stable

fail2ban-0.10.4-1.el7

FEDORA-EPEL-2019-dac149ad76 created by orion 4 years ago for Fedora EPEL 7

Update to 0.10.4

Incompatibility list (compared to v.0.9):

  • Filter (or failregex) internal capture-groups:

  • If you've your own failregex or custom filters using conditional match (?P=host), you should rewrite the regex like in example below resp. using (?:(?P=ip4)|(?P=ip6) instead of (?P=host) (or (?:(?P=ip4)|(?P=ip6)|(?P=dns)) corresponding your usedns and raw settings).

    Of course you can always define your own capture-group (like below _cond_ip_) to do this. testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" - New internal groups (currently reserved for internal usage): ip4, ip6, dns, fid, fport, additionally user and another captures in lower case if mapping from tag <F-*> used in failregex (e. g. user by <F-USER>).

  • v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. datepattern.

  • Since v0.10 fail2ban supports the matching of IPv6 addresses, but not all ban actions are IPv6-capable now.

Also:

  • Define banaction_allports for firewalld, update banaction (bz#1775175)
  • Update sendmail-reject with TLSMTA & MSA port IDs (bz#1722625)
  • Remove config files for other distros (bz#1533113)

This update has been submitted for testing by orion.

4 years ago

This update's test gating status has been changed to 'waiting'.

4 years ago

This update's test gating status has been changed to 'ignored'.

4 years ago

This update has been pushed to testing.

4 years ago
User Icon cmadams commented & provided feedback 4 years ago
karma

Running update on CentOS 7 + EPEL and it is working for me. Thanks!

BZ#1775175 fail2ban-firewalld should define banaction_allports
User Icon robert commented & provided feedback 4 years ago

This update only works more or less, see https://bugzilla.redhat.com/show_bug.cgi?id=1777562 for SELinux details.

This update can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
unspecified
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
14 days
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1401360 postfix-rbl.conf regex for "454 4.7.1" should be "554 5.7.1" for default postfix reject_rbl_client
0
0
BZ#1725975 ssh jail bans the same IP for all log messages
0
0
BZ#1733363 The default ssd filter file /etc/fail2ban/filter.d/sshd.conf does not protect against brute force password guessing if using pam_sss for authentication.
0
0
BZ#1775175 fail2ban-firewalld should define banaction_allports
0
1

Automated Test Results