New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
reload in interactive mode shows some errors #825
Comments
sebres
added a commit
to sebres/fail2ban
that referenced
this issue
Jun 22, 2015
sebres
added a commit
to sebres/fail2ban
that referenced
this issue
Jun 22, 2015
yarikoptic
added a commit
that referenced
this issue
Aug 1, 2015
ver. 0.9.3 (2015/08/01) - lets-all-stay-friends ---------- - IMPORTANT incompatible changes: * filter.d/roundcube-auth.conf - Changed logpath to 'errors' log (was 'userlogins') * action.d/iptables-common.conf - All calls to iptables command now use -w switch introduced in iptables 1.4.20 (some distribution could have patched their earlier base version as well) to provide this locking mechanism useful under heavy load to avoid contesting on iptables calls. If you need to disable, define 'action.d/iptables-common.local' with empty value for 'lockingopt' in `[Init]` section. * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines actions now include by default only the first 1000 log lines in the emails. Adjust <grepopts> to augment the behavior. - Fixes: * reload in interactive mode appends all the jails twice (gh-825) * reload server/jail failed if database used (but was not changed) and some jail active (gh-1072) * filter.d/dovecot.conf - also match unknown user in passwd-file. Thanks Anton Shestakov * Fix fail2ban-regex not parsing journalmatch correctly from filter config * filter.d/asterisk.conf - fix security log support for Asterisk 12+ * filter.d/roundcube-auth.conf - Updated regex to work with 'errors' log (1.0.5 and 1.1.1) - Added regex to work with 'userlogins' log * action.d/sendmail*.conf - use LC_ALL (superseeding LC_TIME) to override locale on systems with customized LC_ALL * performance fix: minimizes connection overhead, close socket only at communication end (gh-1099) * unbanip always deletes ip from database (independent of bantime, also if currently not banned or persistent) * guarantee order of dbfile to be before dbpurgeage (gh-1048) * always set 'dbfile' before other database options (gh-1050) * kill the entire process group of the child process upon timeout (gh-1129). Otherwise could lead to resource exhaustion due to hanging whois processes. * resolve /var/run/fail2ban path in setup.py to help installation on platforms with /var/run -> /run symlink (gh-1142) - New Features: * RETURN iptables target is now a variable: <returntype> * New type of operation: pass2allow, use fail2ban for "knocking", opening a closed port by swapping blocktype and returntype * New filters: - froxlor-auth - Thanks Joern Muehlencord - apache-pass - filter Apache access log for successful authentication * New actions: - shorewall-ipset-proto6 - using proto feature of the Shorewall. Still requires manual pre-configuration of the shorewall. See the action file for detail. * New jails: - pass2allow-ftp - allows FTP traffic after successful HTTP authentication - Enhancements: * action.d/cloudflare.conf - improved documentation on how to allow multiple CF accounts, and jail.conf got new compound action definition action_cf_mwl to submit cloudflare report. * Check access to socket for more detailed logging on error (gh-595) * fail2ban-testcases man page * filter.d/apache-badbots.conf, filter.d/nginx-botsearch.conf - add HEAD method verb * Revamp of Travis and coverage automated testing * Added a space between IP address and the following colon in notification emails for easier text selection * Character detection heuristics for whois output via optional setting in mail-whois*.conf. Thanks Thomas Mayer. Not enabled by default, if _whois_command is set to be %(_whois_convert_charset)s (e.g. in action.d/mail-whois-common.local), it - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command - converts whois data to UTF-8 character set with iconv - sends the whois output in UTF-8 character set to mail program - avoids that heirloom mailx creates binary attachment for input with unknown character set * tag '0.9.3': (99 commits) Release changes (too much of manual "labor"! ;)) BF: realpath for /var/run/fail2ban Closes #1142 Changelog entry for killpg fix Changelog entries for Serge's fixes bug fix: option 'dbpurgeage' was never set (always default) by start of fail2ban, because of invalid sorting of options ('dbfile' should be always set before other database options) / closes #1048, closes #1050 BF: guarantee order of dbfile to be before dbpurgeage (Closes #1048) DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description DOC: moved and adjusted changelog entry from 0.9.2 within 0.9.3 to come TST: test to verify killing stuck children processes BF: kill the entire process group upon timeout (Close #1129) Limit the number of log lines in *-lines.conf actions ipjailmatches is on one line with its description in man jail.conf DOC: Changelog for iptables -w change Remove self.printlog() call Remove literal "TODO" from method's name BF: do not wrap iptables into itself. Thanks Lee Added a space between IP address and the following colon BF: symbiosis-blacklist-allports now also requires iptables-common.conf RF: use <iptables> to take effect of it being a parameter ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter ...
