ban/filter.d/apache-botsearch.conf
index f7f5488..5687d40 100644
--- a/fail2ban/filter.d/apache-botsearch.conf
+++ b/fail2ban/filter.d/apache-botsearch.conf
@@ -17,7 +17,9 @@
 [INCLUDES]
 
 # overwrite with apache-common.local if _apache_error_client is incorrect.
+# Load regexes for filtering from botsearch-common.conf
 before = apache-common.conf
+         botsearch-common.conf
 
 [Definition]
 
@@ -31,18 +33,8 @@ ignoreregex =
 
 # Webroot represents the webroot on which all other files are based
 webroot = /var/www/
-# Block is the actual non-found directories to block
-block = (<webmail>|<phpmyadmin>|<wordpress>)[^,]*
-
-# These are just convient definitions that assist the blocking of stuff that 
-# isn't installed
-webmail = roundcube|(ext)?mail|horde|(v-?)?webmail
-
-phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)
-
-wordpress = wp-(login|signup)\.php
 
 
 # DEV Notes:
 #
-# Author: Daniel Black
+# Author: Daniel Black
\ No newline at end of file
diff --git a/fail2ban/filter.d/apache-fakegooglebot.conf b/fail2ban/filter.d/apache-fakegooglebot.conf
new file mode 100644
index 0000000..b8a7350
--- /dev/null
+++ b/fail2ban/filter.d/apache-fakegooglebot.conf
@@ -0,0 +1,14 @@
+# Fail2Ban filter for fake Googlebot User Agents
+
+[Definition]
+
+failregex = ^<HOST> .*Googlebot.*$
+
+ignoreregex =
+
+
+# DEV Notes:
+#
+# Author: Lee Clemens
+# Thanks: Johannes B. Ullrich, Ph.D.
+# Reference: https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
diff --git a/fail2ban/filter.d/asterisk.conf b/fail2ban/filter.d/asterisk.conf
index 54b2db7..76997a1 100644
--- a/fail2ban/filter.d/asterisk.conf
+++ b/fail2ban/filter.d/asterisk.conf
@@ -22,7 +22,7 @@ failregex = ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Registration from '[^']*'
             ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s No registration for peer '[^']*' \(from <HOST>\)$
             ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Host <HOST> failed MD5 authentication for '[^']*' \([^)]+\)$
             ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s Failed to authenticate (user|device) [^@]+@<HOST>\S*$
-            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s (?:handle_request_subscribe: )?Sending fake auth rejection for (device|user) \d*<sip:[^@]+@<HOST>>;tag=\w+\S*$
+            ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s hacking attempt detected '<HOST>'$
             ^(%(__prefix_line)s|\[\]\s*)%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="[\d-]+",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="\d*",SessionID="0x[\da-f]+",LocalAddress="IPV[46]/(UD|TC)P/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UD|TC)P/<HOST>/\d+"(,Challenge="\w+",ReceivedChallenge="\w+")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?$
             ^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )Ext\. s: "Rejecting unknown SIP connection from <HOST>"$
 
diff --git a/fail2ban/filter.d/botsearch-common.conf b/fail2ban/filter.d/botsearch-common.conf
new file mode 100644
index 0000000..65f9da2
--- /dev/null
+++ b/fail2ban/filter.d/botsearch-common.conf
@@ -0,0 +1,19 @@
+# Generic configuration file for -botsearch filters
+
+[Init]
+
+# Block is the actual non-found directories to block
+block = \/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin)[^,]*
+
+# These are just convient definitions that assist the blocking of stuff that 
+# isn't installed
+webmail = roundcube|(ext)?mail|horde|(v-?)?webmail
+
+phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)
+
+wordpress = wp-(login|signup)\.php
+
+# DEV Notes:
+# Taken from apache-botsearch filter
+# 
+# Author: Frantisek Sumsal
\ No newline at end of file
diff --git a/fail2ban/filter.d/common.conf b/fail2ban/filter.d/common.conf
index ae8e8b7..3e35f1d 100644
--- a/fail2ban/filter.d/common.conf
+++ b/fail2ban/filter.d/common.conf
@@ -53,4 +53,8 @@ __bsd_syslog_verbose = (<[^.]+\.[^.]+>)
 # This can be optional (for instance if we match named native log files)
 __prefix_line = \s*%(__bsd_syslog_verbose)s?\s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s*
 
