2014-03-25 04:44:00 +00:00
|
|
|
fail2ban (0.9.0+git48-gabcab00-1) experimental; urgency=medium
|
2014-03-19 14:50:21 +00:00
|
|
|
|
|
|
|
[ Daniel Schaal ]
|
|
|
|
* debian/ updated for 0.9 release
|
|
|
|
0.9 release introduced big changes in internal organization (Python
|
|
|
|
module now), and new features, and stock jail.conf now follows
|
|
|
|
Debian's style, thus custom Debian jail.conf was deprecated. See NEWS
|
|
|
|
file and upstream ChangeLog for further details.
|
|
|
|
|
2014-03-21 01:42:19 +00:00
|
|
|
[ Yaroslav Halchenko ]
|
2014-03-19 14:50:21 +00:00
|
|
|
* Post 0.9 release snapshot.
|
2014-03-25 12:51:42 +00:00
|
|
|
* debian/rules
|
|
|
|
- do not ignore tests failures
|
2014-03-25 15:17:34 +00:00
|
|
|
- run only tests not requiring network access
|
2014-03-25 12:51:42 +00:00
|
|
|
- nagios and cacti examples get installed
|
2014-03-19 14:50:21 +00:00
|
|
|
|
2014-03-25 04:44:00 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 25 Mar 2014 00:43:46 -0400
|
2014-03-19 14:50:21 +00:00
|
|
|
|
2014-03-16 14:30:26 +00:00
|
|
|
fail2ban (0.8.13-1) unstable; urgency=low
|
|
|
|
|
2014-03-19 03:25:21 +00:00
|
|
|
* New upstream bug-fix release: but consider 0.9.0 (to be uploaded to
|
|
|
|
experimental)
|
|
|
|
* debian/jail:
|
|
|
|
- new jail definitions: apache-modsecurity, apache-nohome, freeswitch,
|
|
|
|
ejabberd-auth, ssh-blocklist, nagios
|
|
|
|
- new configuration option: ignorecommand
|
2014-03-19 14:26:07 +00:00
|
|
|
* debian/post{inst,rm},preinst:
|
2014-03-19 14:35:53 +00:00
|
|
|
- [thanks to Daniel Schaal]: take care about renaming config files
|
2014-03-19 14:26:07 +00:00
|
|
|
- firewall-cmd-direct-new.conf to firewallcmd-new.conf which happened
|
|
|
|
in 0.8.11-29-g56b6bf7
|
2014-03-19 14:35:53 +00:00
|
|
|
- lighttpd-fastcgi.conf to suhosin.conf and
|
|
|
|
sasl.conf to postfix-sasl.conf in the past 0.8.11 release
|
2014-03-16 14:30:26 +00:00
|
|
|
|
2014-03-19 03:25:21 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 18 Mar 2014 23:13:35 -0400
|
2014-03-16 14:30:26 +00:00
|
|
|
|
|
|
|
fail2ban (0.8.12-1) UNRELEASED; urgency=low
|
2014-01-07 04:40:49 +00:00
|
|
|
|
2014-02-07 06:00:42 +00:00
|
|
|
* New upstream release
|
|
|
|
- provides "fail2ban-client flushlogs" command, debian/fail2ban.logrotate
|
|
|
|
was adjusted to use it. Helps to mitigate #697333
|
|
|
|
- removes indentation of name and loglevel while logging to SYSLOG
|
|
|
|
(Closes: #730202)
|
2014-02-18 02:34:28 +00:00
|
|
|
- fixes apache-common.conf (Closes: #739364)
|
2014-02-07 06:00:42 +00:00
|
|
|
* /etc/default/fail2ban -- minor typo. Thanks Vincent Lefevre for report
|
|
|
|
(Closes: #734421)
|
2014-03-16 14:30:26 +00:00
|
|
|
* debian/patches:
|
|
|
|
- dropping cherry-picked changeset*
|
2014-01-07 04:40:49 +00:00
|
|
|
|
2014-02-07 06:00:42 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 07 Feb 2014 00:45:38 -0500
|
2014-01-07 04:40:49 +00:00
|
|
|
|
2013-11-17 02:30:15 +00:00
|
|
|
fail2ban (0.8.11-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* Fresh upstream release
|
|
|
|
- this release tightens all shipped filters to preclude
|
|
|
|
possible injections leading to targetted DoS attacks.
|
2013-11-17 22:29:56 +00:00
|
|
|
- omitted entry for ~pre release changelog:
|
2013-11-17 03:58:15 +00:00
|
|
|
- asterisk filter was fixed (Closes: #719662),
|
|
|
|
- nginx filter/jail added (Closes: #668064)
|
|
|
|
- better detection of log rotation in polling backend (Closes: #696087)
|
|
|
|
- includes sever name (uname -n) into subject of sendmail actions
|
|
|
|
(Closes: #709196)
|
2013-11-17 02:35:04 +00:00
|
|
|
* debian/jail.conf
|
|
|
|
- dropbear jail: use dropbear filter (instead of ssh) and monitor
|
|
|
|
auth.log instead of non-existing /var/log/dropbear (Closes: #620760)
|
2013-11-17 03:30:31 +00:00
|
|
|
* debian/NEWS
|
|
|
|
- information for change of default iptables action to REJECT now
|
|
|
|
(Closes: #711463)
|
2013-11-17 22:29:56 +00:00
|
|
|
* debian/patches
|
|
|
|
- changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff
|
|
|
|
post-release change to support native proftpd date format which
|
|
|
|
includes milliseconds (Closes: #648276)
|
2013-11-17 22:32:25 +00:00
|
|
|
- changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff
|
|
|
|
absorbed upstream
|
2013-11-17 02:30:15 +00:00
|
|
|
|
2013-11-17 22:29:56 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 17 Nov 2013 17:29:06 -0500
|
2013-11-17 02:30:15 +00:00
|
|
|
|
2013-11-09 01:29:55 +00:00
|
|
|
fail2ban (0.8.11~pre1+git29-gccd2657-1) unstable; urgency=low
|
2013-07-08 14:08:35 +00:00
|
|
|
|
2013-11-09 01:29:55 +00:00
|
|
|
* Snapshot of the upcoming new release candidate
|
2013-11-10 20:17:13 +00:00
|
|
|
- improves dovecot (Closes: #709324), wuftpd (Closes: #665925)
|
|
|
|
failregex'es
|
|
|
|
- provides support for OpenSSH 6.3 (Closes: #722970)
|
2013-07-08 14:08:35 +00:00
|
|
|
* debian/watch
|
|
|
|
- restrict version matching only to numbers and period (to exclude
|
2013-11-09 01:29:55 +00:00
|
|
|
alpha releases of 0.9 series)
|
2013-11-10 08:24:24 +00:00
|
|
|
* debian/jail.conf
|
|
|
|
- slightly adjusted for changes in master (suhosin replaced
|
|
|
|
lighttpd-auth filer name, and postfix-sasl for sasl)
|
|
|
|
- added nginx-http-auth. More jails to be adopted from upsream.
|
2013-07-08 14:08:35 +00:00
|
|
|
|
2013-11-10 20:17:13 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 10 Nov 2013 12:16:51 -0800
|
2013-07-08 14:08:35 +00:00
|
|
|
|
2013-07-01 18:38:39 +00:00
|
|
|
fail2ban (0.8.10-3) unstable; urgency=low
|
|
|
|
|
|
|
|
* debian/jail.conf
|
|
|
|
- added "submission" (port 587) to all SMTP-related jails (Closes:
|
|
|
|
#714632). Thanks Tony den Haan for the report
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 01 Jul 2013 14:36:24 -0400
|
|
|
|
|
2013-06-20 01:56:35 +00:00
|
|
|
fail2ban (0.8.10-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* debian/fail2ban.init:
|
|
|
|
- fixed handling of the return code from do_start/do_stop
|
2013-06-20 02:19:40 +00:00
|
|
|
- status calls would dump all output to /dev/null
|
2013-06-21 14:48:32 +00:00
|
|
|
* debian/jail.conf:
|
|
|
|
- pure-ftpd jail should monitor syslog not auth.log. Thanks Laurent
|
|
|
|
Léonard for the report
|
2013-06-20 01:56:35 +00:00
|
|
|
|
2013-06-21 14:48:32 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 21 Jun 2013 10:47:56 -0400
|
2013-06-20 01:56:35 +00:00
|
|
|
|
2013-06-12 17:31:53 +00:00
|
|
|
fail2ban (0.8.10-1) unstable; urgency=high
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
- addresses possible DoS for anyone enabling many of apache- filters
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 12 Jun 2013 13:31:29 -0400
|
|
|
|
|
2013-05-13 15:03:51 +00:00
|
|
|
fail2ban (0.8.9-1) unstable; urgency=low
|
2013-02-18 23:51:15 +00:00
|
|
|
|
2013-05-13 15:03:51 +00:00
|
|
|
* New upstream release
|
2013-03-27 15:22:58 +00:00
|
|
|
- significant improvements in documentation (Closes: #400416)
|
2013-05-07 16:41:28 +00:00
|
|
|
- roundcube auth filter (Closes: #699442)
|
|
|
|
- enforces C locale for dates (Closes: #686341)
|
2013-05-13 15:06:52 +00:00
|
|
|
- provides bash_completion.d/fail2ban
|
2013-02-18 23:51:15 +00:00
|
|
|
* debian/jail.conf:
|
|
|
|
- added findtime and documentation on those basic options from jail.conf
|
2013-05-07 16:41:28 +00:00
|
|
|
(Closes: #704568)
|
2013-05-13 15:18:23 +00:00
|
|
|
- added new sample jails definitions for ssh-route, ssh-iptables-ipset{4,6},
|
|
|
|
roundcube-auth, sogo-auth, mysqld-auth
|
2013-05-07 16:41:28 +00:00
|
|
|
* debian/control:
|
|
|
|
- suggest system-log-daemon (Closes: #691001)
|
2013-05-13 15:34:08 +00:00
|
|
|
- boost policy compliance to 3.9.4
|
2013-05-13 15:33:36 +00:00
|
|
|
* debian/rules:
|
2013-05-13 16:00:10 +00:00
|
|
|
- run fail2ban's unittests at build time but ignore the failures
|
|
|
|
(there are still some known issues to fix up to guarantee robust testing
|
|
|
|
in clean chroots etc).
