Skip to content

0.8.12 Release
Compare
Choose a tag to compare
@grooverdan grooverdan released this 21 Jan 21:12
· 4041 commits to master since this release
0.8.12
33dd173

New bits:

Log rotation can now occur with the command "flushlogs" rather than reloading fail2ban or keeping the logtarget settings consistent in jail.conf/local and /etc/logrotate.d/fail2ban. (Debian bug #697333, Redhat bug #891798).

Added ignorecommand option for allowing dynamic determination as to ignore and IP or not.

Remove indentation of name and loglevel while logging to SYSLOG to resolve syslog(-ng) parsing problems. (Debian bug #730202). Log lines now also report "[PID]" after the name portion too.

Epoch dates can now be enclosed within []

New actions:

  • badips
  • firewallcmd-ipset
  • ufw
  • blocklist_de

New filters:

  • solid-pop3d
  • nsd
  • openwebmail
  • horde
  • freeswitch
  • squid
  • ejabberd
  • openwebmail
  • groupoffice

Filter improvements:

  • apache-noscript now includes php cgi scripts
  • exim-spam filter to match spamassassin log entry for option SAdevnull.
  • Added to sshd filter expression for "Received disconnect from : 3: Auth fail"
  • Improved ACL-handling for Asterisk
  • Added improper command pipelining to postfix filter.

General fixes:

  • Added lots of jail.conf entries for missing filters that creaped in over the last year.
  • synchat changed to use push method which verifies whether all data was send. This ensures that all data is sent before closing the connection.
  • Fixed python 2.4 compatibility (as sub-second in date patterns weren't 2.4 compatible)
  • Complain/email actions fixed to only include relevant IPs to reporting

Filter fixes:

  • Added HTTP referrer bit of the apache access log to the apache filters.
  • Apache 2.4 perfork regexes fixed
  • Kernel syslog expression can have leading spaces
  • allow for ",milliseconds" in the custom date format of proftpd.log
  • recidive jail to block all protocols
  • smtps not a IANA standard so may be missing from /etc/services. Due to (still) common use 465 has been used as the explicit port number
  • Filter dovecot reordered session and TLS items in regex with wider scope for session characters

Ugly Fixes (Potentially incompatible changes):

Unfortunately at the end of last release when the action firewall-cmd-direct-new was added it was too long and had a broken action check. The action was renamed to firewallcmd-new to fit within jail name name length. (#395).

Last release added mysqld-syslog-iptables as a jail configuration. This jailname was too long and it has been renamed to mysqld-syslog.

Full changes:
0.8.11...0.8.12

Assets 6