+# PAM authentication mechanism check for failures, e.g.: pam_unix, pam_sss,
+# pam_ldap
+__pam_auth = pam_unix
+
 # Author: Yaroslav Halchenko
diff --git a/fail2ban/filter.d/counter-strike.conf b/fail2ban/filter.d/counter-strike.conf
index ef42db2..a896b5c 100644
--- a/fail2ban/filter.d/counter-strike.conf
+++ b/fail2ban/filter.d/counter-strike.conf
@@ -6,6 +6,7 @@
 
 failregex = ^: Bad Rcon: "rcon \d+ "\S+"  sv_contact ".*?"" from "<HOST>:\d+"$
 
+ignoreregex =
 
 [Init]
 
diff --git a/fail2ban/filter.d/dovecot.conf b/fail2ban/filter.d/dovecot.conf
index 0b154ff..b6645b8 100644
--- a/fail2ban/filter.d/dovecot.conf
+++ b/fail2ban/filter.d/dovecot.conf
@@ -9,9 +9,10 @@ before = common.conf
 
 _daemon = (auth|dovecot(-auth)?|auth-worker)
 
-failregex = ^%(__prefix_line)s(pam_unix(\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\S*)?\s*$
+failregex = ^%(__prefix_line)s(%(__pam_auth)s(\(dovecot:auth\))?:)?\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=dovecot ruser=\S* rhost=<HOST>(\s+user=\S*)?\s*$
             ^%(__prefix_line)s(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \(((auth failed, \d+ attempts)( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\):( user=<\S*>,)?( method=\S+,)? rip=<HOST>(, lip=(\d{1,3}\.){3}\d{1,3})?(, TLS( handshaking(: SSL_accept\(\) failed: error:[\dA-F]+:SSL routines:[TLS\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\S+>)?\s*$
-            ^%(__prefix_line)s(Info|dovecot: auth\(default\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
+            ^%(__prefix_line)s(Info|dovecot: auth\(default\)|auth-worker\(\d+\)): pam\(\S+,<HOST>\): pam_authenticate\(\) failed: (User not known to the underlying authentication module: \d+ Time\(s\)|Authentication failure \(password mismatch\?\))\s*$
+            ^%(__prefix_line)sauth-worker\(\d+\): pam\(\S+,<HOST>\): unknown user\s*$
 
 ignoreregex = 
 
diff --git a/fail2ban/filter.d/drupal-auth.conf b/fail2ban/filter.d/drupal-auth.conf
new file mode 100644
index 0000000..b60abe3
--- /dev/null
+++ b/fail2ban/filter.d/drupal-auth.conf
@@ -0,0 +1,26 @@
+# Fail2Ban filter to block repeated failed login attempts to Drupal site(s)
+#
+#
+# Drupal must be setup to use Syslog, which defaults to the following format:
+#
+#   !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+
+[Definition]
+
+failregex = ^%(__prefix_line)s(https?:\/\/)([\da-z\.-]+)\.([a-z\.]{2,6})(\/[\w\.-]+)*\|\d{10}\|user\|<HOST>\|.+\|.+\|\d\|.*\|Login attempt failed for .+\.$
+
+ignoreregex =
+
+
+# DEV Notes:
+#
+# https://www.drupal.org/documentation/modules/syslog
+#
+# Author: Lee Clemens
diff --git a/fail2ban/filter.d/exim.conf b/fail2ban/filter.d/exim.conf
index b5028f0..11fd03d 100644
--- a/fail2ban/filter.d/exim.conf
+++ b/fail2ban/filter.d/exim.conf
@@ -14,10 +14,10 @@ before = exim-common.conf
 [Definition]
 
 failregex = ^%(pid)s %(host_info)ssender verify fail for <\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\s*$
-             ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\]: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
+             ^%(pid)s \w+ authenticator failed for (\S+ )?\(\S+\) \[<HOST>\](:\d+)?( I=\[\S+\](:\d+)?)?: 535 Incorrect authentication data( \(set_id=.*\)|: \d+ Time\(s\))?\s*$
              ^%(pid)s %(host_info)sF=(<>|[^@]+@\S+) rejected RCPT [^@]+@\S+: (relay not permitted|Sender verify failed|Unknown user)\s*$
              ^%(pid)s SMTP protocol synchronization error \([^)]*\): rejected (connection from|"\S+") %(host_info)s(next )?input=".*"\s*$
-             ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\]:\d+ )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
+             ^%(pid)s SMTP call from \S+ \[<HOST>\](:\d+)? (I=\[\S+\](:\d+)? )?dropped: too many nonmail commands \(last was "\S+"\)\s*$
 
