Fail2Ban v0.9.2

« Changelog History

Fail2Ban v0.9.2 Release Notes

• 🛠 Fixes

  • 🛠 Fix ufw action commands
  • infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907. Thanks TonyThompson
  • port[s] typo in jail.conf/nginx-http-auth gh-913. Thanks Frederik Wagner (fnerdwq)
  • $ typo in jail.conf. Thanks Skibbi. Debian bug #767255
  • grep'ing for IP in *mail-whois-lines.conf should now match also at the beginning and EOL. Thanks Dean Lee
  • jail.conf
    • php-url-fopen: separate logpath entries by newline
  • failregex declared direct in jail was joined to single line (specifying of multiple expressions was not possible).
  • 🔊 filters.d/exim.conf - cover different settings of exim logs details. Thanks bes.internal
  • filter.d/postfix-sasl.conf - failregex is now case insensitive
  • filters.d/postfix.conf - add 'Client host rejected error message' failregex
  • fail2ban/__init__.py - add strptime thread safety hack-around
  • 0️⃣ recidive uses iptables-allports banaction by default now. Avoids problems with iptables versions not understanding 'all' for protocols and ports
  • filter.d/dovecot.conf
    • match pam_authenticate line from EL7
    • match unknown user line from EL7
  • 👉 Use use_poll=True for Python 2.7 and >=3.4 to overcome "Bad file descriptor" msgs issue (gh-161)
  • filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to ignore system authentication issues
  • fail2ban-regex reads filter file(s) completely, incl. '.local' file etc. (gh-954)
  • firewallcmd-* actions: split output into separate lines for grepping (gh-908)
  • Guard unicode encode/decode issues while storing records in the database. Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot for reporting
  • filter.d/sshd added regex for matching openSUSE ssh authentication failure
  • filter.d/asterisk.conf:
    • Dropped "Sending fake auth rejection" failregex since it incorrectly targets the asterisk server itself
    • match "hacking attempt detected" logs

  🆕 New Features

  • 🆕 New filters:
    • postfix-rbl Thanks Lee Clemens
    • apache-fakegooglebot.conf Thanks Lee Clemens
    • nginx-botsearch Thanks Frantisek Sumsal
    • drupal-auth Thanks Lee Clemens
  • 🆕 New recursive embedded substitution feature added:
    • <<PREF>HOST> becomes <IPV4HOST> for PREF=IPV4;
    • <<PREF>HOST> becomes 1.2.3.4 for PREF=IPV4 and IPV4HOST=1.2.3.4;
  • 🆕 New interpolation feature for config readers - %(known/parameter)s. (means last known option with name parameter). This interpolation makes possible to extend a stock filter or jail regexp in .local file (opposite to simply set failregex/ignoreregex that overwrites it), see gh-867.
  • Monit config for fail2ban in files/monit/
  • 🆕 New actions:
    • action.d/firewallcmd-multiport and action.d/firewallcmd-allports Thanks Donald Yandt
    • action.d/sendmail-geoip-lines.conf
    • action.d/nsupdate to update DNSBL. Thanks Andrew St. Jean
  • 🆕 New status argument for fail2ban-client -- flavor: fail2ban-client status <jail> [flavor]
    • empty or "basic" works as-is
    • "cymru" additionally prints (ASN, Country RIR) per banned IP (requires dnspython or dnspython3)
  • 🚦 Flush log at USR1 signal

  ✨ Enhancements

  • Enable multiport for firewallcmd-new action. Closes gh-834
  • files/debian-initd migrated from the debian branch and should be suitable for manual installations now (thanks Juan Karlo de Guzman)
  • Define empty ignoreregex in filters which didn't have it to avoid warnings (gh-934)
  • action.d/{sendmail-*,xarf-login-attack}.conf - report local timezone not UTC time/zone. Closes gh-911
  • 🌲 Conditionally log Ignore IP with reason (dns, ip, command). Closes gh-916
  • ✅ Absorbed DNSUtils.cidr into addr2bin in filter.py, added unittests
  • ➕ Added syslogsocket configuration to fail2ban.conf
  • Note in the jail.conf for the recidive jail to increase dbpurgeage (gh-964)

• All Versions
• Previous v0.9.1
• Next v0.9.3
• Latest Version