|
|
|
|
fail2ban (0.5.4-6.3) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Fixed typos (thanx to Ross Boylan).
|
|
|
|
|
* Robust startup: if iptables module gets fully initialized after
|
|
|
|
|
startup of fail2ban, fail2ban will do "maxreinit" attempts to
|
|
|
|
|
initialize its own firewall. It will sleep between attempts for
|
|
|
|
|
"polltime" number of seconds (closes: #334272).
|
|
|
|
|
* To overcome possible conflict with other firewall solutions and as a
|
|
|
|
|
secondary solution for the bug 334272, fail2ban startup is moved
|
|
|
|
|
during bootup to the latest (S99) sequenece position. That should not
|
|
|
|
|
cause any discomfort I believe.
|
|
|
|
|
* Adjusted init.d script so it is resistant to delayed shutdowns of
|
|
|
|
|
fail2ban and in general more stable
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 18 Oct 2005 15:54:38 -0400
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.4-5.14) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Added a notification regarding the importance of 0.5.4-5 change of
|
|
|
|
|
failregex in the config file.
|
|
|
|
|
* Adjusted address to FSF.
|
|
|
|
|
* Adjusted failregex for SSH so it bans "Illegal user" entries as well, and
|
|
|
|
|
restricted full failregex more to include ":" at the beginning, because
|
|
|
|
|
otherwise it might not be sufficient and would revive bug 330827 (closes:
|
|
|
|
|
#333056).
|
|
|
|
|
* Adjusted failregex for SSH to accommodate recent changes in logging of
|
|
|
|
|
SSH: Illegal -> Invalid. Should match both now.
|
|
|
|
|
* Fixed a problem of raise AttributeError exception reported as a side
|
|
|
|
|
effect of crash during parsing of the config file.
|
|
|
|
|
* Introduced fwcheck option to verify consistency of the
|
|
|
|
|
chains. Implemented automatic restart of fail2ban main function in
|
|
|
|
|
case check of fwban or fwunban command failed (closes: #329163, #331695).
|
|
|
|
|
(Introduced patch was further adjusted by upstream author).
|
|
|
|
|
* Added -f command line parameter for [findtime].
|
|
|
|
|
* Fixed the issue of not respecting command line parameters for parameters
|
|
|
|
|
within sections.
|
|
|
|
|
* Added -e command line parameter to provide enabled sections from command
|
|
|
|
|
line.
|
|
|
|
|
* Added a cleanup of firewall rules on emergency shutdown when unknown
|
|
|
|
|
exception is catched.
|
|
|
|
|
* Fail2ban should not crash now if a wrong file name is specified in
|
|
|
|
|
config.
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 3 Oct 2005 22:26:28 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.4-5) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Made failregex'es more specific to don't allow usernames to be used as a
|
|
|
|
|
tool for denial of service attacks. Config files (or at least
|
|
|
|
|
failregex'es) must be updated from this package, otherwise the security
|
|
|
|
|
breach would remain open and only warning gets issued (closes: #330827)
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 1 Oct 2005 02:42:23 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.4-4) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* On a request from Calum Mackay added reporting of the enabled sections
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 29 Sep 2005 11:20:43 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.4-3) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Resolved the mystery of debug mode in which commands are not really
|
|
|
|
|
executed: added verbose option to config file, removed -v from
|
|
|
|
|
/etc/default/fail2ban, reordered code a bit so that log targets are
|
|
|
|
|
setup right after background and then only loglevel (verbose,debug) is
|
|
|
|
|
processed, so the warning could be seen in the logs
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 29 Sep 2005 00:20:43 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.4-2) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Now exporting PATH explicitely in init.d/fail2ban script, to avoid
|
|
|
|
|
problems finding iptables in the cases when PATH was not exported outside
|
|
|
|
|
(cfengine, broken shell environment) (closes: #329304)
|
|
|
|
|
* Removed -b from start-stop-daemon because fail2ban detahes on its own
|
|
|
|
|
* Added @localhost to MAIL:from and MAIL:to in fail2ban.conf and placed
|
|
|
|
|
a note to README.Debian regarding necessity to specify full email
|
|
|
|
|
address in MAIL:from (closes: #329722)
|
|
|
|
|
* Added a keyword <section> in parsing of the subject and the body of an
|
|
|
|
|
email sent out by fail2ban (closes: #330311)
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 27 Sep 2005 08:09:06 -0400
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.4-1) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 20 Sep 2005 12:19:19 -0400
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.3-2) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Refined comments in README.Debian
|
|
|
|
|
* Reindented init.d script
|
|
|
|
|
P.S. Was not released
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 11 Sep 2005 15:19:44 -0400
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.3-1) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 9 Sep 2005 16:55:00 -0400
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.2-5) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Included a patch from Stephen Gildea to provide "status" report by
|
|
|
|
|
init.d script
|
|
|
|
|
* Included a note in README.Debian regarding the fail2ban iptable's
|
|
|
|
|
chains
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 9 Sep 2005 14:52:24 -0400
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.2-4) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Format of SYSLOG entries is up to the standard now
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 19 Aug 2005 00:06:44 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.2-3) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Fixed errata in /etc/default/fail2ban (closes: #323451)
|
|
|
|
|
* Fixed handling of SYSLOG logging target. Now it can log to any syslog
|
|
|
|
|
target and facility as directed by the config (revisions 160:166 patch
|
|
|
|
|
from syslog branch) (closes: #323543)
|
|
|
|
|
* Included upstream README and TODO
|
|
|
|
|
* Mentioned in README.Debian that apache section is disabled by default
|
|
|
|
|
* Adjusted man pages to cross-reference each other
|
|
|
|
|
* Moved fail2ban man page under section 8 as in upstream
|
|
|
|
|
* Introduced findtime configuration variable to control the lifetime
|
|
|
|
|
of caught "failed" log entries (closes: #323840)
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 16 Aug 2005 11:23:28 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.2-2) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* Updated description to reflect flexibility in application of fail2ban
|
|
|
|
|
* Included logrotate (Thanks to Baruch Even)
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 13 Aug 2005 04:51:57 -0400
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.2-1) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
|
* No log4py any more
|
|
|
|
|
* removed -i eth0 from config
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 6 Aug 2005 09:21:07 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.1-1) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 23 Jul 2005 08:50:00 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.5.0-1) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
|
* Libraries placed under /usr/share/fail2ban instead of /usr/lib/fail2ban
|
|
|
|
|
* Corrections to the description of the package
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 12 Jul 2005 23:33:20 -1000
|
|
|
|
|
|
|
|
|
|
fail2ban (0.4.1-1) unstable; urgency=low
|
|
|
|
|
|
|
|
|
|
* First upstream release of a Debian package
|
|
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 04 Jul 2005 11:47:23 +0300
|