 ignoreregex = 
 
diff --git a/fail2ban/filter.d/groupoffice.conf b/fail2ban/filter.d/groupoffice.conf
index d5a4e4d..166c5fe 100644
--- a/fail2ban/filter.d/groupoffice.conf
+++ b/fail2ban/filter.d/groupoffice.conf
@@ -8,7 +8,7 @@
 
 failregex = ^\[\]LOGIN FAILED for user: "\S+" from IP: <HOST>$
 
-
+ignoreregex =
 
 # Author: Daniel Black
 
diff --git a/fail2ban/filter.d/ignorecommands/apache-fakegooglebot b/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
new file mode 100755
index 0000000..47ef51f
--- /dev/null
+++ b/fail2ban/filter.d/ignorecommands/apache-fakegooglebot
@@ -0,0 +1,32 @@
+#!/usr/bin/python
+# Inspired by https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/
+#
+# Written in Python to reuse built-in Python batteries and not depend on
+# presence of host and cut commands
+#
+import sys
+
+def process_args(argv):
+    if len(argv) != 2:
+       sys.stderr.write("Please provide a single IP as an argument. Got: %s\n"
+                        % (argv[1:]))
+       sys.exit(2)
+
+    ip = argv[1]
+
+    from fail2ban.server.filter import DNSUtils
+    if not DNSUtils.isValidIP(ip):
+       sys.stderr.write("Argument must be a single valid IP. Got: %s\n"
+                        % ip)
+       sys.exit(3)
+    return ip
+
+def is_googlebot(ip):
+    import re
+    from fail2ban.server.filter import DNSUtils
+
+    host = DNSUtils.ipToName(ip)
+    sys.exit(0 if (host and re.match('crawl-.*\.googlebot\.com', host)) else 1)
+
+if __name__ == '__main__':
+    is_googlebot(process_args(sys.argv))
diff --git a/fail2ban/filter.d/kerio.conf b/fail2ban/filter.d/kerio.conf
index 3377995..313c9b3 100644
--- a/fail2ban/filter.d/kerio.conf
+++ b/fail2ban/filter.d/kerio.conf
@@ -6,6 +6,9 @@ failregex = ^ SMTP Spam attack detected from <HOST>,
             ^ IP address <HOST> found in DNS blacklist \S+, mail from \S+ to \S+$
             ^ Relay attempt from IP address <HOST>
             ^ Attempt to deliver to unknown recipient \S+, from \S+, IP address <HOST>$
+
+ignoreregex =
+
 [Init]
 
 datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\]
diff --git a/fail2ban/filter.d/monit.conf b/fail2ban/filter.d/monit.conf
index 1fcd980..c2ef20d 100644
--- a/fail2ban/filter.d/monit.conf
+++ b/fail2ban/filter.d/monit.conf
@@ -7,3 +7,4 @@
 failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied unknown user '\w+' accessing monit httpd$
             ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '<HOST>' supplied wrong password for user '\w+' accessing monit httpd$
 
+ignoreregex =
diff --git a/fail2ban/filter.d/named-refused.conf b/fail2ban/filter.d/named-refused.conf
index 15eeedc..eec3d66 100644
--- a/fail2ban/filter.d/named-refused.conf
+++ b/fail2ban/filter.d/named-refused.conf
@@ -38,6 +38,8 @@ failregex = ^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: (vie
             ^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: zone transfer '\S+/AXFR/\w+' denied\s*$
             ^%(__line_prefix)s( error:)?\s*client <HOST>#\S+( \([\S.]+\))?: bad zone transfer request: '\S+/IN': non-authoritative zone \(NOTAUTH\)\s*$
 
