Fail2Ban v0.10.2 Release Notes
Release Date: 2018-01-18 // over 6 years ago-
Incompatibility list:
- โฌ๏ธ The configuration for jails using banaction
pf
can be incompatible after upgrade, because pf-action uses anchors now (seeaction.d/pf.conf
for more information). If you want use obsolete handling without anchors, just rewrite it in thejail.local
by overwrite ofpfctl
parameter, e. g. likebanaction = pf[pfctl="pfctl"]
.
๐ Fixes
- ๐ Fixed logging to systemd-journal: new logtarget value SYSOUT can be used instead of STDOUT, to avoid write of the time-stamp, if logging to systemd-journal from foreground mode (gh-1876)
- ๐ Fixed recognition of the new date-format on mysqld-auth filter (gh-1639)
- jail.conf: port
imap3
replaced withimap
everywhere, since imap3 is not a standard port and old rarely (if ever) used and can missing on some systems (e. g. debian stretch), see gh-1942. - config/paths-common.conf: added missing initial values (and small normalization in config/paths-*.conf) in order to avoid errors while interpolating (e. g. starting with systemd-backend), see gh-1955.
action.d/pf.conf
:- fixed syntax error in achnor definition (documentation, see gh-1919);
- enclose ports in braces for multiport jails (see gh-1925);
- ๐
action.d/firewallcmd-ipset.conf
: fixed create of set for ipv6 (missingfamily inet6
, gh-1990) filter.d/sshd.conf
:- extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors (gh-1943, gh-1944);
- fixed failregex in order to avoid banning of legitimate users with multiple public keys (gh-2014, gh-1263);
๐ New Features
- 0๏ธโฃ datedetector: extended default date-patterns (allows extra space between the date and time stamps);
introduces 2 new format directives (with corresponding %Ex prefix for more precise parsing):
- %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock, (corresponds %H, but allows space if not zero-padded).
- %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock, (corresponds %I, but allows space if not zero-padded).
filter.d/exim.conf
: added modeaggressive
to ban flood resp. DDOS-similar failures (gh-1983);- ๐ New Actions:
action.d/nginx-block-map.conf
- in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file);
โจ Enhancements
- ๐ jail.conf: extended with new parameter
mode
for the filters supporting it (gh-1988); - action.d/pf.conf: extended with bulk-unban, command
actionflush
in order to flush all bans at once. - ๐ฒ Introduced new parameters for logging within fail2ban-server (gh-1980).
Usage
logtarget = target[facility=..., datetime=on|off, format="..."]
:facility
- specify syslog facility (defaultdaemon
, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler for the list of facilities);datetime
- add date-time to the message (default on, ignored ifformat
specified);format
- specify own format how it will be logged, for example for short-log into STDOUT:fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d | %(message)s"]' start
;
- Automatically recover or recreate corrupt persistent database (e. g. if failed to open with 'database disk image is malformed'). Fail2ban will create a backup, try to repair the database, if repair fails - recreate new database (gh-1465, gh-2004).
- โฌ๏ธ The configuration for jails using banaction