obsolete

fail2ban-0.10.4-1.fc28

FEDORA-2018-b5cea96856 created by orion 5 years ago for Fedora 28

Update to 0.10.4

Fixes

  • filter.d/dovecot.conf:
    • failregex enhancement to catch sql password mismatch errors (gh-2153);
    • disconnected with "proxy dest auth failed" (gh-2184);
  • filter.d/freeswitch.conf:
    • provide compatibility for log-format from gh-2193:
      • extended with new default date-pattern ^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)? to cover YYYY-mm-dd HH:MM::SS.ms as well as mm-dd HH:MM::SS.ms (so year is optional);
      • more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
    • extended with mode parameter, allows to avoid matching of messages like auth challenge (REGISTER) (see gh-2163) (currently extra as default to be backwards-compatible), see comments in filter how to set it to mode normal.
  • filter.d/domino-smtp.conf:
    • recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
    • failregex extended to catch connections rejected for policy reasons (gh-2228);
  • action.d/hostsdeny.conf: fix parameter in config (dynamic parameters stating with '_' are protected and don't allowed in command-actions), see gh-2114;
  • decoding stability fix by wrong encoded characters like utf-8 surrogate pairs, etc (gh-2171):
    • fail2ban running in the preferred encoding now (as default encoding also within python 2.x), mostlyUTF-8 in opposite to ascii previously, so minimizes influence of implicit conversions errors;
    • actions: avoid possible conversion errors on wrong-chars by replace tags;
    • database: improve adapter/converter handlers working on invalid characters in sense of json and/or sqlite-database; additionally both are exception-safe now, so avoid possible locking of database (closes gh-2137);
    • logging in fail2ban is process-wide exception-safe now.
  • repaired start-time of initial seek to time (as well as other log-parsing related data), if parameter logpath specified before findtime, backend, datepattern, etc (gh-2173)
  • systemd: fixed type error on option journalflags: an integer is required (gh-2125);

New Features

  • new option ignorecache to improve performance of ignore failure check (using caching of ignoreip, ignoreself and ignorecommand), see man jail.conf for syntax-example;
  • ignorecommand extended to use actions-similar replacement (capable to interpolate all possible tags like <ip-host>, <family>, <fid>, F-USER etc.)

Enhancements

  • filter.d/dovecot.conf: extended with tags F-USER (and alternatives) to collect user-logins (gh-2168)
  • since v.0.10.4, fail2ban-client, fail2ban-server and fail2ban-regex will return version without logo info, additionally option -V can be used to get version in normalized machine-readable short format.

This update has been submitted for testing by orion.

5 years ago

What happened to support for fail2ban in EPEL-7 and EL6??

Looks like last EPEL-7 version was over a year ago and still a 9.x version. Last EL6 version is even farther back...

This update has been pushed to testing.

5 years ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

5 years ago
User Icon filiperosset commented & provided feedback 5 years ago
karma

no regressions noted


Please login to add feedback.

Metadata
Type
enhancement
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago

Automated Test Results