stable

fail2ban-0.11.1-4.fc32

FEDORA-2020-61ddf63527 created by orion 4 years ago for Fedora 32

ver. 0.11.1 (2020/01/11) - this-is-the-way

Compatibility:

  • to v.0.10:
  • 0.11 is totally compatible to 0.10 (configuration- and API-related stuff), but the database got some new tables and fields (auto-converted during the first start), so once updated to 0.11, you have to remove the database /var/lib/fail2ban/fail2ban.sqlite3 (or its different to 0.10 schema) if you would need to downgrade to 0.10 for some reason.
  • to v.0.9:
  • Filter (or failregex) internal capture-groups:

    • If you've your own failregex or custom filters using conditional match (?P=host), you should rewrite the regex like in example below resp. using (?:(?P=ip4)|(?P=ip6) instead of (?P=host) (or (?:(?P=ip4)|(?P=ip6)|(?P=dns)) corresponding your usedns and raw settings).

    Of course you can always define your own capture-group (like below _cond_ip_) to do this. testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" * New internal groups (currently reserved for internal usage): ip4, ip6, dns, fid, fport, additionally user and another captures in lower case if mapping from tag <F-*> used in failregex (e. g. user by <F-USER>).

  • v.0.10 and 0.11 use more precise date template handling, that can be theoretically incompatible to some user configurations resp. datepattern.

  • Since v0.10 fail2ban supports the matching of IPv6 addresses, but not all ban actions are IPv6-capable now.

Fixes

  • purge database will be executed now (within observer).
  • restoring currently banned ip after service restart fixed (now < timeofban + bantime), ignore old log failures (already banned)
  • upgrade database: update new created table bips with entries from table bans (allows restore current bans after upgrade from version <= 0.10)

New Features

  • Increment ban time (+ observer) functionality introduced.
  • Database functionality extended with bad ips.
  • New tags (usable in actions):
  • <bancount> - ban count of this offender if known as bad (started by 1 for unknown)
  • <bantime> - current ban-time of the ticket (prolongation can be retarded up to 10 sec.)
  • Introduced new action command actionprolong to prolong ban-time (e. g. set new timeout if expected); Several actions (like ipset, etc.) rewritten using net logic with actionprolong. Note: because ban-time is dynamic, it was removed from jail.conf as timeout argument (check jail.local).

Enhancements

  • algorithm of restore current bans after restart changed: update the restored ban-time (and therefore end of ban) of the ticket with ban-time of jail (as maximum), for all tickets with ban-time greater (or persistent); not affected if ban-time of the jail is unchanged between stop/start.
  • added new setup-option --without-tests to skip building and installing of tests files (gh-2287).
  • added new command fail2ban-client get <JAIL> banip ?sep-char|--with-time? to get the banned ip addresses (gh-1916).

Include selinux policy in package

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2020-61ddf63527

This update has been submitted for testing by orion.

4 years ago

This update's test gating status has been changed to 'waiting'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

This update has been pushed to testing.

4 years ago

This update can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by pwalter.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
enhancement
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago

Automated Test Results