|
|
|
|
Only pyinotify was added to build-depends since gamin might still be
|
|
|
|
buggy on older releases and get stuck, which would complicate
|
|
|
|
backporting
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 13 May 2013 11:58:56 -0400
|
2013-02-18 23:51:15 +00:00
|
|
|
|
2012-12-06 17:53:20 +00:00
|
|
|
fail2ban (0.8.8-1+lucid0) UNRELEASED; urgency=low
|
|
|
|
|
|
|
|
* Added lucid-dsc-patch to use pycentral on systems without dh_python2
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 06 Dec 2012 12:52:30 -0500
|
|
|
|
|
2012-12-06 03:54:29 +00:00
|
|
|
fail2ban (0.8.8-1) experimental; urgency=low
|
|
|
|
|
|
|
|
* Primarily a bugfix upstream release
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 05 Dec 2012 22:53:15 -0500
|
|
|
|
|
2012-08-01 01:46:36 +00:00
|
|
|
fail2ban (0.8.7.1-1) experimental; urgency=low
|
|
|
|
|
|
|
|
* Minor upstream bugfix release
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 31 Jul 2012 21:46:19 -0400
|
|
|
|
|
2012-07-31 18:04:25 +00:00
|
|
|
fail2ban (0.8.7-1) experimental; urgency=low
|
2012-06-07 03:41:10 +00:00
|
|
|
|
2012-07-31 18:04:25 +00:00
|
|
|
* New upstream release:
|
|
|
|
- inotify backend is supported (and the default if pyinotify is present).
|
|
|
|
It should bring number of wakeups to minimum (Closes: #481265)
|
|
|
|
- usedns jail.conf parameter to disable reverse DNS mapping to
|
|
|
|
avoid of DoS (see #588431, #514239 for related discussions)
|
|
|
|
- enforces non-unicode logging (Closes: #657286)
|
|
|
|
- new jail "recidive" to ban repeated offenders (Closes: #333557)
|
|
|
|
- catch failed ssh logins due to being listed in DenyUsers (Closes: #669063)
|
|
|
|
- document in config/*.conf on how to inline comments (Closes: #676146)
|
2012-07-31 19:58:15 +00:00
|
|
|
- match possibly present "pam_unix(sshd:auth):" portion for sshd
|
|
|
|
(Closes: #648020)
|
2012-07-31 19:59:44 +00:00
|
|
|
- wu-ftpd: added failregex for use against syslog. Switch to monitor syslog
|
|
|
|
(instead of auth.log) by default (Closes: #514239)
|
2012-07-31 19:58:15 +00:00
|
|
|
- anchor chain name in actioncheck's for iptables actions (Closes: #672228)
|
2012-07-31 20:16:55 +00:00
|
|
|
* debian/jail.conf:
|
|
|
|
- adopted few jails from "upstreams" jail.conf: asterisk, recidive,
|
|
|
|
lighttpd, php-url-open
|
2012-07-31 20:52:00 +00:00
|
|
|
- provide instructions in jail.conf on how to comment (Closes: #676146)
|
|
|
|
Thanks Stefano Forli for a report
|
2012-07-31 20:21:03 +00:00
|
|
|
* debian/fail2ban.init:
|
|
|
|
- Should-(start|stop): iptables-persistent (Closes: #598109),
|
|
|
|
ferm (Closes: #604843)
|
2012-07-31 20:50:35 +00:00
|
|
|
- 'status' exits with code 3 if fail2ban is not running (Closes: #653074)
|
|
|
|
Thanks Glenn Aaldering for the patch
|
2012-07-31 20:54:09 +00:00
|
|
|
* debian/source:
|
|
|
|
- switch to 3.0 (quilt) format
|
2012-07-31 21:23:32 +00:00
|
|
|
* debian/control,rules:
|
|
|
|
- switch to use dh_python2 (Closes: #616803)
|
|
|
|
- boost policy compliance to 3.9.3
|
2012-07-31 21:36:48 +00:00
|
|
|
- recommend python-pyinotify and only suggest python-gamin
|
2012-06-07 03:41:10 +00:00
|
|
|
|
2012-07-31 20:52:00 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 31 Jul 2012 16:51:40 -0400
|
2012-06-05 02:44:14 +00:00
|
|
|
|
2012-02-10 13:20:10 +00:00
|
|
|
fail2ban (0.8.6-3) unstable; urgency=low
|
2012-01-09 02:47:18 +00:00
|
|
|
|
|
|
|
* Added dovecot section to Debian's jail.conf. Thanks to Laurent
|
|
|
|
Léonard (Closes: #655182)
|
2012-02-10 13:20:10 +00:00
|
|
|
* init.d script now returns non-0 exit codes upon status command
|
|
|
|
with not running / failed to connect server. Thanks to
|
|
|
|
Glenn Aaldering for the patch
|
2012-01-09 02:47:18 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 08 Jan 2012 21:46:24 -0500
|
|
|
|
|
2012-01-08 00:46:42 +00:00
|
|
|
fail2ban (0.8.6-2) unstable; urgency=low
|
2012-01-03 15:36:40 +00:00
|
|
|
|
|
|
|
* Added pure-ftpd section to Debian's jail.conf. Thanks to Laurent
|
|
|
|
Léonard (Closes: #654412)
|
2012-01-07 20:33:20 +00:00
|
|
|
* Enhancement: action to use /proc/net/xt_recent and run f2b as a normal
|
|
|
|
user. Many many thanks to Zbyszek Szmek (Closes: #602016)
|
2012-01-03 15:36:40 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 03 Jan 2012 10:36:24 -0500
|
|
|
|
|
2011-11-29 03:54:36 +00:00
|
|
|
fail2ban (0.8.6-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* [1efe1bc] Fresh upstream release (Closes: #648324)
|
|
|
|
* Boosted policy compliance to 3.9.2 -- no changes
|
2011-11-29 04:01:32 +00:00
|
|
|
* Adjusted debian/watch to fetch tarballs from github
|
2011-11-29 03:54:36 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 28 Nov 2011 22:27:18 -0500
|
|
|
|
|
2011-09-24 02:12:27 +00:00
|
|
|
fail2ban (0.8.5-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* [5242e73] BF: (cherry-picked from upstream, DEP-3 yet TODO) Lock
|
|
|
|
server's executeCmd to prevent racing among iptables calls (Closes:
|
|
|
|
#554162) Many kudos go to Michael Saavedra for the patch
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 23 Sep 2011 22:12:08 -0400
|
|
|
|
|
2011-07-29 03:22:33 +00:00
|
|
|
fail2ban (0.8.5-1) unstable; urgency=low
|
2011-07-29 03:05:22 +00:00
|
|
|
|
|
|
|
* [de95777] Fresh upstream release FAIL2BAN-0_8_5:
|
|
|
|
- [00e1827] BF: use addfailregex instead of failregex while processing
|
|
|
|
per-jail "failregex" parameter (Closes: #635830) (LP: #635036)
|
2011-07-29 03:22:33 +00:00
|
|
|
Thanks Marat Khayrullin for the patch and Daniel T Chen for forwarding to
|
|
|
|
Debian.
|
2011-07-29 03:05:22 +00:00
|
|
|
* [1cbdafc] Set backend to auto and recommends python-gamin (Closes: #524425)
|
2011-07-29 03:22:33 +00:00
|
|
|
* [ef449f4] Added a note on diverting logrotate configuration for custom
|
|
|
|
logtarget=SYSLOG (Closes: #631917). Thanks Kenyon Ralph for report
|
2011-07-29 03:05:22 +00:00
|
|
|
|
2011-07-29 03:22:33 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 28 Jul 2011 23:20:55 -0400
|
2011-07-29 03:05:22 +00:00
|
|
|
|
2011-03-23 21:19:14 +00:00
|
|
|
fail2ban (0.8.4+svn20110323-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* Fresh upstream snapshot which absorbed some of the patches from Debian
|
|
|
|
and
|
2011-03-23 21:34:32 +00:00
|
|
|
- [c6d64e9] debug entry for lines ignored due to falling below
|
2011-03-23 21:19:14 +00:00
|
|
|
findtime (v2)
|
2011-03-23 21:34:32 +00:00
|
|
|
- [fc20f12] Tai64N stores time in GMT, we need to convert to
|
2011-03-23 21:19:14 +00:00
|
|
|
local time before returning
|
2011-03-23 21:34:32 +00:00
|
|
|
- [b0331bb] default ignoreip to ignore entire loopback zone (/8)
|
|
|
|
(Closes: #598200)
|
2011-03-23 21:19:14 +00:00
|
|
|
- [b9f15f6] ENH: dovecot filter
|
|
|
|
- [69165b1] ENH: add <chain> to action.d/iptables*. Thanks
|
|
|
|
Matthijs Kooijman
|
|
|
|
- [8330a20] ENH: make filter.d/apache-overflows.conf catch more
|
|
|
|
(Closes: #574182)
|
2011-03-23 21:34:32 +00:00
|
|
|
- [66cc6cb] BF: allow space in the trailing of failregex for sasl.conf
|
2011-03-23 21:19:14 +00:00
|
|
|
(Closes: #573314)
|
2011-03-23 21:34:32 +00:00
|
|
|
- [2714019] ENH: dropbear filter (Closes: #546913)
|
2011-03-23 21:19:14 +00:00
|
|
|
- [ea7d352] BF: Use /var/run/fail2ban instead of /tmp for temp files in
|
|
|
|
actions (Closes: #544232)
|
|
|
|
* debian/jail.conf:
|
|
|
|
- [bc8e22d] spellcheck (Closes: #598206). Thanks Christoph Anton Mitterer
|
|
|
|
- [d7f3e23] adjusted description for sasl jail (Closes: #615952)
|
|
|
|
- [92fb484] debian/jail.conf: closing " for protocol specification
|
|
|
|
- [f828c31] debian/jail.conf: got 'chain' parameter to be specified for
|
|
|
|
iptables actions (Closes: #515599)
|
|
|
|
* debian/control:
|
|
|
|
- [858af30] slight rewordings of the long description (Closes: #588176)
|
|
|
|
- [167dfd4] Boosted policy compliance version to 3.9.1 (no changes seems
|
|
|
|
to be due)
|
|
|
|
* [4e1e845] debian/copyright: updated copyright years
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 23 Mar 2011 17:04:56 -0400
|
|
|
|
|
2010-06-29 01:50:37 +00:00
|
|
|
fail2ban (0.8.4-3) unstable; urgency=low
|
|
|
|
|
|
|
|
* Commenting out named-refused-udp jail and providing even fatter
|
|
|
|
WARNING against using it (Closes: #583364)
|
|
|
|
* Merging upstream's commit for fixing missing import
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 28 Jun 2010 21:50:20 -0400
|
|
|
|
|
2010-02-25 05:20:08 +00:00
|
|
|
fail2ban (0.8.4-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* Merged few upstream patches (svn rev ) which fixed:
|
|
|
|
- Patch to make log file descriptors cloexec to stop leaking file
|
|
|
|
descriptors on fork/exec.
