blob: 71983906ffd64983b9f5373be27eaa28ab3ab367 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
|
__ _ _ ___ _
/ _|__ _(_) |_ ) |__ __ _ _ _
| _/ _` | | |/ /| '_ \/ _` | ' \
|_| \__,_|_|_/___|_.__/\__,_|_||_|
=============================================================
Fail2Ban (version 0.7.6) 2007/01/04
=============================================================
ver. 0.7.6 (2007/01/04) - beta
----------
- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
- Use numeric output for iptables in "actioncheck"
- Fixed removal of host in hosts.deny. Thanks to René Berber
- Added new date format (2006-12-21 06:43:20) and Exim4
filter. Thanks to mEDI
- Several "failregex" and "ignoreregex" are now accepted.
Creation of rules should be easier now.
- Added license in COPYING. Thanks to Axel Thimm
- Allow comma in action options. The value of the option must
be escaped with " or '. Thanks to Yaroslav Halchenko
- Now Fail2ban goes in /usr/share/fail2ban instead of
/usr/lib/fail2ban. This is more compliant with FHS. Thanks
to Axel Thimm and Yaroslav Halchenko
ver. 0.7.5 (2006/12/07) - beta
----------
- Do not ban a host that is currently banned. Thanks to
Yaroslav Halchenko
- The supported tags in "action(un)ban" are <ip>, <failures>
and <time>
- Fixed refactoring bug (getLastcommand -> getLastAction)
- Added option "ignoreregex" in filter scripts and jail.conf.
Feature Request #1283304
- Fixed a bug in user defined time regex/pattern
- Improved documentation
- Moved version.py and protocol.py to common/
- Merged "maxtime" option with "findtime"
- Added "<HOST>" tag support in failregex which matches
default IP address/hostname. "(?P<host>\S)" is still valid
and supported
- Fixed exception when calling fail2ban-server with unknown
option
- Fixed Debian bug 400162. The "socket" option is now handled
correctly by fail2ban-client
- Fixed RedHat init script. Thanks to Justin Shore
- Changed timeout to 30 secondes before assuming the server
cannot be started. Thanks to Joël Bertrand
ver. 0.7.4 (2006/11/01) - beta
----------
- Improved configuration files. Thanks to Yaroslav Halchenko
- Added man page for "fail2ban-regex"
- Moved ban/unban messages from "info" level to "warn"
- Added "-s" option to specify the socket path and "socket"
option in "fail2ban.conf"
- Added "backend" option in "jail.conf"
- Added more filters/actions and jail samples. Thanks to Nick
Munger, Christoph Haas
- Improved testing framework
- Fixed a bug in the return code handling of the executed
commands. Thanks to Yaroslav Halchenko
- Signal handling. There is a bug with join() and signal in
Python
- Better debugging output for "fail2ban-regex"
- Added support for more date format
- cPickle does not work with Python 2.5. Use pickle instead
(performance is not a problem in our case)
ver. 0.7.3 (2006/09/28) - beta
----------
- Added man pages. Thanks to Yaroslav Halchenko
- Added wildcard support for "logpath"
- Added Gamin (file and directory monitoring system) support
- (Re)added "ignoreip" option
- Added more concurrency protection
- First attempt at solving bug #1457620 (locale issue)
- Performance improvements
- (Re)added permanent banning with banTime < 0
- Added DNS support to "ignoreip". Feature Request #1285859
ver. 0.7.2 (2006/09/10) - beta
----------
- Refactoring and code cleanup
- Improved client output
- Added more get/set commands
- Added more configuration templates
- Removed "logpath" and "maxretry" from filter templates.
They must be defined in jail.conf now
- Added interactive mode. Use "-i"
- Added a date detector. "timeregex" and "timepattern" are no
more needed
- Added "fail2ban-regex". This is a tool to help finding
"failregex"
- Improved server communication. Start a new thread for each
incoming request. Fail2ban is not really thread-safe yet
ver. 0.7.1 (2006/08/23) - alpha
----------
- Fixed daemon mode bug
- Added Gentoo init.d script
- Fixed path bug when trying to start "fail2ban-server"
- Fixed reload command
ver. 0.7.0 (2006/08/23) - alpha
----------
- Almost a complete rewrite :) Fail2ban design is really
better (IMHO). There is a lot of new features
- Client/Server architecture
- Multithreading. Each jail has its own threads: one for the
log reading and another for the actions
- Execute several actions
- Split configuration files. They are more readable and easy
to use
- failregex uses group (<host>) now. This feature was already
present in the Debian package
- lots of things...
ver. 0.6.1 (2006/03/16) - stable
----------
- Added permanent banning. Set banTime to a negative value to
enable this feature (-1 is perfect). Thanks to Mannone
- Fixed locale bug. Thanks to Fernando José
- Fixed crash when time format does not match data
- Propagated patch from Debian to fix fail2ban search path
addition to the path search list: now it is added first.
Thanks to Nick Craig-Wood
- Added SMTP authentification for mail notification. Thanks
to Markus Hoffmann
- Removed debug mode as it is confusing for people
- Added parsing of timestamp in TAI64N format (#1275325).
Thanks to Mark Edgington
- Added patch #1382936 (Default formatted syslog logging).
Thanks to Patrick B�rjesson
- Removed 192.168.0.0/16 from ignoreip. Attacks could also
come from the local network.