+ignoreregex =
+
 # DEV Notes:
 # Trying to generalize the
 #          structure which is general to capture general patterns in log
diff --git a/fail2ban/filter.d/nginx-botsearch.conf b/fail2ban/filter.d/nginx-botsearch.conf
new file mode 100644
index 0000000..567f2f5
--- /dev/null
+++ b/fail2ban/filter.d/nginx-botsearch.conf
@@ -0,0 +1,20 @@
+# Fail2Ban filter to match web requests for selected URLs that don't exist
+#
+
+[INCLUDES]
+
+# Load regexes for filtering
+before = botsearch-common.conf
+
+[Definition]
+
+failregex = ^<HOST> \- \S+ \[\] \"(GET|POST) \/<block> \S+\" 404 .+$
+            ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST) \/<block> \S+\"\, .*?$
+
+ignoreregex = 
+
+
+# DEV Notes:
+# Based on apache-botsearch filter
+# 
+# Author: Frantisek Sumsal
\ No newline at end of file
diff --git a/fail2ban/filter.d/nsd.conf b/fail2ban/filter.d/nsd.conf
index cd4ce35..70b41ca 100644
--- a/fail2ban/filter.d/nsd.conf
+++ b/fail2ban/filter.d/nsd.conf
@@ -24,3 +24,5 @@ _daemon = nsd
 
 failregex =  ^\[\]%(__prefix_line)sinfo: ratelimit block .* query <HOST> TYPE255$
               ^\[\]%(__prefix_line)sinfo: .* <HOST> refused, no acl matches\.$
+
+ignoreregex =
diff --git a/fail2ban/filter.d/pam-generic.conf b/fail2ban/filter.d/pam-generic.conf
index aea4752..e0d4e9c 100644
--- a/fail2ban/filter.d/pam-generic.conf
+++ b/fail2ban/filter.d/pam-generic.conf
@@ -13,7 +13,7 @@ before = common.conf
 # Default: catch all failed logins
 _ttys_re=\S*
 
-__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
+__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
 _daemon = \S+
 
 failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
diff --git a/fail2ban/filter.d/portsentry.conf b/fail2ban/filter.d/portsentry.conf
index 1ee9531..27dca9b 100644
--- a/fail2ban/filter.d/portsentry.conf
+++ b/fail2ban/filter.d/portsentry.conf
@@ -6,5 +6,7 @@
 
 failregex = \/<HOST> Port\: [0-9]+ (TCP|UDP) Blocked$
 
+ignoreregex =
+
 # Author: Pacop <pacoparu@gmail.com>
 
diff --git a/fail2ban/filter.d/postfix-rbl.conf b/fail2ban/filter.d/postfix-rbl.conf
new file mode 100644
index 0000000..05a8bbc
--- /dev/null
+++ b/fail2ban/filter.d/postfix-rbl.conf
@@ -0,0 +1,19 @@
+# Fail2Ban filter for Postfix's RBL based Blocked hosts
+#
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+[Definition]
+
+_daemon = postfix/smtpd
+
+failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
+
+ignoreregex =
+
+# Author: Lee Clemens
diff --git a/fail2ban/filter.d/postfix-sasl.conf b/fail2ban/filter.d/postfix-sasl.conf
index 35b064d..199e29b 100644
--- a/fail2ban/filter.d/postfix-sasl.conf
+++ b/fail2ban/filter.d/postfix-sasl.conf
@@ -9,9 +9,9 @@ before = common.conf
 
 _daemon = postfix/(submission/)?smtp(d|s)
 
-failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
+failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$
 
-ignoreregex = 
+ignoreregex = authentication failed: Connection lost to authentication server$
 
 [Init]
 
diff --git a/fail2ban/filter.d/postfix.conf b/fail2ban/filter.d/postfix.conf
index a7a05e4..a994d77 100644
--- a/fail2ban/filter.d/postfix.conf
+++ b/fail2ban/filter.d/postfix.conf
@@ -13,6 +13,7 @@ before = common.conf
 _daemon = postfix/(submission/)?smtp(d|s)
 
 failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 554 5\.7\.1 .*$
+            ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 Client host rejected: cannot find your hostname, (\[\S*\]); from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$
             ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[<HOST>\]: 450 4\.7\.1 : Helo command rejected: Host not found; from=<> to=<> proto=ESMTP helo= *$
             ^%(__prefix_line)sNOQUEUE: reject: VRFY from \S+\[<HOST>\]: 550 5\.1\.1 .*$
             ^%(__prefix_line)simproper command pipelining after \S+ from [^[]*\[<HOST>\]:?$
diff --git a/fail2ban/filter.d/recidive.conf b/fail2ban/filter.d/recidive.conf
index b38735a..e2501cf 100644
--- a/fail2ban/filter.d/recidive.conf
+++ b/fail2ban/filter.d/recidive.conf
@@ -29,6 +29,8 @@ _jailname = recidive
 
 failregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
 
+ignoreregex = 
+
 [Init]
 
 journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5
diff --git a/fail2ban/filter.d/squid.conf b/fail2ban/filter.d/squid.conf
index da28269..e26cab9 100644
--- a/fail2ban/filter.d/squid.conf
+++ b/fail2ban/filter.d/squid.conf
@@ -7,7 +7,7 @@
 failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/403 .*$
             ^\s+\d\s<HOST>\s+NONE/405 .*$
 
