Yes, Hrrrm...
maxlines
> 1) together with systemd backend,
now systemd-filter replaces newlines in message from systemd journal with \n
(otherwise
multi-line parsing may be broken, because removal of matched string from multi-line buffer window
is confused by such extra new-lines, so they are retained and got matched on every followed
message, see gh-2431).local
overwrites options of .conf
for config-files
included with before/after)action.d/abuseipdb.conf
: switched to use AbuseIPDB API v2 (gh-2302)action.d/badips.py
: fixed start of banaction on demand (which may be IP-family related), gh-2390action.d/helpers-common.conf
: rewritten grep arguments, now options -wF
used to match only
whole words and fixed string (not as pattern), gh-2298filter.d/apache-auth.conf
:normal
mode (mode-controlled now) (gh-2548);mode
- normal
(default) and aggressive
filter.d/sshd.conf
:Bad protocol version identification
in ddos
and aggressive
modes (gh-2404).Disconnecting ...: Change of username or service not allowed
(gh-2239, gh-2279)Disconnected from ... [preauth]
, preauth phase only, different handling by extra
(with supplied user only) and ddos
/aggressive
mode (gh-2115, gh-2239, gh-2279)filter.d/mysqld-auth.conf
: filter.d/sendmail-reject.conf
:mode=extra
now captures port IDs of TLSMTA
and MSA
(defaults for ports 465 and 587 on some distros)files/fail2ban.service.in
: fixed systemd-unit template - missing nftables dependency (gh-2313)action.d/mail*
: fixed usage with multiple log files (ultimate fix for gh-976, gh-2341)filter.d/sendmail-reject.conf
: fixed journal usage for some systems (e. g. CentOS): if only identifier
set to sm-mta
(no unit sendmail
) for some messages (gh-2385)filter.d/asterisk.conf
: asterisk can log additional timestamp if logs into systemd-journal
(regex extended with optional part matching this, gh-2383)filter.d/postfix.conf
:errors
to match "too many errors" (gh-2439),
also included within modes normal
, more
(extra
and aggressive
), since postfix
parameter smtpd_hard_error_limit
is default 20 (additionally consider maxretry
)filter.d/named-refused.conf
:prefregex
extended, more selective now (denied/NOTAUTH suffix moved from failregex, so no catch-all there anymore)filter.d/sendmail-auth.conf
, filter.d/sendmail-reject.conf
:<CIDR>
- helper regex to match CIDR (simple integer form of net-mask);<SUBNET>
- regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);<ADDR>
, <HOST>
, <SUBNET>
) recognize IP addresses enclosed in square brackets<F-MLFGAINED>
for failregex, signaled that the access to service was gained
(ATM used similar to tag <F-NOFAIL>
, but it does not add the log-line to matches, gh-2279)logtype
(default file
for file-backends, and
journal
for journal-backends, gh-2387); can be also set to rfc5424
to force filters (which include common.conf)
to use RFC 5424 conform prefix-line per default (gh-2467);logtype
can be also used to
select short prefix-line for file-backends too for all filters using __prefix_line
(common.conf
),
if message logged only with hostname svc[nnnn]
prefix (often the case on several systems):[jail]
backend = auto
filter = flt[logtype=short]
filter.d/common.conf
: differentiate __prefix_line
for file/journal logtype's (speedup and fix parsing
of systemd-journal);filter.d/traefik-auth.conf
: used to ban hosts, that were failed through traefikfilter.d/znc-adminlog.conf
: new filter for ZNC (IRC bouncer); requires the adminlog module to be loadeddbmaxmatches
(fail2ban.conf) and maxmatches
(jail.conf) to contol
how many matches per ticket fail2ban can hold in memory and store in database (gh-2402, gh-2118);[Thread]
and option stacksize
to configure default size
of the stack for threads running in fail2ban (gh-2356), it could be set in fail2ban.local
to
avoid runtime error "can't start new thread" (see gh-969);fail2ban-client set <jain> banip <ip1> ... <ipN>
fail2ban-client set <jain> unbanip [--report-absent] <ip1> ... <ipN>
fail2ban-client set <jail> attempt <ip> [<failure-message1> ... <failure-messageN>]
action.d/nftables.conf
:nftables-allports
supports multiple protocols in single rule nownftables
:nftables-common
is removed (replaced with single action nftables
now)nftables-allports
is obsolete, superseded by nftables[type=allports]
nftables-multiport
is obsolete, superseded by nftables[type=multiport]
nftables[type=multiport]
action (single set with multiple rules
in chain), following configuration in jail would replace 3 separate actions, see
https://github.com/fail2ban/fail2ban/pull/2254#issuecomment-534684675action.d/badips.py
: option loglevel
extended with level of summary message,
following example configuration logging summary with NOTICE and rest with DEBUG log-levels:
action = badips.py[loglevel="debug, notice"]
fileOptions
to set common filter/test options for whole test-file;actionreban
or actionban
if still not defined in action);actionrepair_on_unban
set to true
);--no-check-all
to avoid check of all regex's (first matched only);-o
, --out
to set token only provided in output (disables check-all and outputs only expected data).Please login to add feedback.
This update has been submitted for testing by orion.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update has been obsoleted by fail2ban-0.10.5-2.fc31.