Fail2Ban v0.9.2 Release Notes
Release Date: 2015-04-29 // about 9 years ago-
๐ Fixes
- ๐ Fix ufw action commands
- infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907. Thanks TonyThompson
- port[s] typo in jail.conf/nginx-http-auth gh-913. Thanks Frederik Wagner (fnerdwq)
- $ typo in jail.conf. Thanks Skibbi. Debian bug #767255
- grep'ing for IP in *mail-whois-lines.conf should now match also at the beginning and EOL. Thanks Dean Lee
jail.conf
php-url-fopen
: separate logpath entries by newline
- failregex declared direct in jail was joined to single line (specifying of multiple expressions was not possible).
- ๐
filters.d/exim.conf
- cover different settings of exim logs details. Thanks bes.internal filter.d/postfix-sasl.conf
- failregex is now case insensitivefilters.d/postfix.conf
- add 'Client host rejected error message' failregexfail2ban/__init__.py
- add strptime thread safety hack-around- 0๏ธโฃ recidive uses
iptables-allports
banaction by default now. Avoids problems with iptables versions not understanding 'all' for protocols and ports filter.d/dovecot.conf
- match pam_authenticate line from EL7
- match unknown user line from EL7
- ๐ Use
use_poll=True
for Python 2.7 and >=3.4 to overcome "Bad file descriptor" msgs issue (gh-161) filter.d/postfix-sasl.conf
- tweak failregex and add ignoreregex to ignore system authentication issues- fail2ban-regex reads filter file(s) completely, incl. '.local' file etc. (gh-954)
- firewallcmd-* actions: split output into separate lines for grepping (gh-908)
- Guard unicode encode/decode issues while storing records in the database. Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot for reporting
filter.d/sshd
added regex for matching openSUSE ssh authentication failurefilter.d/asterisk.conf
:- Dropped "Sending fake auth rejection" failregex since it incorrectly targets the asterisk server itself
- match "hacking attempt detected" logs
๐ New Features
- ๐ New filters:
- postfix-rbl Thanks Lee Clemens
- apache-fakegooglebot.conf Thanks Lee Clemens
- nginx-botsearch Thanks Frantisek Sumsal
- drupal-auth Thanks Lee Clemens
- ๐ New recursive embedded substitution feature added:
<<PREF>HOST>
becomes<IPV4HOST>
for PREF=IPV4
;<<PREF>HOST>
becomes1.2.3.4
for PREF=IPV4
and IPV4HOST=1.2.3.4
;
- ๐ New interpolation feature for config readers -
%(known/parameter)s
. (means last known option with nameparameter
). This interpolation makes possible to extend a stock filter or jail regexp in .local file (opposite to simply set failregex/ignoreregex that overwrites it), see gh-867. - Monit config for fail2ban in
files/monit/
- ๐ New actions:
action.d/firewallcmd-multiport
andaction.d/firewallcmd-allports
Thanks Donald Yandtaction.d/sendmail-geoip-lines.conf
action.d/nsupdate
to update DNSBL. Thanks Andrew St. Jean
- ๐ New status argument for fail2ban-client -- flavor:
fail2ban-client status <jail> [flavor]
- empty or "basic" works as-is
- "cymru" additionally prints (ASN, Country RIR) per banned IP (requires dnspython or dnspython3)
- ๐ฆ Flush log at USR1 signal
โจ Enhancements
- Enable multiport for firewallcmd-new action. Closes gh-834
- files/debian-initd migrated from the debian branch and should be suitable for manual installations now (thanks Juan Karlo de Guzman)
- Define empty ignoreregex in filters which didn't have it to avoid warnings (gh-934)
action.d/{sendmail-*,xarf-login-attack}.conf
- report local timezone not UTC time/zone. Closes gh-911- ๐ฒ Conditionally log Ignore IP with reason (dns, ip, command). Closes gh-916
- โ Absorbed DNSUtils.cidr into addr2bin in filter.py, added unittests
- โ Added syslogsocket configuration to fail2ban.conf
- Note in the
jail.conf
for the recidive jail to increase dbpurgeage (gh-964)