|
|
|
|
* debian/rules,control: -install-layout=deb for setup.py + python (>=
|
|
|
|
2.5.4-1~) to fix install with python2.6 (Closes: #571213).
|
|
|
|
* Boosted policy to 3.8.4 (no changes seems to be due).
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 25 Feb 2010 00:17:07 -0500
|
|
|
|
|
2009-09-11 05:49:04 +00:00
|
|
|
fail2ban (0.8.4-1) unstable; urgency=low
|
2009-09-10 15:22:36 +00:00
|
|
|
|
|
|
|
* New upstream release. Fixes compatibility issue with python2.6
|
|
|
|
* Yet only in Debian fixes:
|
|
|
|
- escaping () in pure-ftpd. Thanks Teodor (Closes: #544744)
|
|
|
|
- use "set logtarget" instead of "reload" while logrotate. Thanks
|
|
|
|
J.M.Roth (Closes: #537773)
|
|
|
|
- be able to detect time for VNC recording only 2 letters of year
|
|
|
|
(Closes: #537610)
|
|
|
|
- proftpd filter: count all failed logins regardless of the reason
|
|
|
|
* Debian-specific changes:
|
|
|
|
- adjusted README.Debian - multiport is default (closes: #545971)
|
|
|
|
- Boosted policy to 3.8.3 (no changes seems to be due)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 10 Sep 2009 11:16:51 -0400
|
|
|
|
|
2009-07-09 05:15:47 +00:00
|
|
|
fail2ban (0.8.3-6) unstable; urgency=low
|
|
|
|
|
|
|
|
* Time to shake the ground with upload to unstable.
|
|
|
|
* Merged upstream's development as of SVN revision 732:
|
|
|
|
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis.
|
|
|
|
Tracker #2019714.
|
|
|
|
- Made the named-refused regex a bit less restrictive in order to match
|
|
|
|
logs with "view". Thanks to Stephen Gildea.
|
|
|
|
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100%
|
|
|
|
correct fix but seems to work. Tracker #2500276.
|
|
|
|
- Changed <HOST> template to be more restrictive (closes: #514163).
|
|
|
|
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. (closes:
|
|
|
|
#513953).
|
|
|
|
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh
|
|
|
|
log (closes: #512193).
|
|
|
|
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav
|
|
|
|
Halchenko.
|
|
|
|
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker
|
|
|
|
#2484115.
|
|
|
|
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
|
|
|
|
(closes: #507990)
|
|
|
|
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
|
|
|
|
- Added nagios script. Thanks to Sebastian Mueller.
|
|
|
|
- Removed print.
|
|
|
|
- Removed begin-line anchor for "standard" timestamp (closes: #500824)
|
|
|
|
- Remove socket file on startup is fail2ban crashed. Thanks to Detlef
|
|
|
|
Reichelt.
|
|
|
|
* Added a comment into Debian-shipped jail.conf about sasl logpath -- it
|
|
|
|
might preferable to monitor warn.log in case of postfix (To complete react
|
|
|
|
to #507990) (git branch up/fixes). Also added sasl example log file (git
|
|
|
|
branch up/log_examples).
|
|
|
|
* Removing minor bashism in ipmasq example file (closes: #530078).
|
|
|
|
Thanks Raphael Geissert (git branch up/ipmasq)
|
|
|
|
* Allow for trailing spaces in proftpd logs (closes: #507986)
|
|
|
|
(git branch up/fixes).
|
|
|
|
* Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
|
2009-07-09 05:40:08 +00:00
|
|
|
(git branch up/fixes).
|
|
|
|
* Adjusted Git-vcs field to point to git:// .
|
|
|
|
* Thanks lintian fixes:
|
|
|
|
- Boosted policy to 3.8.2 (no changes are due).
|
|
|
|
- Boosted debhelper compatibility to 5.
|
|
|
|
- Misspell in README.Debian
|
|
|
|
- Removing stale /var/run/fail2ban from dirs -- should be created by
|
|
|
|
init script
|
2009-07-09 05:15:47 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 09 Jul 2009 01:08:40 -0400
|
|
|
|
|
2009-02-05 14:54:22 +00:00
|
|
|
fail2ban (0.8.3-5) experimental; urgency=low
|
|
|
|
|
|
|
|
* BF: anchoring regex for IP with " *$" at the end + adjust regexp for
|
|
|
|
<HOST> (closes: #514163)
|
|
|
|
* NF: adding unittests for previous BF
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 05 Feb 2009 09:51:45 -0500
|
|
|
|
|
2009-02-03 04:03:48 +00:00
|
|
|
fail2ban (0.8.3-4) experimental; urgency=low
|
|
|
|
|
|
|
|
* BF: added missing semicolon in a logging template for bind within
|
|
|
|
jail.conf (thanks to anonymous on www.debian-administration.org)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 02 Feb 2009 23:02:56 -0500
|
|
|
|
|
2009-01-18 16:42:13 +00:00
|
|
|
fail2ban (0.8.3-3) experimental; urgency=low
|
2009-01-18 15:41:13 +00:00
|
|
|
|
2009-01-18 16:58:31 +00:00
|
|
|
* BF: addressed added bang to ssh log (closes: #512193).
|
|
|
|
Thanks Silvestre Zabala.
|
|
|
|
* Adjusted description of bantime/findtime in README.Debian (closes:
|
|
|
|
#507771)
|
|
|
|
* Synced current debian revision to FAIL2BAN-0_8@717 of upstream,
|
2009-01-18 16:42:13 +00:00
|
|
|
since it includes fixes to some forwarded bugs. Total list of
|
|
|
|
functional changes
|
|
|
|
- Added actions to report abuse to ISP, DShield and myNetWatchman.
|
|
|
|
Thanks to Russell Odom.
|
|
|
|
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
|
|
|
|
- Added new time format. No idea from where it comes...
|
|
|
|
- Added new regex. Thanks to Tobias Offermann.
|
|
|
|
- Try to match the regex even if the line does not contain a valid
|
2009-01-18 16:58:31 +00:00
|
|
|
date/time. Described in Debian #491253. Thanks to Yaroslav
|
|
|
|
Halchenko.
|
2009-01-18 16:42:13 +00:00
|
|
|
- Removed "timeregex" and "timepattern" stuff that is not needed
|
2009-01-18 16:58:31 +00:00
|
|
|
anymore.
|
2009-01-18 16:42:13 +00:00
|
|
|
- Added date template for Day-Month-Year Hour:Minute:Second
|
|
|
|
(closes: #491253)
|
|
|
|
- Added date pattern for Hour:Minute:Second. Thanks to Andreas
|
|
|
|
Itzchak Rehberg.
|
|
|
|
- Use current day and month instead of Jan 1st if both are not
|
|
|
|
available in the log. Thanks to Andreas Itzchak Rehberg.
|
|
|
|
- Improved pattern. Thanks to Yaroslav Halchenko.
|
|
|
|
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 18 Jan 2009 11:31:01 -0500
|
2009-01-18 15:41:13 +00:00
|
|
|
|
2008-07-25 17:35:19 +00:00
|
|
|
fail2ban (0.8.3-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* BF in apache-noscript.conf - regexp matched in referer (Closes: #492319).
|
|
|
|
Thanks Bernd Zeimetz.
|
2008-08-06 19:49:34 +00:00
|
|
|
* BF: extended apache-noscript with additional regexp
|
2008-07-25 17:35:19 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 25 Jul 2008 13:33:56 -0400
|
|
|
|
|
2008-07-21 14:29:24 +00:00
|
|
|
fail2ban (0.8.3-1) unstable; urgency=low
|
2008-07-17 15:21:51 +00:00
|
|
|
|
2008-07-21 14:29:24 +00:00
|
|
|
* Fresh upstream release
|
|
|
|
* Boosted policy compliance to 3.8.0 (no changes needed)
|
2008-07-21 14:40:22 +00:00
|
|
|
* Specify explicitely facilities in "Failed .. for". Thanks Dean
|
|
|
|
Gaudet. (closes: #481760)
|
|
|
|
* Added failregex for "User not known" in sshd.conf. thanks Alexander
|
|
|
|
Gerasiov (closes: #479966)
|
|
|
|
|
2008-07-17 15:21:51 +00:00
|
|
|
|
2008-07-21 14:29:24 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 21 Jul 2008 10:27:12 -0400
|
2008-07-17 15:21:51 +00:00
|
|
|
|
2008-05-06 14:49:43 +00:00
|
|
|
fail2ban (0.8.2-3) unstable; urgency=low
|
|
|
|
|
|
|
|
* Changes propagated from upstream trunk (future 0.8.3):
|
|
|
|
- Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
|
|
|
|
- Changed some log level.