xrg
added a commit
to xrg/fail2ban
that referenced
this issue
Oct 13, 2015
ver. 0.9.3 (2015/08/01) - lets-all-stay-friends ---------- - IMPORTANT incompatible changes: * filter.d/roundcube-auth.conf - Changed logpath to 'errors' log (was 'userlogins') * action.d/iptables-common.conf - All calls to iptables command now use -w switch introduced in iptables 1.4.20 (some distribution could have patched their earlier base version as well) to provide this locking mechanism useful under heavy load to avoid contesting on iptables calls. If you need to disable, define 'action.d/iptables-common.local' with empty value for 'lockingopt' in `[Init]` section. * mail-whois-lines, sendmail-geoip-lines and sendmail-whois-lines actions now include by default only the first 1000 log lines in the emails. Adjust <grepopts> to augment the behavior. - Fixes: * reload in interactive mode appends all the jails twice (fail2bangh-825) * reload server/jail failed if database used (but was not changed) and some jail active (fail2bangh-1072) * filter.d/dovecot.conf - also match unknown user in passwd-file. Thanks Anton Shestakov * Fix fail2ban-regex not parsing journalmatch correctly from filter config * filter.d/asterisk.conf - fix security log support for Asterisk 12+ * filter.d/roundcube-auth.conf - Updated regex to work with 'errors' log (1.0.5 and 1.1.1) - Added regex to work with 'userlogins' log * action.d/sendmail*.conf - use LC_ALL (superseeding LC_TIME) to override locale on systems with customized LC_ALL * performance fix: minimizes connection overhead, close socket only at communication end (fail2bangh-1099) * unbanip always deletes ip from database (independent of bantime, also if currently not banned or persistent) * guarantee order of dbfile to be before dbpurgeage (fail2bangh-1048) * always set 'dbfile' before other database options (fail2bangh-1050) * kill the entire process group of the child process upon timeout (fail2bangh-1129). Otherwise could lead to resource exhaustion due to hanging whois processes. * resolve /var/run/fail2ban path in setup.py to help installation on platforms with /var/run -> /run symlink (fail2bangh-1142) - New Features: * RETURN iptables target is now a variable: <returntype> * New type of operation: pass2allow, use fail2ban for "knocking", opening a closed port by swapping blocktype and returntype * New filters: - froxlor-auth - Thanks Joern Muehlencord - apache-pass - filter Apache access log for successful authentication * New actions: - shorewall-ipset-proto6 - using proto feature of the Shorewall. Still requires manual pre-configuration of the shorewall. See the action file for detail. * New jails: - pass2allow-ftp - allows FTP traffic after successful HTTP authentication - Enhancements: * action.d/cloudflare.conf - improved documentation on how to allow multiple CF accounts, and jail.conf got new compound action definition action_cf_mwl to submit cloudflare report. * Check access to socket for more detailed logging on error (fail2bangh-595) * fail2ban-testcases man page * filter.d/apache-badbots.conf, filter.d/nginx-botsearch.conf - add HEAD method verb * Revamp of Travis and coverage automated testing * Added a space between IP address and the following colon in notification emails for easier text selection * Character detection heuristics for whois output via optional setting in mail-whois*.conf. Thanks Thomas Mayer. Not enabled by default, if _whois_command is set to be %(_whois_convert_charset)s (e.g. in action.d/mail-whois-common.local), it - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command - converts whois data to UTF-8 character set with iconv - sends the whois output in UTF-8 character set to mail program - avoids that heirloom mailx creates binary attachment for input with unknown character set Conflicts: config/jail.conf
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If I start fail2ban-client in interactive mode (-i), I see some errors using reload (still I don't know is it only a info or not)...
I have it in upstream/master and all my branches (was found within #824).
Just added as issue (to not forget), will assign it to me...
The text was updated successfully, but these errors were encountered: