0.10.4?

[yarikoptic]

Hi @sebres
Thanks for pushing the beast forward and beyond ;) I need to update package in Debian (now good old 0.10.2 fails with python3.7) and thought if you have plans to push out a fresh bugfix in 0.10.x?

[sebres]

Yes, sir! As soon as I got fixed #2137 and pair other still open bugs... (and will take a look what going wrong with py-3.7)

[sebres]

@yarikoptic so #2137 seems to be fixed now in #2171 (waiting for confirmation, self test)...
I will release it hereafter as soon as possible.

BTW. Could you take a look into #2148 (e. g. you know better as regards the old debian distro's)... and/or just close it if answered.

[sebres]

Too many things todo, but the grave things have gone, so I would say, let us do a release 0.10.4 as is.
I'll do it at begin of the next week, if no objections follow (otherwise 0.10.5 will arrive just earlier).

[yarikoptic]

sounds great, I will hopefully give it some testing also over weekend

[spinenkoia]

I see a branch 0.11, still waiting for the release 0.10.4, or will be 0.11 ?

[sebres]

at the moment we have following branches:

• ver. 0.11 - development nightly edition (not yet officially released, release date still open)
• ver. 0.10 - stable edition (released, further development)
• ver. 0.9 - obsolete edition (development discontinued)

So 0.10.4 will be indeed released soon, and hopefully rolled out for all distributions (at least which already using 0.10 branch). But it is the thing of maintainers.

As regards the 0.11th - ATM, I don't know exact time point I'll release it. As soon as possible (but no time to fulfill some things still bothered me to make official release).
But it should not hold you up to try the newest version if you want (see our wiki here for more details).

[spinenkoia]

Got it, thanks for the explanation

[evilplan]

Are there particular issues you'd like users to pay attention to when using 0.11 Sergey? The only real problem I have with 0.11 is when I run "complicated" jails that have large numbers of ignoreregexes, (it eventually sticks at 100% CPU usage and no more f2b work gets done, but I've never been able to make a test case to show you). Other than that, the build has been wonderfully stable for me. -- Tony Collins

[sebres]

Are there particular issues you'd like users to pay attention to when using 0.11

Not that I remember. Excepting one: once executed the fail2ban-database will be converted to new version (with no fallback possibility), so one should delete it if he want back to 0.10.

The only real problem I have ... have large numbers of ignoreregexes... 100% last

I don't know what exactly can cause this, possibly just very large "parasite" traffic in the log-file (too many messages that fail2ban has to process), but:

• there is no differences between 0.10 and 0.11 as regards the message matching (so you'll see the same in 0.10, possibly still worse);
• to "fix" it for you, you could:
  • optimize the regexp's (meant both - failregex and ignoreregex);
  • use common prefregex (and short and efficient as possible);
  • reorganize the regexp order by occurrence in log (frequently as first);
  • try to minimize count of log-messages in observing log-file, e. g. by means of extracting the failures by application/service into separate log (e. g. by nginx via extra location for 40x|50x-error codes with own extra access-log set in location) or using re-targeting in rsyslog.

[evilplan]

Thank you so much - the fixes you have just suggested have really opened my eyes! I honestly never realised that my regex choices could have this kind of impact (for example: for clarity I list all my regexes in alphabetical order, which it seems could cause fail2ban to work a lot harder!). Your reply is extremely helpful. I appreciate that I am posting on someone else's "issue"; I will open a topic about regex optimisation soon, giving examples from my .conf and asking advice, as I think it might be helpful to others. Perhaps I can then write a guide for users. I would love to contribute in that way. Tony Collins RMT Tier 1 Health & Safety Representative Edgware Road Traincrew Depot 07949 228324

…

On 26 July 2018 at 13:06, Sergey G. Brester ***@***.***> wrote: Are there particular issues you'd like users to pay attention to when using 0.11 Not that I remember. Excepting one: once executed the fail2ban-database will be converted to new version (with no fallback possibility), so one should delete it if he want back to 0.10. The only real problem I have ... have large numbers of ignoreregexes... 100% last I don't know what exactly can cause this, possibly just very large "parasite" traffic in the log-file (too many messages that fail2ban has to process), but: - there is no differences between 0.10 and 0.11 as regards the message matching (so you'll see the same in 0.10, possibly still worse); - to "fix" it for you, you could: - optimize the regexp's (meant both - failregex and ignoreregex); - use common prefregex (and short and efficient as possible); - reorganize the regexp order by occurrence in log (frequently as first); - try to minimize count of log-messages in observing log-file, e. g. by means of extracting the failures by application/service into separate log (e. g. by nginx via extra location for 40x|50x-error codes with own extra access-log set in location) or using re-targeting in rsyslog. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#2170 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AEwhqGinb8IOIa3FYu8Y5uhOGU2KV0qXks5uKbDHgaJpZM4VBMQJ> .

[sebres]

@evilplan yw...
Also note, there is a wiki above and it says every welcome to enhance (e. g. possibly to provide some new article for "best practice").

[sebres]

a bit later as promised (but even convenient to 10/04) - here is 0.10.4 released.
@fail2ban/maintainers, @yarikoptic please update & release.

[sebres]

@evilplan et al. The how-to's above were rewritten as part of new wiki article Best practice :: wiki.