-
+ignoreregex =
 
 # Author: Daniel Black
 
diff --git a/fail2ban/filter.d/squirrelmail.conf b/fail2ban/filter.d/squirrelmail.conf
index 9defd8d..af0c38e 100644
--- a/fail2ban/filter.d/squirrelmail.conf
+++ b/fail2ban/filter.d/squirrelmail.conf
@@ -3,6 +3,7 @@
 
 failregex = ^ \[LOGIN_ERROR\].*from <HOST>: Unknown user or password incorrect\.$
 
+ignoreregex =
 
 [Init]
 
diff --git a/fail2ban/filter.d/sshd.conf b/fail2ban/filter.d/sshd.conf
index 6589e21..b000cd4 100644
--- a/fail2ban/filter.d/sshd.conf
+++ b/fail2ban/filter.d/sshd.conf
@@ -33,6 +33,7 @@ failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|erro
             ^(?P<__prefix>%(__prefix_line)s)User .+ not allowed because account is locked<SKIPLINES>(?P=__prefix)(?:error: )?Received disconnect from <HOST>: 11: .+ \[preauth\]$
             ^(?P<__prefix>%(__prefix_line)s)Disconnecting: Too many authentication failures for .+? \[preauth\]<SKIPLINES>(?P=__prefix)(?:error: )?Connection closed by <HOST> \[preauth\]$
             ^(?P<__prefix>%(__prefix_line)s)Connection from <HOST> port \d+(?: on \S+ port \d+)?<SKIPLINES>(?P=__prefix)Disconnecting: Too many authentication failures for .+? \[preauth\]$
+            ^%(__prefix_line)spam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=<HOST>\s.*$
 
 ignoreregex = 
 
diff --git a/fail2ban/filter.d/stunnel.conf b/fail2ban/filter.d/stunnel.conf
index c49bab4..2396d89 100644
--- a/fail2ban/filter.d/stunnel.conf
+++ b/fail2ban/filter.d/stunnel.conf
@@ -4,6 +4,8 @@
 
 failregex = ^ LOG\d\[\d+:\d+\]:\ SSL_accept from <HOST>:\d+ : (?P<CODE>[\dA-F]+): error:(?P=CODE):SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate$
 
+ignoreregex =
+
 # DEV NOTES:
 # 
 # Author: Daniel Black
diff --git a/fail2ban/filter.d/vsftpd.conf b/fail2ban/filter.d/vsftpd.conf
index 4de2bef..930b0d7 100644
--- a/fail2ban/filter.d/vsftpd.conf
+++ b/fail2ban/filter.d/vsftpd.conf
@@ -10,7 +10,7 @@ before = common.conf
 
 [Definition]
 
-__pam_re=\(?pam_unix(?:\(\S+\))?\)?:?
+__pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:?
 _daemon =  vsftpd
 
 failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
diff --git a/fail2ban/filter.d/wuftpd.conf b/fail2ban/filter.d/wuftpd.conf
index 45149f6..6f6700e 100644
--- a/fail2ban/filter.d/wuftpd.conf
+++ b/fail2ban/filter.d/wuftpd.conf
@@ -11,7 +11,7 @@ before = common.conf
 [Definition]
 
 _daemon = wu-ftpd
-__pam_re=\(?pam_unix(?:\(wu-ftpd:auth\))?\)?:?
+__pam_re=\(?%(__pam_auth)s(?:\(wu-ftpd:auth\))?\)?:?
 
