fail2ban/debian/NEWS

80 lines
3.8 KiB
Plaintext
Raw Normal View History

fail2ban (0.9.0+git48-gabcab00-1) experimental; urgency=low
2014-03-16 15:52:42 +00:00
[ Yaroslav Halchenko ]
* This version went through big refactoring which allowed to gain new
features such as multiline matching (see upstream's changelog for more
information).
* Although .local files are still supported, customizations are advised
to be provided under corresponding .d/ directories. E.g. see
/etc/fail2ban/jail.d/defaults-debian.conf which is where now sshd
jail is enabled by default to match previous behavior of Fail2Ban in
Debian.
[ Daniel Schaal ]
* All jails definitions were rewritten to become more concise and uniform.
From this version on log paths are defined in distro specific files,
for Debian this is in /etc/fail2ban/paths-debian.conf.
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 25 Mar 2014 08:38:31 -0400
2014-03-16 15:52:42 +00:00
fail2ban (0.8.11-1) unstable; urgency=low
* retroactive for 0.8.9: by default iptables-* actions do not simply
DROP packets from offending IP but rather reject with
icmp-port-unreachable. If DROP behaviour is preferable, provide
config/action.d/iptables-blocktype.local with [Init] section defining
blocktype = DROP or override action definition to provide
blocktype=DROP option in jail.local
* Many failregex's were tight-up in this release which could
theoretically effect operation in comparison to previous release(s).
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 16 Nov 2013 22:27:50 -0500
2010-06-29 02:13:15 +00:00
fail2ban (0.8.4-3) unstable; urgency=low
* Jail named-refused-udp is unsafe and opens possibility for easy DoS,
thus discouraged to be used, and commented out (see #583364 for more
information).
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 28 Jun 2010 22:12:22 -0400
fail2ban (0.7.1-0.2) unstable; urgency=low
fail2ban 0.7 is a complete rewrite of the 0.6 version, and if you
customized any of provided configuration or startup files
(/etc/default/fail2ban, /etc/fail2ban.conf, /etc/init.d/fail2ban),
please read further. The configuration scheme has changed upstream:
0.7 ignores /etc/fail2ban.conf and instead uses a split configuration
under /etc/fail2ban/. To retain your customizations, for example to
monitor anything other than sshd, you will need to set them under that
new directory; use *.local files for customizations. Please see
/usr/share/doc/fail2ban/README.Debian.gz and
http://fail2ban.sourceforge.net for further description of new
configuration scheme. Detailed documentation is under development (see
#400416). When you are satisfied with the new settings, please delete
/etc/fail2ban.conf to avoid confusion.
Fail2ban 0.7 uses client/server architecture and fail2ban-client is to
substitute fail2ban command to provide an interface between the user and
fail2ban-server. That is why some command line parameters present in
fail2ban 0.6 are invalid in fail2ban-client. Such change affects
/etc/default/fail2ban; you should review that file if you customized it.
Please enable sections as directed in README.Debian.gz mentioned above.
You must use newly shipped init.d/fail2ban, or otherwise fail2ban will
not start.
This note was rewritten in release 0.7.5-2 to clarify its meaning.
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 9 Dec 2006 18:24:36 -0500
2006-02-10 18:08:22 +00:00
fail2ban (0.6.0-4) unstable; urgency=low
In this version the new section ApacheAttacks was introduced to ban IPs
which are found to run some known attack on the host. For now it captures
2006-02-16 16:19:58 +00:00
just awstats and mambo related attacks. To make this feature work, the bug of
2006-02-16 15:53:38 +00:00
wrongly specified timeregexp for Apache's access.log file was fixed.
Besides that group of log files has changed to be adm, and now they are
2006-02-16 16:19:58 +00:00
readable by the group.
2006-02-10 18:08:22 +00:00
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 10 Feb 2006 13:05:07 -0500