0.8.12 Release
New bits:
Log rotation can now occur with the command "flushlogs" rather than reloading fail2ban or keeping the logtarget settings consistent in jail.conf/local and /etc/logrotate.d/fail2ban. (Debian bug #697333, Redhat bug #891798).
Added ignorecommand option for allowing dynamic determination as to ignore and IP or not.
Remove indentation of name and loglevel while logging to SYSLOG to resolve syslog(-ng) parsing problems. (Debian bug #730202). Log lines now also report "[PID]" after the name portion too.
Epoch dates can now be enclosed within []
New actions:
- badips
- firewallcmd-ipset
- ufw
- blocklist_de
New filters:
- solid-pop3d
- nsd
- openwebmail
- horde
- freeswitch
- squid
- ejabberd
- openwebmail
- groupoffice
Filter improvements:
- apache-noscript now includes php cgi scripts
- exim-spam filter to match spamassassin log entry for option SAdevnull.
- Added to sshd filter expression for "Received disconnect from : 3: Auth fail"
- Improved ACL-handling for Asterisk
- Added improper command pipelining to postfix filter.
General fixes:
- Added lots of jail.conf entries for missing filters that creaped in over the last year.
- synchat changed to use push method which verifies whether all data was send. This ensures that all data is sent before closing the connection.
- Fixed python 2.4 compatibility (as sub-second in date patterns weren't 2.4 compatible)
- Complain/email actions fixed to only include relevant IPs to reporting
Filter fixes:
- Added HTTP referrer bit of the apache access log to the apache filters.
- Apache 2.4 perfork regexes fixed
- Kernel syslog expression can have leading spaces
- allow for ",milliseconds" in the custom date format of proftpd.log
- recidive jail to block all protocols
- smtps not a IANA standard so may be missing from /etc/services. Due to (still) common use 465 has been used as the explicit port number
- Filter dovecot reordered session and TLS items in regex with wider scope for session characters
Ugly Fixes (Potentially incompatible changes):
Unfortunately at the end of last release when the action firewall-cmd-direct-new was added it was too long and had a broken action check. The action was renamed to firewallcmd-new to fit within jail name name length. (#395).
Last release added mysqld-syslog-iptables as a jail configuration. This jailname was too long and it has been renamed to mysqld-syslog.
Full changes:
0.8.11...0.8.12