 failregex = ^%(__prefix_line)sfailed login from \S+ \[<HOST>\]\s*$
             ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
diff --git a/fail2ban/jail.conf b/fail2ban/jail.conf
index d31e70d..732aeab 100644
--- a/fail2ban/jail.conf
+++ b/fail2ban/jail.conf
@@ -79,6 +79,11 @@ maxretry = 5
 #              See "journalmatch" in the jails associated filter config
 # auto:      will try to use the following backends, in order:
 #              pyinotify, gamin, polling.
+#
+# Note: if systemd backend is choses as the default but you enable a jail
+#       for which logs are present only in its own log files, specify some other
+#       backend for that jail (e.g. polling) and provide empty value for
+#       journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
 backend = auto
 
 # "usedns" specifies if jails should trust hostnames in logs,
@@ -277,6 +282,14 @@ logpath  = %(apache_error_log)s
 maxretry = 2
 
 
+[apache-fakegooglebot]
+
+port     = http,https
+logpath  = %(apache_access_log)s
+maxretry = 1
+ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>
+
+
 [apache-modsecurity]
 
 port     = http,https
@@ -286,14 +299,19 @@ maxretry = 2
 [apache-shellshock]
 
 port    = http,https
-logpath = $(apache_error_log)s
+logpath = %(apache_error_log)s
 maxretry = 1
 
 [nginx-http-auth]
 
-ports   = http,https
+port    = http,https
 logpath = %(nginx_error_log)s
 
+[nginx-botsearch]
+
+port     = http,https
+logpath  = %(nginx_error_log)s
+maxretry = 2
 
 # Ban attackers that try to use PHP's URL-fopen() functionality
 # through GET/POST variables. - Experimental, with more than a year
@@ -302,7 +320,8 @@ logpath = %(nginx_error_log)s
 [php-url-fopen]
 
 port    = http,https
-logpath = %(nginx_access_log)s %(apache_access_log)s
+logpath = %(nginx_access_log)s
+          %(apache_access_log)s
 
 
 [suhosin]
@@ -366,6 +385,11 @@ maxretry = 5
 #
 #
 
+[drupal-auth]
+
+port     = http,https
+logpath  = %(syslog_daemon)s
+
 [guacamole]
 
 port     = http,https
@@ -464,6 +488,13 @@ port     = smtp,465,submission
 logpath  = %(postfix_log)s
 
 
+[postfix-rbl]
+
+port     = smtp,465,submission
+logpath  = %(syslog_mail)s
+maxretry = 1
+
+
 [sendmail-auth]
 
 port    = submission,465,smtp
@@ -648,15 +679,16 @@ maxretry = 5
 
 
 # Jail for more extended banning of persistent abusers
-# !!! WARNING !!!
-#   Make sure that your loglevel specified in fail2ban.conf/.local
-#   is not at DEBUG level -- which might then cause fail2ban to fall into
-#   an infinite loop constantly feeding itself with non-informative lines
+# !!! WARNINGS !!!
+# 1. Make sure that your loglevel specified in fail2ban.conf/.local
+#    is not at DEBUG level -- which might then cause fail2ban to fall into
+#    an infinite loop constantly feeding itself with non-informative lines
+# 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
+#    to maintain entries for failed logins for sufficient amount of time
 [recidive]
 
 logpath  = /var/log/fail2ban.log
-port     = all
-protocol = all
+banaction = iptables-allports
 bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 maxretry = 5
@@ -723,4 +755,4 @@ port = 2222
 [portsentry]
 enabled  = false
 logpath  = /var/lib/portsentry/portsentry.history
-maxretry = 1
\ No newline at end of file
+maxretry = 1
diff --git a/fail2ban/paths-common.conf b/fail2ban/paths-common.conf
index c634e73..837d339 100644
--- a/fail2ban/paths-common.conf
+++ b/fail2ban/paths-common.conf
@@ -61,3 +61,6 @@ dovecot_log = %(syslog_mail_warn)s
 solidpop3d_log = %(syslog_local0)s
 
 mysql_log = %(syslog_daemon)s
+
+# Directory with ignorecommand scripts
+ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands
diff --git a/init.d/courier-imapd b/init.d/courier-imapd
index 424961b..4fa50f8 100755
--- a/init.d/courier-imapd
+++ b/init.d/courier-imapd
@@ -1,7 +1,7 @@
 #!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd.rc6,v 1.4 2014/11/20 10:25:15 mrueg Exp $
 