|
|
|
|
- Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to
|
|
|
|
Dennis Winter.
|
|
|
|
- Fixed PID file while started in daemon mode. Thanks to Christian
|
|
|
|
Jobic who submitted a similar patch (closes: #479703)
|
|
|
|
- Added gssftpd filter. Thanks to Kevin Zembower.
|
|
|
|
- Process failtickets as long as failmanager is not empty.
|
|
|
|
* Assure that /var/run/fail2ban exists upon start (LP: #222804, #223706)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 06 May 2008 10:49:34 -0400
|
|
|
|
|
2008-04-07 14:27:03 +00:00
|
|
|
fail2ban (0.8.2-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* BF: Recommends whois, which is used in some actions (LP: #213227)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 07 Apr 2008 10:25:52 -0400
|
|
|
|
|
2008-03-06 04:31:20 +00:00
|
|
|
fail2ban (0.8.2-1) unstable; urgency=low
|
2008-03-06 04:07:39 +00:00
|
|
|
|
|
|
|
* New upstream release! Divergence from Debian version descreased
|
|
|
|
considerably, Major changes:
|
|
|
|
- "full line failregex"
|
|
|
|
- Moved socket to /var/run/fail2ban.
|
|
|
|
- Removed Python 2.4. Minimum required version is now Python 2.3.
|
|
|
|
- New log rotation detection algorithm.
|
|
|
|
- Some wishlists got accepted (closes: #456567, #468477, #462060,
|
|
|
|
#461426)
|
|
|
|
- Leap year issue (closes: #468452)
|
|
|
|
* debian/watch: switched to git-import-orig
|
|
|
|
* 2 new jails: xinetd-fail, apache-overflows added to jails.conf
|
|
|
|
|
2008-03-06 04:31:20 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 05 Mar 2008 23:30:56 -0500
|
2008-03-06 04:07:39 +00:00
|
|
|
|
2008-02-29 00:52:37 +00:00
|
|
|
fail2ban (0.8.1-5) unstable; urgency=low
|
|
|
|
|
|
|
|
* manually "cherry picked" f6639981: Fixed "Feb 29" bug. Thanks to
|
|
|
|
James Andrewartha who pointed this out. Thanks to Yaroslav Halchenko
|
|
|
|
for the fix (closes: #468382)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 28 Feb 2008 19:51:53 -0500
|
|
|
|
|
2008-02-10 03:09:50 +00:00
|
|
|
fail2ban (0.8.1-4) unstable; urgency=low
|
|
|
|
|
|
|
|
* Debian packaging switched from git+dpatch into pure git way via
|
|
|
|
feature-branches. That revealed the true amount of accumulated patching
|
|
|
|
done of top of vanilla upstream, thus this is the last Debian release
|
|
|
|
prior 0.8.2 upstream release which will hopefully absorb most of the
|
|
|
|
patches
|
|
|
|
* vsftp filter anchoring
|
|
|
|
* Fix/extension of proftpd failrexes (Closes: #461412). Thanks Guido
|
|
|
|
Bozzetto
|
|
|
|
* Added ipmasq rule file (in the examples) to restart fail2ban when
|
|
|
|
iptables are wiped out (closes: #461417). Thanks Guido Bozzetto
|
|
|
|
* Extended apache-noscript filter with more file extensions and to
|
|
|
|
react to "script not found or unable to stat" log message (closes:
|
|
|
|
#456565). Thanks Tim Connors
|
|
|
|
* Fixed == bashism (Closes: #464647). Thanks Raphael Geisser
|
|
|
|
* Confirms to policy 3.7.3 (no changes)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 09 Feb 2008 22:08:55 -0500
|
|
|
|
|
2007-11-23 16:43:41 +00:00
|
|
|
fail2ban (0.8.1-3) unstable; urgency=low
|
2007-11-11 06:21:44 +00:00
|
|
|
|
2007-11-23 16:09:34 +00:00
|
|
|
* Added Vcs- fields, moved Homepage into source header's field
|
2007-11-23 16:43:41 +00:00
|
|
|
* Propagated patch from 0.9 upstream branch: "Replaced ssocket.py with
|
2007-11-11 06:21:44 +00:00
|
|
|
asyncore/asynchat implementation. Correct fix for bug #1769616. That is
|
2007-11-23 16:43:41 +00:00
|
|
|
supposed to resolve spontaneous 100% CPU utilization by fail2ban-server."
|
2007-11-22 19:32:29 +00:00
|
|
|
* BF: removed sftp from ssh jails (closes: #436053)
|
2007-11-23 14:02:58 +00:00
|
|
|
* NF: new filter for 'refused connect' (closes: #451093). Thanks Guido
|
|
|
|
Bozzetto
|
2007-11-23 17:49:15 +00:00
|
|
|
* Moved iptables into recommends since fail2ban can work without iptables
|
|
|
|
using some other action (e.g hosts.deny)
|
2007-11-11 06:21:44 +00:00
|
|
|
|
2007-11-23 16:43:41 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 23 Nov 2007 11:42:24 -0500
|
2007-11-11 06:21:44 +00:00
|
|
|
|
2007-10-19 02:03:37 +00:00
|
|
|
fail2ban (0.8.1-2) unstable; urgency=low
|
2007-08-17 16:45:18 +00:00
|
|
|
|
|
|
|
* Fixed named-refused filter.
|
2007-10-19 02:03:37 +00:00
|
|
|
* Added force-start action to init script, so it could be forced
|
|
|
|
to start if previous run crashed and left a socket file. Must to be
|
|
|
|
used with caution.
|
2007-08-17 16:45:18 +00:00
|
|
|
|
2007-10-19 02:03:37 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 18 Oct 2007 18:31:58 -0400
|
2007-08-17 16:45:18 +00:00
|
|
|
|
2007-08-15 03:15:48 +00:00
|
|
|
fail2ban (0.8.1-1) unstable; urgency=low
|
2007-08-14 23:15:50 +00:00
|
|
|
|
2007-08-15 03:15:48 +00:00
|
|
|
* New upstream release.
|
2007-08-15 02:17:44 +00:00
|
|
|
Patches absorbed upstream:
|
|
|
|
00_daemon_pids.dpatch
|
|
|
|
00_iptables_allports.dpatch
|
|
|
|
00_vsftp_filter_spaces.dpatch
|
|
|
|
00_resolve_all_names.dpatch
|
|
|
|
00_HOST_ignoreregex.dpatch
|
|
|
|
Patches which needed some tune-up:
|
|
|
|
00_ssh_strong_re.dpatch
|
|
|
|
00_mail-whois-lines.dpatch
|
|
|
|
00_named_refused.dpatch
|
2007-08-14 23:15:50 +00:00
|
|
|
|
2007-08-15 03:15:48 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 14 Aug 2007 23:15:21 -0400
|
2007-08-14 23:15:50 +00:00
|
|
|
|
2007-08-14 23:09:18 +00:00
|
|
|
fail2ban (0.8.0-5~pre1) UNRELEASED; urgency=low
|
2007-08-06 01:39:30 +00:00
|
|
|
|
|
|
|
* Added optional spaces at the end of failregex for vsftpd.
|
2007-08-13 21:13:59 +00:00
|
|
|
* Resolve all "names" which became a part of <HOST>. Previousely only fqdn's
|
|
|
|
were resolved
|
2007-08-06 01:39:30 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 05 Aug 2007 21:38:44 -0400
|
|
|
|
|
2007-07-29 17:20:23 +00:00
|
|
|
fail2ban (0.8.0-4) unstable; urgency=low
|
2007-06-21 01:47:02 +00:00
|
|
|
|
|
|
|
* Moved <HOST> expansion into regex.py (closes: #429263). Thanks James
|
|
|
|
Andrewartha.
|
|
|
|
* Added optional regexp entry for process PID in some entries (closes:
|
|
|
|
#426050). Thanks Roderick Schertler.
|
2007-06-25 16:51:05 +00:00
|
|
|
* Added a filter pam_generic to catch any login errors.
|
|
|
|
* Added iptables-allports.
|
2007-07-05 17:12:17 +00:00
|
|
|
* Use /var/run to keep socket file (closes: #425746)
|
2007-07-24 18:10:05 +00:00
|
|
|
* Added a filter for named to catch refused/denied queries
|
2007-07-30 02:31:35 +00:00
|
|
|
* Added new time template matching named log entries
|
2007-07-25 03:47:32 +00:00
|
|
|
* jail.conf has specification of protocol (default to tcp) to be provided to
|
|
|
|
banaction
|
2007-07-29 17:20:23 +00:00
|
|
|
* Adjusted failregex for sshd filter:
|
|
|
|
- anchored properly at the end of line, and source code has .examples
|
|
|
|
files to perform testing of the rules.
