stable

fail2ban-0.10.2-1.fc27

FEDORA-2018-37f01b2610 created by orion 6 years ago for Fedora 27

Update to 0.10.2

Fixes

  • Fixed logging to systemd-journal: new logtarget value SYSOUT can be used instead of STDOUT, to avoid write of the time-stamp, if logging to systemd-journal from foreground mode (gh-1876)
  • Fixed recognition of the new date-format on mysqld-auth filter (gh-1639)
  • jail.conf: port imap3 replaced with imap everywhere, since imap3 is not a standard port and old rarely (if ever) used and can missing on some systems (e. g. debian stretch), see gh-1942.
  • config/paths-common.conf: added missing initial values (and small normalization in config/paths-*.conf) in order to avoid errors while interpolating (e. g. starting with systemd-backend), see gh-1955.
  • action.d/firewallcmd-ipset.conf: fixed create of set for ipv6 (missing family inet6, gh-1990)
  • filter.d/sshd.conf:
  • extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors (gh-1943, gh-1944);
  • fixed failregex in order to avoid banning of legitimate users with multiple public keys (gh-2014, gh-1263);

New Features

  • datedetector: extended default date-patterns (allows extra space between the date and time stamps); introduces 2 new format directives (with corresponding %Ex prefix for more precise parsing):
  • %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock, (corresponds %H, but allows space if not zero-padded).
  • %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock, (corresponds %I, but allows space if not zero-padded).
  • filter.d/exim.conf: added mode aggressive to ban flood resp. DDOS-similar failures (gh-1983);
  • New Actions:
  • action.d/nginx-block-map.conf - in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file);

Enhancements

  • jail.conf: extended with new parameter mode for the filters supporting it (gh-1988);
  • Introduced new parameters for logging within fail2ban-server (gh-1980). Usage logtarget = target[facility=..., datetime=on|off, format="..."]:
  • facility - specify syslog facility (default daemon, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler for the list of facilities);
  • datetime - add date-time to the message (default on, ignored if format specified);
  • format - specify own format how it will be logged, for example for short-log into STDOUT: fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d | %(message)s"]' start;
  • Automatically recover or recreate corrupt persistent database (e. g. if failed to open with 'database disk image is malformed'). Fail2ban will create a backup, try to repair the database, if repair fails - recreate new database (gh-1465, gh-2004).

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-37f01b2610

This update has been submitted for testing by orion.

6 years ago

This update has been pushed to testing.

6 years ago
User Icon filiperosset commented & provided feedback 6 years ago
karma

no regressions noted

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

6 years ago

This update has been submitted for batched by orion.

6 years ago

This update has been submitted for stable by bodhi.

6 years ago

This update has been pushed to stable.

6 years ago

Please login to add feedback.

Metadata
Type
bugfix
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
6 years ago
in testing
6 years ago
in stable
6 years ago
BZ#1533760 fail2ban fails to create ipset rules
0
0

Automated Test Results