Dear All, On behalf of everyone who contributed (and there were 30 people!) to the development of Fail2Ban since 0.9.3, I am proud to announce that 0.9.4 was tagged on GitHub, and uploaded to Debian sid. master branch is ready to accept new PRs but you might need to re-merge master into it or rebase on top of it.
I have also uploaded backport builds of Debian package to NeuroDebian (main, not -devel as before) happen you would like to try your luck using Fail2Ban on previous releases of Debian or Ubuntu. Thanks once again to everyone who contributed by commits/pull-requests and/or helping out on the issue tracker and mailing list! Keep up great work, stay cool! Remember that everyone can contribute, there is a list of "easyfix" issues some of which concern with documentation etc: https://github.com/fail2ban/fail2ban/issues?q=is%3Aopen+is%3Aissue+label%3Aeasyfix For those curious about release codephrase and from the "other" half of the world: https://en.wikipedia.org/wiki/International_Women's_Day ver. 0.9.4 (2016/03/08) - for-you-ladies ----------- - Fixes: * roundcube-auth jail typo for logpath * Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164) * filter.d/apache-badbots.conf - Updated useragent string regex adding escape for `+` * filter.d/mysqld-auth.conf - Updated "Access denied ..." regex for MySQL 5.6 and later (gh-1211, gh-1332) * filter.d/sshd.conf - Updated "Auth fail" regex for OpenSSH 5.9 and later * Treat failed and killed execution of commands identically (only different log messages), which addresses different behavior on different exit codes of dash and bash (gh-1155) * Fix jail.conf.5 man's section (gh-1226) * Fixed default banaction for allports jails like pam-generic, recidive, etc with new default variable `banaction_allports` (gh-1216) * Fixed `fail2ban-regex` stops working on invalid (wrong encoded) character for python version < 3.x (gh-1248) * Use postfix_log logpath for postfix-rbl jail * filters.d/postfix.conf - add 'Sender address rejected: Domain not found' failregex * use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc (gh-1271) * Fix ignoring the sender option by action_mw, action_mwl and action_c_mwl * Changed filter.d/asterisk regex for "Call from ..." (few vulnerable now) * Removed compression and rotation count from logrotate (inherit them from the global logrotate config) - New Features: * New interpolation feature for definition config readers - `<known/parameter>` (means last known init definition of filters or actions with name `parameter`). This interpolation makes possible to extend a parameters of stock filter or action directly in jail inside jail.local file, without creating a separately filter.d/*.local file. As extension to interpolation `%(known/parameter)s`, that does not works for filter and action init parameters * New actions: - nftables-multiport and nftables-allports - filtering using nftables framework. Note: it requires a pre-existing chain for the filtering rule. * New filters: - openhab - domotic software authentication failure with the rest api and web interface (gh-1223) - nginx-limit-req - ban hosts, that were failed through nginx by limit request processing rate (ngx_http_limit_req_module) - murmur - ban hosts that repeatedly attempt to connect to murmur/mumble-server with an invalid server password or certificate. - haproxy-http-auth - filter to match failed HTTP Authentications against a HAProxy server * New jails: - murmur - bans TCP and UDP from the bad host on the default murmur port. * sshd filter got new failregex to match "maximum authentication attempts exceeded" (introduced in openssh 6.8) * Added filter for Mac OS screen sharing (VNC) daemon - Enhancements: * Do not rotate empty log files * Added new date pattern with year after day (e.g. Sun Jan 23 2005 21:59:59) http://bugs.debian.org/798923 * Added openSUSE path configuration (Thanks Johannes Weberhofer) * Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197) * Added a timeout (3 sec) to urlopen within badips.py action (Thanks M. Maraun) * Added check against atacker's Googlebot PTR fake records (Thanks Pablo Rodriguez Fernandez) * Enhance filter against atacker's Googlebot PTR fake records (gh-1226) * Nginx log paths extended (prefixed with "*" wildcard) (gh-1237) * Added filter for openhab domotic software authentication failure with the rest api and web interface (gh-1223) * Add *_backend options for services to allow distros to set the default backend per service, set default to systemd for Fedora as appropriate * Performance improvements while monitoring large number of files (gh-1265). Use associative array (dict) for monitored log files to speed up lookup operations. Thanks @kshetragia * Specified that fail2ban is PartOf iptables.service firewalld.service in .service file -- would reload fail2ban if those services are restarted * Provides new default `fail2ban_version` and interpolation variable `fail2ban_agent` in jail.conf * Enhance filter 'postfix' to ban incoming SMTP client with no fqdn hostname, and to support multiple instances of postfix having varying suffix (gh-1331) (Thanks Tom Hendrikx) * files/gentoo-initd to use start-stop-daemon to robustify restarting the service -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Research Scientist, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik ------------------------------------------------------------------------------ Transform Data into Opportunity. Accelerate data analysis in your applications with Intel Data Analytics Acceleration Library. Click to learn more. http://makebettercode.com/inteldaal-eval _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
