Fail2ban Changelog
What's new in Fail2ban 0.9.1
Nov 18, 2014- Refactoring (IMPORTANT -- Please review your setup and configuration):
- iptables-common.conf replaced iptables-blocktype.conf (iptables-blocktype.local should still be read) and now also provides defaults for the chain, port, protocol and name tags
- Fixes:
- start of file2ban aborted (on slow hosts, systemd considers the server has been timed out and kills him), see gh-824
- UTF-8 fixes in pure-ftp thanks to Johannes Weberhofer. Closes gh-806.
- systemd backend error on bad utf-8 in python3
- badips.py action error when logging HTTP error raised with badips request
- fail2ban-regex failed to work in python3 due to space/tab mix
- recidive regex samples incorrect log level
- journalmatch for recidive incorrect PRIORITY
- loglevel couldn't be changed in fail2ban.conf
- Handle case when no sqlite library is available for persistent database
- Only reban once per IP from database on fail2ban restart
- Nginx filter to support missing server_name. Closes gh-676
- fail2ban-regex assertion error caused by miscount missed lines with multiline regex
- Fix actions failing to execute for Python 3.4.0. Workaround for http://bugs.python.org/issue21207
- Database now returns persistent bans on restart (bantime < 0)
- Recursive action tags now fully processed. Fixes issue with bsd-ipfw action
- Fixed TypeError with "ipfailures" and "ipjailfailures" action tags. Thanks Serg G. Brester
- Correct times for non-timezone date times formats during DST
- Pass a copy of, not original, aInfo into actions to avoid side-effects
- Per-distribution paths to the exim's main log
- Ignored IPs are no longer banned when being restored from persistent database
- Manually unbanned IPs are now removed from persistent database, such they wont be banned again when Fail2Ban is restarted
- Pass "bantime" parameter to the actions in default jail's action definition(s)
- filters.d/sieve.conf - fixed typo in _daemon. Thanks Jisoo Park
- cyrus-imap -- also catch also failed logins via secured (imaps/pop3s). Regression was introduced while strengthening failregex in 0.8.11 (bd175f) Debian bug #755173
- postfix-sasl - added journalmatch. Thanks Luc Maisonobe
- postfix* - match with a new daemon string (postfix/submission/smtpd). Closes gh-804 . Thanks Paul Traina
- apache - added filter for AH01630 client denied by server configuration.
- New features:
- New filters:
- monit Thanks Jason H Martin
- directadmin Thanks niorg
- apache-shellshock Thanks Eugene Hopkinson (SlowRiot)
- New actions:
- symbiosis-blacklist-allports for Bytemark symbiosis firewall
- fail2ban-client can fetch the running server version
- Added Cloudflare API action
- Enhancements:
- Start performance of fail2ban-client (and tests) increased, start time and cpu usage rapidly reduced. Introduced a shared storage logic, to bypass reading lots of config files (see gh-824). Thanks to Joost Molenaar for good catch (reported gh-820).
- Fail2ban-regex - add print-all-matched option. Closes gh-652
- Suppress fail2ban-client warnings for non-critical config options
- Match non "Bye Bye" disconnect messages for sshd locked account regex
- courier-smtp filter:
- match lines with user names
- match lines containing "535 Authentication failed" attempts
- Add tag to iptables-ipsets
- Realign fail2ban log output with white space to improve readability. Does not affect SYSLOG output
- Log unhandled exceptions
- cyrus-imap: catch "user not found" attempts
- Add support for Portsentry
New in Fail2ban 0.8.12 (Jan 22, 2014)
- New bits:
- Log rotation can now occur with the command "flushlogs" rather than reloading fail2ban or keeping the logtarget settings consistent in jail.conf/local and /etc/logrotate.d/fail2ban. (Debian bug #697333, Redhat bug #891798).
- Added ignorecommand option for allowing dynamic determination as to ignore and IP or not.
- Remove indentation of name and loglevel while logging to SYSLOG to resolve syslog(-ng) parsing problems. (Debian bug #730202). Log lines now also report "[PID]" after the name portion too.
- Epoch dates can now be enclosed within []
- New actions:
- badips
- firewallcmd-ipset
- ufw
- blocklist_de
- New filters:
- solid-pop3d
- nsd
- openwebmail
- horde
- freeswitch
- squid
- ejabberd
- openwebmail
- groupoffice
- Filter improvements:
- apache-noscript now includes php cgi scripts
- exim-spam filter to match spamassassin log entry for option SAdevnull.
- Added to sshd filter expression for "Received disconnect from : 3: Auth fail"
- Improved ACL-handling for Asterisk
- Added improper command pipelining to postfix filter.
- General fixes:
- Added lots of jail.conf entries for missing filters that creaped in over the last year.
- synchat changed to use push method which verifies whether all data was send. This ensures that all data is sent before closing the connection.
- Fixed python 2.4 compatibility (as sub-second in date patterns weren't 2.4 compatible)
- Complain/email actions fixed to only include relevant IPs to reporting
- Filter fixes:
- Added HTTP referrer bit of the apache access log to the apache filters.
- Apache 2.4 perfork regexes fixed
- Kernel syslog expression can have leading spaces
- allow for ",milliseconds" in the custom date format of proftpd.log
- recidive jail to block all protocols
- smtps not a IANA standard so may be missing from /etc/services. Due to (still) common use 465 has been used as the explicit port number
- Filter dovecot reordered session and TLS items in regex with wider scope for session characters
- Ugly Fixes (Potentially incompatible changes):
- Unfortunately at the end of last release when the action firewall-cmd-direct-new was added it was too long and had a broken action check. The action was renamed to firewallcmd-new to fit within jail name name length. (#395).
- Last release added mysqld-syslog-iptables as a jail configuration. This jailname was too long and it has been renamed to mysqld-syslog.
New in Fail2ban 0.8.4 (Sep 9, 2009)
- The inode number is checked for rotation in addition to checking the first line of the file.
- The shutdown of the logging subsystem was moved out of Server.quit() to the end of Server.start(). This fixes the "cannot release un-acquired lock" error.
- The "Ban IP" command was added.
- Two new filters were added: lighttpd-fastcgi and php-url-fopen.
- The "unexpected communication error" problem was fixed by means of use_poll=False in Python 2.6 and later.
- Many more changes were made.