 depend() {
 	need net courier-authlib
diff --git a/init.d/courier-imapd-ssl b/init.d/courier-imapd-ssl
index 9455463..32292a1 100755
--- a/init.d/courier-imapd-ssl
+++ b/init.d/courier-imapd-ssl
@@ -1,7 +1,7 @@
 #!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd-ssl.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-imapd-ssl.rc6,v 1.4 2014/11/20 10:25:15 mrueg Exp $
 
 depend() {
 	need net courier-authlib
diff --git a/init.d/courier-pop3d b/init.d/courier-pop3d
index 821f4a5..3eb019f 100755
--- a/init.d/courier-pop3d
+++ b/init.d/courier-pop3d
@@ -1,7 +1,7 @@
 #!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d.rc6,v 1.4 2014/11/20 10:25:15 mrueg Exp $
 
 depend() {
 	need net courier-authlib
diff --git a/init.d/courier-pop3d-ssl b/init.d/courier-pop3d-ssl
index 53703af..c72ac2d 100755
--- a/init.d/courier-pop3d-ssl
+++ b/init.d/courier-pop3d-ssl
@@ -1,7 +1,7 @@
 #!/sbin/runscript
-# Copyright 1999-2007 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d-ssl.rc6,v 1.2 2007/04/07 01:08:00 chtekk Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/courier-imap-4.0.6-r1-courier-pop3d-ssl.rc6,v 1.4 2014/11/20 10:25:15 mrueg Exp $
 
 depend() {
 	need net courier-authlib
diff --git a/pam.d/login b/pam.d/login
index 787803d..7641435 100644
--- a/pam.d/login
+++ b/pam.d/login
@@ -1,4 +1,3 @@
-auth       required	pam_securetty.so
 auth       include	system-local-login
 account    include	system-local-login
 password   include	system-local-login
diff --git a/pam.d/system-auth b/pam.d/system-auth
index bb9fcdb..f396cc8 100644
--- a/pam.d/system-auth
+++ b/pam.d/system-auth
@@ -1,14 +1,11 @@
 auth		required	pam_env.so 
 auth		required	pam_unix.so try_first_pass likeauth nullok 
 auth		optional	pam_permit.so
- 
 account		required	pam_unix.so 
 account		optional	pam_permit.so
- 
 password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 
 password	required	pam_unix.so try_first_pass use_authtok nullok sha512 shadow 
 password	optional	pam_permit.so
- 
 session		required	pam_limits.so 
 session		required	pam_env.so 
 session		required	pam_unix.so 
diff --git a/pam.d/system-login b/pam.d/system-login
index 1dd1c8f..ef6bf94 100644
--- a/pam.d/system-login
+++ b/pam.d/system-login
@@ -3,15 +3,12 @@ auth		required	pam_shells.so
 auth		required	pam_nologin.so 
 auth		include		system-auth
 auth		optional	pam_gnome_keyring.so
- 				
 account		required	pam_access.so 
 account		required	pam_nologin.so 
 account		include		system-auth
 account		required	pam_tally2.so onerr=succeed 
- 
 password	include		system-auth
 password	optional	pam_gnome_keyring.so
- 
 session         optional        pam_loginuid.so
 session		required	pam_env.so 
 session		optional	pam_lastlog.so silent 
@@ -19,4 +16,3 @@ session		include		system-auth
 session		optional	pam_gnome_keyring.so auto_start
 session		optional	pam_motd.so motd=/etc/motd
 session		optional	pam_mail.so
-  
diff --git a/portage/make.conf b/portage/make.conf
index 608b553..f767da6 100644
--- a/portage/make.conf
+++ b/portage/make.conf
@@ -63,6 +63,7 @@ GRUB_PLATFORMS="coreboot emu multiboot pc qemu"
 #PHP_TARGETS="php5-3"
 PHP_TARGETS="php5-3 php5-5"
 PYTHON_TARGETS="python2_7 python3_3 python3_4"
+PYTHON_SINGLE_TARGET="python3_4"
 RUBY_TARGETS="ruby19"
 