- Robust startup: if iptables module does not get fully
initialized after startup of fail2ban, fail2ban will do
"maxreinit" attempts to initialize its own firewall. It
will sleep between attempts for "polltime" number of
seconds (closes Debian: #334272). Thanks to Yaroslav
Halchenko
- Added "interpolations" in fail2ban.conf. This is provided
by the ConfigParser module. Old configuration files still
work. Thanks to Yaroslav Halchenko
- Added initial support for hosts.deny and shorewall. Need
more testing. Please test. Thanks to kojiro from Gentoo
forum for hosts.deny support
- Added support for vsftpd. Thanks to zugeschmiert
ver. 0.6.0 (2005/11/20) - stable
----------
- Propagated patches introduced by Debian maintainer
(Yaroslav Halchenko):
* Added an option to report local time (including timezone)
or GMT in mail notification.
ver. 0.5.5 (2005/10/26) - beta
----------
- Propagated patches introduced by Debian maintainer
(Yaroslav Halchenko):
* Introduced fwcheck option to verify consistency of the
chains. Implemented automatic restart of fail2ban main
function in case check of fwban or fwunban command failed
(closes: #329163, #331695). (Introduced patch was further
adjusted by upstream author).
* Added -f command line parameter for [findtime].
* Added a cleanup of firewall rules on emergency shutdown
when unknown exception is catched.
* Fail2ban should not crash now if a wrong file name is
specified in config.
* reordered code a bit so that log targets are setup right
after background and then only loglevel (verbose, debug)
is processed, so the warning could be seen in the logs
* Added a keyword <section> in parsing of the subject and
the body of an email sent out by fail2ban (closes:
#330311)
ver. 0.5.4 (2005/09/13) - beta
----------
- Fixed bug #1286222.
- Propagated patches introduced by Debian maintainer
(Yaroslav Halchenko):
* Fixed handling of SYSLOG logging target. Now it can log
to any SYSLOG target and facility as directed by the
config
* Format of SYSLOG entries fixed to look closer to standard
* Fixed errata in config/gentoo-confd
* Introduced findtime configuration variable to control the
lifetime of caught "failed" log entries
ver. 0.5.3 (2005/09/08) - beta
----------
- Fixed a bug when overriding "maxfailures" or "bantime".
Thanks to Yaroslav Halchenko
- Added more debug output if an error occurs when sending
mail. Thanks to Stephen Gildea
- Renamed "maxretry" to "maxfailures" and changed default
value to 5. Thanks to Stephen Gildea
- Hopefully fixed bug #1256075
- Fixed bug #1262345
- Fixed exception handling in PIDLock
- Removed warning when using "-V" or "-h" with no config
file. Thanks to Yaroslav Halchenko
- Removed "-i eth0" from config file. Thanks to Yaroslav
Halchenko
ver. 0.5.2 (2005/08/06) - beta
----------
- Better PID lock file handling. Should close #1239562
- Added man pages
- Removed log4py dependency. Use logging module instead
- "maxretry" and "bantime" can be overridden in each section
- Fixed bug #1246278 (excessive memory usage)
- Fixed crash on wrong option value in configuration file
- Changed custom chains to lowercase
ver. 0.5.1 (2005/07/23) - beta
----------
- Fixed bugs #1241756, #1239557
- Added log targets in configuration file. Removed -l option
- Changed iptables rules in order to create a separated chain
for each section
- Fixed static banList in firewall.py
- Added an initd script for Debian. Thanks to Yaroslav
Halchenko
- Check for obsolete files after install
ver. 0.5.0 (2005/07/12) - beta
----------
- Added support for CIDR mask in ignoreip
- Added mail notification support
- Fixed bug #1234699
- Added tags replacement in rules definition. Should allow a
clean solution for Feature Request #1229479
- Removed "interface" and "firewall" options
- Added start and end commands in the configuration file.
Thanks to Yaroslav Halchenko
- Added firewall rules definition in the configuration file
- Cleaned fail2ban.py
- Added an initd script for RedHat/Fedora. Thanks to Andrey
G. Grozin
ver. 0.4.1 (2005/06/30) - stable
----------
- Fixed textToDNS method which generated wrong matches for
"rhost=12-xyz...". Thanks to Tom Pike
- fail2ban.conf modified for readability. Thanks to Iain Lea
- Added an initd script for Gentoo
- Changed default PID lock file location from /tmp to
/var/run
ver. 0.4.0 (2005/04/24) - stable
----------
- Fixed textToDNS which did not recognize strings like
"12-345-67-890.abcd.mnopqr.xyz"
ver. 0.3.1 (2005/03/31) - beta
----------
- Corrected level of messages
- Added DNS lookup support
- Improved parsing speed. Only parse the new log messages
- Added a second verbose level (-vv)
ver. 0.3.0 (2005/02/24) - beta
----------
- Re-writting of parts of the code in order to handle several
log files with different rules
- Removed sshd.py because it is no more needed
- Fixed a bug when exiting with IP in the ban list
- Added PID lock file
- Improved some parts of the code
- Added ipfw-start-rule option (thanks to Robert Edeker)
- Added -k option which kills a currently running Fail2Ban
ver. 0.1.2 (2004/11/21) - beta
----------
- Add ipfw and ipfwadm support. The rules are taken from
BlockIt. Thanks to Robert Edeker
- Add -e option which allows to set the interface. Thanks to
Robert Edeker who reminded me this
- Small code cleaning
ver. 0.1.1 (2004/10/23) - beta
----------
- Add SIGTERM handler in order to exit nicely when in daemon
mode
- Add -r option which allows to set the maximum number of
login failures
- Remove the Metalog class as the log file are not so syslog
daemon specific
- Rewrite log reader to be service centered. Sshd support
added. Match "Failed password" and "Illegal user"
- Add /etc/fail2ban.conf configuration support
- Code documentation
ver. 0.1.0 (2004/10/12) - alpha
----------
- Initial release
|