|
|
|
|
- added new explicit rule for users not in the AllowUsers lists
|
|
|
|
|
2007-06-21 01:47:02 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 19 Jun 2007 23:04:02 -0400
|
|
|
|
|
2007-05-16 18:14:13 +00:00
|
|
|
fail2ban (0.8.0-2) unstable; urgency=low
|
2007-05-10 15:34:09 +00:00
|
|
|
|
|
|
|
* Manually changing the order of debhelper inserted scripts in prerm
|
|
|
|
(Closes: #422655)
|
|
|
|
* Removed obsolete hack to have /bin/env invocation of python for
|
|
|
|
fail2ban-* scripts
|
2007-05-15 14:26:28 +00:00
|
|
|
* Applied changes submitted by Bernd Zeimetz (thanks Bernd):
|
|
|
|
- Removed obsolete Build-Depends-Indep on help2man, python-dev
|
2007-05-15 14:37:09 +00:00
|
|
|
- Explicit removal of *.pyc files compiled during build
|
|
|
|
- Invoke 'python setup.py clean' in clean target, which required also
|
|
|
|
to move python into Build-Depends
|
2007-05-15 14:26:28 +00:00
|
|
|
* Minor clean up of debian/rules
|
|
|
|
|
2007-05-16 18:14:13 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 16 May 2007 14:13:57 -0400
|
2007-05-10 15:34:09 +00:00
|
|
|
|
2007-05-05 16:35:58 +00:00
|
|
|
fail2ban (0.8.0-1) unstable; urgency=low
|
2007-05-05 16:17:50 +00:00
|
|
|
|
2007-05-05 16:35:58 +00:00
|
|
|
* New stable upstream release
|
2007-05-05 16:17:50 +00:00
|
|
|
|
2007-05-05 16:35:58 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 05 May 2007 12:35:02 -0400
|
2007-05-05 16:17:50 +00:00
|
|
|
|
2007-04-20 01:44:43 +00:00
|
|
|
fail2ban (0.7.9-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
* Updated copyright to include current year
|
|
|
|
* Removed patches absorbed upstream
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 19 Apr 2007 21:44:28 -0400
|
|
|
|
|
2007-03-26 21:53:30 +00:00
|
|
|
fail2ban (0.7.8-1) unstable; urgency=low
|
2007-03-24 22:27:09 +00:00
|
|
|
|
|
|
|
* New upstream release
|
2007-03-26 21:47:10 +00:00
|
|
|
* Applied post-release upstream changes to resolve issues with
|
2007-03-26 21:53:30 +00:00
|
|
|
- Fix to close opened handlers to log file
|
|
|
|
- Tentative incomplete gamin fix
|
|
|
|
- Fix to "reload" bug
|
2007-03-24 22:27:09 +00:00
|
|
|
|
2007-03-26 21:53:30 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 26 Mar 2007 17:52:23 -0400
|
2007-03-24 22:27:09 +00:00
|
|
|
|
2007-02-09 03:22:15 +00:00
|
|
|
fail2ban (0.7.7-1) unstable; urgency=low
|
2007-02-07 15:25:11 +00:00
|
|
|
|
2007-02-09 03:22:15 +00:00
|
|
|
* New upstream release (included most of the debian-provided patches -- new
|
|
|
|
filters and actions)
|
|
|
|
* Refreshed and made verbatim homepage in description
|
2007-02-07 15:25:11 +00:00
|
|
|
|
2007-02-09 03:22:15 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 8 Feb 2007 22:20:49 -0500
|
2007-02-07 15:25:11 +00:00
|
|
|
|
2007-01-19 15:51:11 +00:00
|
|
|
fail2ban (0.7.6-3) unstable; urgency=low
|
|
|
|
|
|
|
|
* Synchronized action.d/iptables-* rules from upstream SVN (closes:
|
|
|
|
#407561)
|
|
|
|
* Minor: options renames in the comments to be in sync with upstream
|
2007-01-19 16:08:10 +00:00
|
|
|
* Use /usr/bin/python interpreter instead of wrapped call to python by
|
|
|
|
/usr/bin/env
|
2007-01-19 15:51:11 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 19 Jan 2007 10:43:59 -0500
|
|
|
|
|
2007-01-18 15:41:49 +00:00
|
|
|
fail2ban (0.7.6-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* iptables-multiport is default action to take since Debian kernel arrives
|
|
|
|
with multiport module. That is to address the fact that most services
|
|
|
|
listen on multiple port (for encrypted and non-encrypted connections)
|
|
|
|
* Added [courierauth] jail (First 2 items are to partially address #407404
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 18 Jan 2007 10:35:36 -0500
|
|
|
|
|
2007-01-04 19:48:58 +00:00
|
|
|
fail2ban (0.7.6-1) unstable; urgency=low
|
2007-01-04 18:08:09 +00:00
|
|
|
|
|
|
|
* New upstream release, which incorporates fixes introduced in 3~pre
|
|
|
|
non-released versions (which were suggested to the users to overcome
|
|
|
|
problems reported in bug reports). In particular attention should be paid
|
|
|
|
to upstream changelog entries
|
|
|
|
- Several "failregex" and "ignoreregex" are now accepted.
|
|
|
|
Creation of rules should be easier now.
|
|
|
|
This is an alternative solution to 'multiple <HOST>' entries fix,
|
2007-01-04 20:34:41 +00:00
|
|
|
which is not applied to this shipped version - pay caution if upgrading
|
2007-01-04 18:08:09 +00:00
|
|
|
from 0.7.5-3~pre?
|
|
|
|
- Allow comma in action options. The value of the option must
|
2007-01-04 19:47:00 +00:00
|
|
|
be escaped with " or '.
|
2007-01-04 18:08:09 +00:00
|
|
|
That allowed to implement requested ability to ban multiple ports
|
|
|
|
at once (See 373592). README.Debian and jail.conf adjusted to reflect
|
|
|
|
possible use of iptables-mport
|
|
|
|
- Now Fail2ban goes in /usr/share/fail2ban instead of
|
|
|
|
/usr/lib/fail2ban. This is more compliant with FHS.
|
|
|
|
Patch 00_share_insteadof_lib no longer applied
|
|
|
|
* Refactored installed by debian package jail.conf:
|
|
|
|
- Added option banaction which is to incorporate banning agent
|
|
|
|
(usually some flavor of iptables rule), which can then be easily
|
|
|
|
overriden globally or per section
|
|
|
|
- Multiple actions are defined as action_* to serve as shortcuts
|
2007-01-04 19:47:00 +00:00
|
|
|
* Initd script was modified to inform about present socket file which
|
2007-01-04 19:48:58 +00:00
|
|
|
would forbid fail2ban-server from starting
|
2007-01-04 20:25:45 +00:00
|
|
|
* Adjusted default log file for postfix to be /var/log/mail.log
|
|
|
|
(Closes: #404921)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 4 Jan 2007 15:24:52 -0500
|
2007-01-04 18:08:09 +00:00
|
|
|
|
2007-01-04 17:03:35 +00:00
|
|
|
fail2ban (0.7.5-3~pre6) unstable; urgency=low
|
2006-12-21 16:54:39 +00:00
|
|
|
|
|
|
|
* Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
|
|
|
|
(Closes: #404060)
|
2006-12-22 18:36:01 +00:00
|
|
|
* Made fail2ban-server tollerate multiple <HOST> entries in failregex
|
2006-12-22 18:56:51 +00:00
|
|
|
* Moved call to dh_pycentral before dh_installinit
|
|
|
|
* Removed unnecessary call of dh_shlibdeps
|
2007-01-04 17:03:35 +00:00
|
|
|
* Added filter ssh-ddos to fight DDOS attacks. Must be used with caution
|
|
|
|
if there is a possibility of valid clients accessing through
|
|
|
|
unreliable connection or faulty firewall (Closes: #404487)
|
2007-01-03 16:09:01 +00:00
|
|
|
* Not applying patch any more for rigid python2.4 - it is default now in
|
|
|
|
sid/etch
|
2007-01-04 17:03:35 +00:00
|
|
|
* Moving waiting loop for fail2ban-server to stop under do_stop
|
|
|
|
function, so it gets invoked by both 'restart' and 'stop' commands
|
|
|
|
* do_status action of init script is now using 'fail2ban-client ping'
|
|
|
|
instead of '... status' since we don't really use returned status
|
|
|
|
information, besides the return error code
|
2006-12-21 16:54:39 +00:00
|
|
|
|
2006-12-28 07:28:53 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 26 Dec 2006 21:56:58 -0500
|
2006-12-21 16:54:39 +00:00
|
|
|
|
2006-12-10 23:56:17 +00:00
|
|
|
fail2ban (0.7.5-2) unstable; urgency=low
|
2006-12-09 23:27:39 +00:00
|
|
|
|
2006-12-10 23:40:04 +00:00
|
|
|
* NEWS.Debian confusions - the latest NEWS entry and postinst message were
|
|
|
|
rephrased (Closes: #402350)
|
|
|
|
* Added mail-whois-lines action, which emails log lines containing abuser
|
|
|
|
IP. Those lines are often required for proper abuse reports sent to the
|
|
|
|
Internet providers. Forwarding of such received emails to the email
|
|
|
|
addresses of abuse departments present in the output of whois is a
|
|
|
|
tentative solution for semi-automatic abuse reporting (Closes: #358810)
|
2006-12-09 23:27:39 +00:00
|
|
|
|
2006-12-10 23:56:17 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 10 Dec 2006 18:55:37 -0500
|
2006-12-09 23:27:39 +00:00
|
|
|
|
2006-12-08 01:21:42 +00:00
|
|
|
fail2ban (0.7.5-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* New upstream release which fixes next issues
|
|
|
|
+ Socket parameter not work with other path (Closes: #400162)
|
|
|
|
+ fail2ban does not start with /etc/init.d/fail2ban start but
|
|
|
|
with fail2ban-client start (Closes: #400278)
|
2006-12-08 02:28:07 +00:00
|
|
|
* Removed obsolete patches left from 0.6
|
|
|
|
* Adjusted wsftpd patch to use <HOST> tag to be in line with the other
|
|
|
|
filter definitions
|
2006-12-08 01:21:42 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 7 Dec 2006 20:19:09 -0500
|
|
|
|
|
2006-12-07 04:07:59 +00:00
|
|
|
fail2ban (0.7.4-5) unstable; urgency=low
|
|
|
|
|
|
|
|
* Added Suggests on mailx and relevant comments in README.Debian about
|
|
|
|
invoking mail actions (closes: #396668)
|
|
|
|
* Removed obsolete entries in TODO and README
|
2006-12-07 23:10:30 +00:00
|
|
|
* README.Debian describes the use of interpolations vs parameters passed
|
|
|
|
from jail.{conf,local} into an action definitions (closes:
|
2006-12-07 13:20:51 +00:00
|
|
|
#398739)
|
2006-12-07 23:10:30 +00:00
|
|
|
* Initial version of postfix filter has been present in 0.7 (closes:
|
|
|
|
#377711)
|
2006-12-07 13:20:51 +00:00
|
|
|
* Removed Uploaded field from control since I am a DD now. Big thanks to
|
2006-12-07 23:10:30 +00:00
|
|
|
Barak Pearlmutter for being the sponsor of my packages for few years.