 CPU_FLAGS_X86="aes avx fma4 mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 xop"
diff --git a/portage/package.use b/portage/package.use
index da07aba..037fb13 100644
--- a/portage/package.use
+++ b/portage/package.use
@@ -11,7 +11,7 @@ app-arch/zip                            natspec
 
 app-crypt/gnupg                         idea
 
-app-doc/doxygen				dot
+app-doc/doxygen				clang dot
 
 app-editors/vim                         cscope racket vim-with-x
 
@@ -25,6 +25,7 @@ app-portage/eix                         optimization strong-optimization tools
 
 app-shells/bash                         plugins
 
+app-text/asciidoc			python_single_target_python2_7
 app-text/ghostscript-gpl		cups
 app-text/texlive			xetex
 app-text/texlive-core			xetex
@@ -35,7 +36,7 @@ dev-db/mysql                            extraengine profiling xtradb
 dev-db/phpmyadmin			setup
 dev-db/postgresql			server uuid xml
 dev-db/postgresql-server		uuid
-dev-db/sqlite				extensions fts3 soundex unlock-notify
+dev-db/sqlite				extensions fts3 soundex tools unlock-notify
 dev-db/unixODBC				odbcmanual
 
 
@@ -108,6 +109,8 @@ mail-filter/amavisd-new                 courier
 
 mail-mta/postfix                        memcached
 
+media-fonts/corefonts			tahoma
+
 media-gfx/album                         ffmpeg plugins themes
 media-gfx/exiv2                         contrib xmp
 media-gfx/graphicsmagick		fpx
@@ -136,7 +139,7 @@ media-video/ffmpeg                      aac aacplus amr amrenc ass dirac gme gsm
 
 # move net-analyzer/nagios-nrpe net-analyzer/nrpe
 net-analyzer/nrpe                       command-args
-net-analyzer/nagios-plugins             nagios-dns nagios-ntp nagios-ping nagios-ssh smart sudo
+net-analyzer/nagios-plugins             nagios-dns nagios-ntp nagios-ping nagios-ssh smart sudo xmpp
 net-analyzer/net-snmp                   diskio elf extensible lm_sensors mfd-rewrites sendmail smux
 net-analyzer/pb-nagios-plugins		nrpe
 net-analyzer/tcpdump			-samba
@@ -189,6 +192,7 @@ sys-block/parted			device-mapper
 sys-boot/grub				device-mapper
 
 sys-devel/gcc                           gcj libffi mudflap objc objc-gc objc++
+sys-devel/llvm				clang
 
 sys-fs/lvm2				lvm2create_initrd
 
@@ -196,12 +200,15 @@ sys-kernel/gentoo-sources               -doc
 sys-kernel/vanilla-sources              -doc
 
 sys-libs/pam                            audit
+sys-libs/readline			utils
 
 sys-fs/quota                            rpc
 sys-fs/udev				devfs-compat edd extras hwdb
 
 sys-process/lsof			rpc
 
+virtual/ffmpeg				libav
+
 www-apps/egroupware			gallery
 www-apps/trac				i18n
 
diff --git a/xml/catalog b/xml/catalog
index f149b2d..70d4112 100644
--- a/xml/catalog
+++ b/xml/catalog
@@ -3,7 +3,6 @@
 <catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">
   <public publicId="-//OMF//DTD Scrollkeeper OMF Variant V1.0//EN" uri="/usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd"/>
   <system systemId="http://scrollkeeper.sourceforge.net/dtds/scrollkeeper-omf-1.0/scrollkeeper-omf.dtd" uri="/usr/share/xml/scrollkeeper/dtds/scrollkeeper-omf.dtd"/>
-  <system systemId="http://glade.gnome.org/glade-2.0.dtd" uri="/usr/share/xml/libglade/glade-2.0.dtd"/>
   <delegatePublic publicIdStartString="-//OASIS//ENTITIES DocBook" catalog="file:///etc/xml/docbook"/>
   <delegatePublic publicIdStartString="-//OASIS//ELEMENTS DocBook" catalog="file:///etc/xml/docbook"/>
   <delegatePublic publicIdStartString="-//OASIS//DTD DocBook" catalog="file:///etc/xml/docbook"/>
@@ -12,4 +11,5 @@
   <delegatePublic publicIdStartString="ISO 8879:1986" catalog="file:///etc/xml/docbook"/>
   <delegateSystem systemIdStartString="http://docbook.sourceforge.net/release/xsl/" catalog="file:///etc/xml/docbook"/>
   <delegateURI uriStartString="http://docbook.sourceforge.net/release/xsl/" catalog="file:///etc/xml/docbook"/>
+  <system systemId="http://glade.gnome.org/glade-2.0.dtd" uri="/usr/share/xml/libglade/glade-2.0.dtd"/>
 </catalog>