|
2006-12-07 04:07:59 +00:00
|
|
|
|
|
|
|
-- Yaroslav O. Halchenko <debian@onerussian.com> Wed, 6 Dec 2006 22:14:26 -0500
|
|
|
|
|
2006-12-04 13:56:56 +00:00
|
|
|
fail2ban (0.7.4-4) unstable; urgency=low
|
|
|
|
|
|
|
|
* Added debian/backports to contain patches necessary for backporting. It
|
|
|
|
gets used by pbuilder-ssh to create package for backports.org
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 4 Dec 2006 08:55:48 -0500
|
|
|
|
|
2006-11-12 02:18:47 +00:00
|
|
|
fail2ban (0.7.4-3) unstable; urgency=low
|
2006-11-10 15:54:34 +00:00
|
|
|
|
|
|
|
* Reincarnated logrotate configuration (Closes: #397878)
|
2006-11-11 00:10:10 +00:00
|
|
|
* Only block new connects by using a new action iptables-new instead of
|
|
|
|
iptables (Closes: #350746)
|
|
|
|
* Updated README.Debian to reflect transition over to 0.7 branch and to
|
|
|
|
comment on 350746
|
2006-11-12 02:02:23 +00:00
|
|
|
* "Clean" target removes generated .pyc files now (Closes: #398146)
|
2006-11-12 02:11:34 +00:00
|
|
|
* Cleaned up debian/rules a bit
|
2006-11-10 15:54:34 +00:00
|
|
|
|
2006-11-12 02:20:32 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 11 Nov 2006 21:00:18 -0500
|
2006-11-10 15:54:34 +00:00
|
|
|
|
2006-11-06 14:29:56 +00:00
|
|
|
fail2ban (0.7.4-2) unstable; urgency=low
|
2006-11-06 14:23:58 +00:00
|
|
|
|
|
|
|
* Added reload/force-reload actions to init script
|
|
|
|
* Adjusted jail.conf a bit
|
2006-11-06 14:47:59 +00:00
|
|
|
* Warning NEWS entry for 0.7.1 was not shown during installation on test
|
|
|
|
boxes, thus postinst was adjusted accordingly to inform the user about the
|
|
|
|
changes in the configuration files since 0.6.
|
2006-11-10 15:54:34 +00:00
|
|
|
* no logrotation anymore? (Closes: #397878)
|
2006-11-06 14:23:58 +00:00
|
|
|
|
2006-11-10 15:54:34 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 10 Nov 2006 10:53:23 -0500
|
2006-11-06 14:23:58 +00:00
|
|
|
|
2006-11-02 02:04:57 +00:00
|
|
|
fail2ban (0.7.4-1) experimental; urgency=low
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 1 Nov 2006 20:54:14 -0500
|
|
|
|
|
2006-10-30 03:32:29 +00:00
|
|
|
fail2ban (0.7.4~pre20061023.2-3) experimental; urgency=low
|
|
|
|
|
|
|
|
* Corrected init.d script to properly perform restart due to server delay to
|
|
|
|
react to client command to stop. Handling of status was adjusted as well
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 29 Oct 2006 22:29:27 -0500
|
|
|
|
|
|
|
|
fail2ban (0.7.4~pre20061023.2-2) experimental; urgency=low
|
|
|
|
|
|
|
|
* Added apache-noscript to jail.conf
|
|
|
|
* Default action does not send emails to be inline with previous (0.6.x)
|
|
|
|
behavior
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 26 Oct 2006 13:27:20 -0400
|
|
|
|
|
2006-10-23 21:05:32 +00:00
|
|
|
fail2ban (0.7.4~pre20061023.2-1) experimental; urgency=low
|
|
|
|
|
|
|
|
* Fresh upstream: fixed a bug with not handling error producing
|
|
|
|
actioncheck call
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 23 Oct 2006 17:00:03 -0400
|
|
|
|
|
2006-10-23 04:45:34 +00:00
|
|
|
fail2ban (0.7.4~pre2006102-1) experimental; urgency=low
|
|
|
|
|
|
|
|
* Currrent snapshot of trunk
|
|
|
|
* Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches
|
|
|
|
from debian/patches
|
2006-10-23 04:49:52 +00:00
|
|
|
* Adjusted rule to install man pages -- only .1 files since there are also
|
|
|
|
h2m sources
|
2006-10-23 05:07:52 +00:00
|
|
|
* debian/{rules,control} adjusted to conform all points in recent python
|
|
|
|
policy changes
|
|
|
|
* install under /usr/share instead of /usr/lib
|
2006-10-23 04:45:34 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 23 Oct 2006 00:17:55 -0400
|
|
|
|
|
2006-10-18 05:15:53 +00:00
|
|
|
fail2ban (0.7.3-2) experimental; urgency=low
|
|
|
|
|
|
|
|
* Added wuftpd section
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 18 Oct 2006 01:15:00 -0400
|
|
|
|
|
2006-10-02 19:03:58 +00:00
|
|
|
fail2ban (0.7.3-1) experimental; urgency=low
|
2006-09-29 04:05:50 +00:00
|
|
|
|
|
|
|
* New upstream release
|
2006-10-02 19:28:23 +00:00
|
|
|
* Debian shipped jail.conf
|
|
|
|
* Refreshen init.d script
|
2006-09-29 04:05:50 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 28 Sep 2006 22:17:16 -0400
|
|
|
|
|
2006-09-06 13:35:13 +00:00
|
|
|
fail2ban (0.7.1-0.2) experimental; urgency=low
|
2006-09-05 06:10:29 +00:00
|
|
|
|
2006-09-05 15:16:03 +00:00
|
|
|
* New upstream release (closes: #370095,#366307)
|
2006-09-05 06:10:29 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 5 Sep 2006 00:26:08 -0400
|
|
|
|
|
2006-08-15 21:35:37 +00:00
|
|
|
fail2ban (0.6.1-11) unstable; urgency=low
|
|
|
|
|
|
|
|
* Adjusted manpage for fail2ban.conf to point to shipped examples of
|
|
|
|
configuration files as the source of details about available configuration
|
|
|
|
options (closes: #382403)
|
2006-08-15 22:13:44 +00:00
|
|
|
* Changes in man/fail2ban.conf.5 are managed via dpatch now
|
2006-08-15 21:35:37 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 16 Aug 2006 00:18:59 +0300
|
|
|
|
|
2006-07-04 03:03:45 +00:00
|
|
|
fail2ban (0.6.1-10) unstable; urgency=low
|
|
|
|
|
2006-07-06 21:30:53 +00:00
|
|
|
* Adjusted to comply with recent changes in debian python policy and use
|
|
|
|
pycentral to byte compile modules
|
2006-07-04 03:03:45 +00:00
|
|
|
* Filtered out empty entries for ignoreip to reduce confusing WARNING log
|
|
|
|
message
|
|
|
|
* Added configuration parameter "locale" to specify LC_TIME for time
|
|
|
|
pattern matching (closes: #367990,363391)
|
2006-07-04 03:36:39 +00:00
|
|
|
* Verbosity is chosen to be max between cmdline parameters and config file
|
2006-07-04 03:03:45 +00:00
|
|
|
|
2006-07-07 00:20:22 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 6 Jul 2006 20:19:54 -0400
|
2006-07-04 03:03:45 +00:00
|
|
|
|
2006-06-14 16:22:43 +00:00
|
|
|
fail2ban (0.6.1-9) unstable; urgency=low
|
|
|
|
|
|
|
|
* Adjusted rm commands in init script to don't use -r for removal of
|
|
|
|
the pidfile (thanks Stephen Gran)
|
2006-07-04 03:03:45 +00:00
|
|
|
* Added clarification about multiport banning to README.Debian
|
2006-06-14 16:22:43 +00:00
|
|
|
(closes: #373592)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 14 Jun 2006 12:05:44 -0400
|
|
|
|
|
2006-05-30 14:19:08 +00:00
|
|
|
fail2ban (0.6.1-8) unstable; urgency=low
|
2006-05-22 19:38:51 +00:00
|
|
|
|
|
|
|
* Removed bashism (arrays) from init.d script to make it POSIX shell
|
|
|
|
complient (closes: #368218)
|
2006-05-28 03:13:56 +00:00
|
|
|
* Added new proftpd section
|
2006-05-30 14:19:08 +00:00
|
|
|
* Added new saslauthd section. Thanks to martin f krafft
|
|
|
|
<madduck@debian.org> (closes: #369483)
|
2006-05-28 03:32:24 +00:00
|
|
|
* Mentioned apache2 log file in Other. comment field for FILE in
|
|
|
|
apache section. Nothing has to be changed besides the logfile path to
|
|
|
|
work with apache2 (closes: #342144)
|
|
|
|
|
2006-05-22 19:38:51 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 22 May 2006 15:37:17 -0400
|
|
|
|
|
2006-05-16 20:46:27 +00:00
|
|
|
fail2ban (0.6.1-5) unstable; urgency=low
|
|
|
|
|
|
|
|
* Further fixed debian packaging: to comply with policy empty target
|
|
|
|
binary-arch was provided
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 16 May 2006 16:43:37 -0400
|
|
|
|
|
2006-05-16 19:59:38 +00:00
|
|
|
fail2ban (0.6.1-4) unstable; urgency=low
|
|
|
|
|
2006-05-16 20:08:32 +00:00
|
|
|
* Adjusted debian packaging:
|
|
|
|
- Clean up of debian/rules: removed commented out dh_ scripts which
|
|
|
|
definetly will never be used
|
|
|
|
- debhelper and dpatch moved to Build-Depends
|
2006-05-16 20:11:05 +00:00
|
|
|
- added --no-compile for python setup.py install, and removed explicit
|
|
|
|
cleaning of .pyc's
|
2006-05-16 20:28:31 +00:00
|
|
|
- fixed separation binary-indep and binary-arch in debian/rules
|
|
|
|
- restricted depends on python >= 2.3
|
2006-05-16 19:59:38 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 16 May 2006 15:53:06 -0400
|
|
|
|
|
2006-05-10 18:01:06 +00:00
|
|
|
fail2ban (0.6.1-3) unstable; urgency=low
|
|
|
|
|
|
|
|
* Fixed vsftpd failregexp (closes: #366687)
|
|
|
|
* Started to use dpatch
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 10 May 2006 11:45:57 -0400
|
|
|
|
|
2006-03-27 17:56:38 +00:00
|
|
|
fail2ban (0.6.1-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* Assigned maxreinits to 1000 to be reasonable since otherwise logfile grows
|
|
|
|
indefinetly if there is a real problem on the system (closes: #359218)
|
2006-04-25 19:58:36 +00:00
|
|
|
* Adjusted debian/{copyright,watch}
|
2006-04-28 04:13:23 +00:00
|
|
|
* New version of init.d script (Thanks to Aaron Isotton) (closes: #364278)
|
2006-03-27 17:56:38 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 27 Mar 2006 12:55:39 -0500
|
|
|
|
|
2006-03-20 00:41:27 +00:00
|
|
|
fail2ban (0.6.1-1) unstable; urgency=low
|
2006-03-19 05:20:44 +00:00
|
|
|
|
|
|
|
* New upstream release
|
2006-03-19 23:45:52 +00:00
|
|
|
* In config file added fwchain to ease switching to another input chain
|
|
|
|
(closes: #357164)
|
2006-03-19 05:20:44 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 18 Mar 2006 23:11:53 -0500
|
|
|
|
|
2006-03-17 00:38:23 +00:00
|
|
|
fail2ban (0.6.0-8) unstable; urgency=low
|
2006-03-11 06:02:22 +00:00
|
|
|
|
|
|
|
* Minor adjustments to reduce the deviation from the upstream code
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 11 Mar 2006 00:48:14 -0500
|
|
|
|
|
2006-03-09 20:23:46 +00:00
|
|
|
fail2ban (0.6.0-7) unstable; urgency=low
|
|
|
|
|
|
|
|
* Fixed a typo in failregex for SSH section (closes: #356112)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 9 Mar 2006 15:13:48 -0500
|
|
|
|
|
2006-03-03 21:37:05 +00:00
|
|
|
fail2ban (0.6.0-6) unstable; urgency=low
|
|
|
|
|
|
|
|
* Updated README.Debian with information about some cases with
|
|
|
|
not-as-shipped configurations of sshd on the boxes running older versions
|
|
|
|
of openssh server
|
|
|
|
* Included regexps for SSH in case iff authentication as root using keys was
|
|
|
|
attempted whenever PermitRootLogin is set to something else than "yes" and
|
2006-03-05 19:51:01 +00:00
|
|
|
key authentication fails
|
|
|
|
* Included postrm script to remove log files during purge to comply with
|
|
|
|
policy 10.8 (closes: #355443)
|
|
|
|
|
2006-03-03 21:37:05 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 3 Mar 2006 16:32:38 -0500
|
|
|
|
|
2006-02-26 01:04:17 +00:00
|
|
|
fail2ban (0.6.0-5) unstable; urgency=low
|
|
|
|
|
|
|
|
* Fixed Apache section: changed filepath to point at error.log, thus I had
|
|
|
|
to revert timeregex and timepattern to user RFC 2822 format (closes:
|
|
|
|
#354346)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 25 Feb 2006 19:56:46 -0500
|
|
|
|
|
2006-02-18 01:43:00 +00:00
|
|
|
fail2ban (0.6.0-4) unstable; urgency=low
|
2006-01-25 14:58:52 +00:00
|
|
|
|
2006-02-10 18:08:01 +00:00
|
|
|
* Modifications in README.Debian to reflect a "finding" on
|
|
|
|
not-AllowedUsers banning which requires default Debian configuration
|
|
|
|
of "ChallengeResponseAuthentication no" and "PasswordAuthentication
|
|
|
|
yes"
|
|
|
|
* Fixed Apache timeregex and timepattern to confirm
|
|
|
|
the fomat of time stamp used in Debian's acccess.log (error.log uses
|
|
|
|
RFC 2822 format)
|
2006-01-25 14:58:52 +00:00
|
|
|
* Added section ApacheAttacks to specify some common patterns of attacks on
|
|
|
|
a webserver (awstats.pl as a try). This section stays split from Apache
|
|
|
|
since it is of different nature and might be not appropriate for some
|
|
|
|
users
|
2006-02-16 15:53:38 +00:00
|
|
|
* Forced owner/permissions of log file to be root:adm/640 in postinst and
|
|
|
|
logrotate (closes: #352053)
|
2006-01-25 14:58:52 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 16 Jan 2006 04:05:19 -0500
|
|
|
|
|
2006-01-15 20:07:07 +00:00
|
|
|
fail2ban (0.6.0-3) unstable; urgency=low
|
|
|
|
|
|
|
|
* ignoreip is now empty by default (closes: #347766)
|
2006-01-15 20:18:39 +00:00
|
|
|
* increased verbosity in verbose=2 mode: now prints options accepted
|
|
|
|
from the config file
|
|
|
|
* to make fail2ban.conf more compact, thus to improve its readability,
|
|
|
|
fail2ban.conf was converted to use "interpolations" provided by
|
|
|
|
ConfigParser class. fw{start,end,{,un}ban} options were moved into
|
|
|
|
DEFAULT section and required options (port, protocol) were added
|
2006-01-15 20:07:07 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 12 Jan 2006 18:32:14 -0500
|
|
|
|
|
2005-12-19 15:50:01 +00:00
|
|
|
fail2ban (0.6.0-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* fail2ban path is inserted first in the list to avoid a conflict with
|
|
|
|
existing elsewhere modules with the same names. (Thanks for report and
|
|
|
|
patch to Nick Craig-Wood) (closes: #343821)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 19 Dec 2005 17:44:58 +0200
|
|
|
|
|
2005-11-21 01:43:13 +00:00
|
|
|
fail2ban (0.6.0-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* Merged with the latest stable upstream release. That incure some
|
|
|
|
changes for the Debian configuration of the package to be more
|
2005-11-21 01:48:57 +00:00
|
|
|
upstream-like. Visible one is: subject in the sent email includes
|
|
|
|
section outside of "[Fail2Ban]"
|
2005-11-21 02:50:08 +00:00
|
|
|
* Updated README.Debian to answer possible question regarding effective
|
|
|
|
bantime starting moment
|
2005-11-21 01:48:57 +00:00
|
|
|
|
2005-11-21 01:43:13 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 20 Nov 2005 14:56:41 -0500
|
|
|
|
|
2005-11-20 19:53:37 +00:00
|
|
|
fail2ban (0.5.4-10) unstable; urgency=low
|
|
|
|
|
|
|
|
* Fixed the order of ssh and apache rules to avoid possible race
|
|
|
|
condition (Thanks to Jefferson Cowart for the bug report) (closes:
|
|
|
|
#339133)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 14 Nov 2005 23:44:45 -0500
|
|
|
|
|
2005-11-03 22:18:40 +00:00
|
|
|
fail2ban (0.5.4-9) unstable; urgency=low
|
|
|
|
|
|
|
|
* Fixed init.d script so it doesn't return non-0 status if fail2ban is not
|
|
|
|
running. That fixes issues with purging the package and leaving garbage in
|
2005-11-21 01:43:13 +00:00
|
|
|
/usr/share/fail2ban (Thanx to Justin Pryzby for the insight)
|
2005-11-03 22:18:40 +00:00
|
|
|
(closes: #337223)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 3 Nov 2005 17:05:20 -0500
|
|
|
|
|
2005-10-31 22:04:11 +00:00
|
|
|
fail2ban (0.5.4-8) unstable; urgency=low
|
|
|
|
|
|
|
|
* Added config option MAIL.localtime (closes: #336449)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 31 Oct 2005 16:53:19 -0500
|
|
|
|
|
2005-10-21 01:22:59 +00:00
|
|
|
fail2ban (0.5.4-7) unstable; urgency=low
|
|
|
|
|
|
|
|
* Adjusted init.d script so it is resistant to delayed shutdowns of
|
|
|
|
fail2ban and in general more stable
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 20 Oct 2005 21:22:03 -0400
|
|
|
|
|
|
|
|
fail2ban (0.5.4-6.2) unstable; urgency=low
|
2005-10-20 17:33:53 +00:00
|
|
|
|
|
|
|
* Fixed typos (thanx to Ross Boylan).
|
|
|
|
* Robust startup: if iptables module gets fully initialized after
|
|
|
|
startup of fail2ban, fail2ban will do "maxreinit" attempts to
|
|
|
|
initialize its own firewall. It will sleep between attempts for
|
|
|
|
"polltime" number of seconds (closes: #334272).
|
|
|
|
* To overcome possible conflict with other firewall solutions and as a
|
|
|
|
secondary solution for the bug 334272, fail2ban startup is moved
|
|
|
|
during bootup to the latest (S99) sequenece position. That should not
|
|
|
|
cause any discomfort I believe.
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 18 Oct 2005 15:54:38 -0400
|
|
|
|
|
2005-10-16 15:07:47 +00:00
|
|
|
fail2ban (0.5.4-5.14) unstable; urgency=low
|
2005-10-04 06:36:09 +00:00
|
|
|
|
|
|
|
* Added a notification regarding the importance of 0.5.4-5 change of
|
2005-10-12 15:08:05 +00:00
|
|
|
failregex in the config file.
|
|
|
|
* Adjusted address to FSF.
|
2005-10-09 17:12:46 +00:00
|
|
|
* Adjusted failregex for SSH so it bans "Illegal user" entries as well, and
|
|
|
|
restricted full failregex more to include ":" at the beginning, because
|
2005-10-10 15:57:35 +00:00
|
|
|
otherwise it might not be sufficient and would revive bug 330827 (closes:
|
2005-10-12 15:08:05 +00:00
|
|
|
#333056).
|
2005-10-10 15:57:35 +00:00
|
|
|
* Adjusted failregex for SSH to accommodate recent changes in logging of
|
2005-10-12 15:08:05 +00:00
|
|
|
SSH: Illegal -> Invalid. Should match both now.
|
2005-10-12 02:13:56 +00:00
|
|
|
* Fixed a problem of raise AttributeError exception reported as a side
|
2005-10-12 15:08:05 +00:00
|
|
|
effect of crash during parsing of the config file.
|
2005-10-12 05:11:16 +00:00
|
|
|
* Introduced fwcheck option to verify consistency of the
|
|
|
|
chains. Implemented automatic restart of fail2ban main function in
|
2005-10-20 17:33:53 +00:00
|
|
|
case check of fwban or fwunban command failed (closes: #329163, #331695).
|
2005-10-15 05:47:35 +00:00
|
|
|
(Introduced patch was further adjusted by upstream author).
|
|
|
|
* Added -f command line parameter for [findtime].
|
2005-10-15 05:14:56 +00:00
|
|
|
* Fixed the issue of not respecting command line parameters for parameters
|
2005-10-15 05:47:35 +00:00
|
|
|
within sections.
|
|
|
|
* Added -e command line parameter to provide enabled sections from command
|
|
|
|
line.
|
2005-10-16 15:07:47 +00:00
|
|
|
* Added a cleanup of firewall rules on emergency shutdown when unknown
|
|
|
|
exception is catched.
|
|
|
|
* Fail2ban should not crash now if a wrong file name is specified in
|
|
|
|
config.
|
2005-10-20 17:33:53 +00:00
|
|
|
|
2005-10-04 06:36:09 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 3 Oct 2005 22:26:28 -1000
|
|
|
|
|
2005-10-03 14:48:11 +00:00
|
|
|
fail2ban (0.5.4-5) unstable; urgency=low
|
2005-10-01 06:53:51 +00:00
|
|
|
|
|
|
|
* Made failregex'es more specific to don't allow usernames to be used as a
|
|
|
|
tool for denial of service attacks. Config files (or at least
|
|
|
|
failregex'es) must be updated from this package, otherwise the security
|
|
|
|
breach would remain open and only warning gets issued (closes: #330827)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 1 Oct 2005 02:42:23 -1000
|
|
|
|
|
2005-09-29 15:35:56 +00:00
|
|
|
fail2ban (0.5.4-4) unstable; urgency=low
|
|
|
|
|
|
|
|
* On a request from Calum Mackay added reporting of the enabled sections
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 29 Sep 2005 11:20:43 -1000
|
|
|
|
|
2005-09-29 05:26:18 +00:00
|
|
|
fail2ban (0.5.4-3) unstable; urgency=low
|
|
|
|
|
2005-10-20 17:33:53 +00:00
|
|
|
* Resolved the mystery of debug mode in which commands are not really
|
2005-09-29 05:26:18 +00:00
|
|
|
executed: added verbose option to config file, removed -v from
|
|
|
|
/etc/default/fail2ban, reordered code a bit so that log targets are
|
|
|
|
setup right after background and then only loglevel (verbose,debug) is
|
|
|
|
processed, so the warning could be seen in the logs
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Thu, 29 Sep 2005 00:20:43 -1000
|
|
|
|
|
2005-09-21 12:19:22 +00:00
|
|
|
fail2ban (0.5.4-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* Now exporting PATH explicitely in init.d/fail2ban script, to avoid
|
|
|
|
problems finding iptables in the cases when PATH was not exported outside
|
|
|
|
(cfengine, broken shell environment) (closes: #329304)
|
|
|
|
* Removed -b from start-stop-daemon because fail2ban detahes on its own
|
2005-09-27 15:45:26 +00:00
|
|
|
* Added @localhost to MAIL:from and MAIL:to in fail2ban.conf and placed
|
|
|
|
a note to README.Debian regarding necessity to specify full email
|
|
|
|
address in MAIL:from (closes: #329722)
|
|
|
|
* Added a keyword <section> in parsing of the subject and the body of an
|
|
|
|
email sent out by fail2ban (closes: #330311)
|
2005-09-21 12:19:22 +00:00
|
|
|
|
2005-09-27 15:45:26 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Wed, 27 Sep 2005 08:09:06 -0400
|
2005-09-21 12:19:22 +00:00
|
|
|
|
2005-09-20 16:37:44 +00:00
|
|
|
fail2ban (0.5.4-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 20 Sep 2005 12:19:19 -0400
|
|
|
|
|
2005-09-20 16:17:39 +00:00
|
|
|
fail2ban (0.5.3-2) unstable; urgency=low
|
2005-09-11 19:22:32 +00:00
|
|
|
|
|
|
|
* Refined comments in README.Debian
|
|
|
|
* Reindented init.d script
|
2005-09-20 16:37:44 +00:00
|
|
|
P.S. Was not released
|
2005-09-11 19:22:32 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sun, 11 Sep 2005 15:19:44 -0400
|
|
|
|
|
2005-09-09 21:16:14 +00:00
|
|
|
fail2ban (0.5.3-1) unstable; urgency=low
|
2005-09-09 21:15:41 +00:00
|
|
|
|
2005-09-09 21:16:14 +00:00
|
|
|
* New upstream release
|
2005-09-09 21:15:41 +00:00
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 9 Sep 2005 16:55:00 -0400
|
|
|
|
|
2005-09-09 18:57:53 +00:00
|
|
|
fail2ban (0.5.2-5) unstable; urgency=low
|
|
|
|
|
|
|
|
* Included a patch from Stephen Gildea to provide "status" report by
|
|
|
|
init.d script
|
|
|
|
* Included a note in README.Debian regarding the fail2ban iptable's
|
|
|
|
chains
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 9 Sep 2005 14:52:24 -0400
|
|
|
|
|
2005-08-19 10:34:03 +00:00
|
|
|
fail2ban (0.5.2-4) unstable; urgency=low
|
|
|
|
|
|
|
|
* Format of SYSLOG entries is up to the standard now
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 19 Aug 2005 00:06:44 -1000
|
|
|
|
|
2005-08-16 21:30:27 +00:00
|
|
|
fail2ban (0.5.2-3) unstable; urgency=low
|
|
|
|
|
2005-08-19 07:14:17 +00:00
|
|
|
* Fixed errata in /etc/default/fail2ban (closes: #323451)
|
|
|
|
* Fixed handling of SYSLOG logging target. Now it can log to any syslog
|
|
|
|
target and facility as directed by the config (revisions 160:166 patch
|
|
|
|
from syslog branch) (closes: #323543)
|
|
|
|
* Included upstream README and TODO
|
|
|
|
* Mentioned in README.Debian that apache section is disabled by default
|
2005-08-19 08:40:09 +00:00
|
|
|
* Adjusted man pages to cross-reference each other
|
2005-08-19 07:14:17 +00:00
|
|
|
* Moved fail2ban man page under section 8 as in upstream
|
2005-08-19 08:40:09 +00:00
|
|
|
* Introduced findtime configuration variable to control the lifetime
|
|
|
|
of caught "failed" log entries (closes: #323840)
|
2005-09-09 18:57:53 +00:00
|
|
|
|
2005-08-16 21:30:27 +00:00
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 16 Aug 2005 11:23:28 -1000
|
|
|
|
|
2005-08-13 08:55:08 +00:00
|
|
|
fail2ban (0.5.2-2) unstable; urgency=low
|
|
|
|
|
|
|
|
* Updated description to reflect flexibility in application of fail2ban
|
|
|
|
* Included logrotate (Thanks to Baruch Even)
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 13 Aug 2005 04:51:57 -0400
|
|
|
|
|
2005-08-06 19:43:43 +00:00
|
|
|
fail2ban (0.5.2-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
* No log4py any more
|
|
|
|
* removed -i eth0 from config
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 6 Aug 2005 09:21:07 -1000
|
|
|
|
|
2005-07-23 19:15:22 +00:00
|
|
|
fail2ban (0.5.1-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* New upstream release
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 23 Jul 2005 08:50:00 -1000
|
|
|
|
|
2005-07-13 10:01:01 +00:00
|
|
|
fail2ban (0.5.0-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* New upstream release
|
2005-07-23 19:15:22 +00:00
|
|
|
* Libraries placed under /usr/share/fail2ban instead of /usr/lib/fail2ban
|
2005-07-13 10:01:01 +00:00
|
|
|
* Corrections to the description of the package
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Tue, 12 Jul 2005 23:33:20 -1000
|
|
|
|
|
2005-07-06 23:10:26 +00:00
|
|
|
fail2ban (0.4.1-1) unstable; urgency=low
|
|
|
|
|
|
|
|
* First upstream release of a Debian package
|
|
|
|
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 04 Jul 2005 11:47:23 +0300
|