github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

DOC: merge ChangeLog

pull/413/head^2
Daniel Black 2013-10-31 09:07:06 +11:00
parent 27d257d5a6 8441539988
commit 2810f97fe5
1 changed files with 26 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
ChangeLog
View File

@ -10,6 +10,11 @@ Fail2Ban (version 0.8.10) 2013/06/12
ver. 0.8.11 (2013/XX/XXX) - loves-unittests ver. 0.8.11 (2013/XX/XXX) - loves-unittests
----------- -----------
Filter name changes:
* IMPORTANT: 'lighttpd-fastcgi' filter has been renamed to 'suhosin'
* 'sasl' has been renamed to 'postfix-sasl'
These will require changing in jail.{conf,local} if using these filters.
- Fixes: - Fixes:
Daniel Black & Marcel Dopita Daniel Black & Marcel Dopita
* filter.d/apache-auth -- fixed and apache auth samples provide. closes #286 * filter.d/apache-auth -- fixed and apache auth samples provide. closes #286
@ -30,15 +35,32 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
mode has failed (e.g. due to incorrect syntax). Closes gh-353 mode has failed (e.g. due to incorrect syntax). Closes gh-353
Daniel Black & Мернов Георгий Daniel Black & Мернов Георгий
* filter.d/dovecot.conf -- Fix when no TLS enabled - line doesn't end in , * filter.d/dovecot.conf -- Fix when no TLS enabled - line doesn't end in ,
Daniel Black & Georgiy Mernov & ftoppi & Мернов Георгий
* filter.d/exim.conf -- regex hardening and extra failure examples in
sample logs
* filter.d/named-refused.conf - BIND 9.9.3 regex changes
Daniel Black & Sebastian Arcus
* filter.d/asterisk -- more regexes
Daniel Black Daniel Black
* action.d/hostsdeny -- NOTE: new dependancy 'ed'. Switched to use 'ed' across * action.d/hostsdeny -- NOTE: new dependancy 'ed'. Switched to use 'ed' across
all platforms to ensure permissions are the same before and after a ban - all platforms to ensure permissions are the same before and after a ban -
closes gh-266. hostsdeny supports daemon_list now too. closes gh-266. hostsdeny supports daemon_list now too.
* action.d/bsd-ipfw - action option unsed. Change blocktype to port unreach
instead of deny for consistancy.
* filter.d/roundcube-auth - timezone offset can be positive or negative * filter.d/roundcube-auth - timezone offset can be positive or negative
* action.d/bsd-ipfw - action option unsed. Fixed to blocktype for * action.d/bsd-ipfw - action option unsed. Fixed to blocktype for
consistency. default to port unreach instead of deny consistency. default to port unreach instead of deny
* filter.d/dropbear - fix regexs to match standard dropbear and the patched * filter.d/dropbear - fix regexs to match standard dropbear and the patched
http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch http://www.unchartedbackwaters.co.uk/files/dropbear/dropbear-0.52.patch
and add PAM is it in dropbear-2013.60 source code.
* filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening
and extra failure examples in sample logs
* filter.d/apache-auth - added expressions for mod_authz, mod_auth and
mod_auth_digest failures.
* filter.d/recidive -- support f2b syslog target and anchor regex at start
* filter.d/mysqld-auth.conf - mysql can use syslog
* filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian
bug #722970
Rolf Fokkens Rolf Fokkens
* action.d/dshield.conf and complain.conf -- reorder mailx arguments. * action.d/dshield.conf and complain.conf -- reorder mailx arguments.
https://bugzilla.redhat.com/show_bug.cgi?id=998020 https://bugzilla.redhat.com/show_bug.cgi?id=998020
@ -63,6 +85,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
* action.d/osx-afctl - an action based on afctl for osx * action.d/osx-afctl - an action based on afctl for osx
Daniel Black & ykimon Daniel Black & ykimon
* filter.d/3proxy.conf -- filter added * filter.d/3proxy.conf -- filter added
* fail2ban-regex - now generates http://www.debuggex.com urls for debugging
regular expressions with the -D parameter.
Daniel Black Daniel Black
* filter.d/exim-spam.conf -- a splitout of exim's spam regexes * filter.d/exim-spam.conf -- a splitout of exim's spam regexes
with additions for greater control over filtering spam. with additions for greater control over filtering spam.
@ -85,34 +109,15 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
* jail.conf now has asterisk jail - no need for asterisk-tcp and * jail.conf now has asterisk jail - no need for asterisk-tcp and
asterisk-udp. Users should replace existing jails with asterisk to asterisk-udp. Users should replace existing jails with asterisk to
reduce duplicate parsing of the asterisk log file. reduce duplicate parsing of the asterisk log file.
* filter.d/suhosin - regex anchor at start * filter.d/{suhosin,pam-generic,gssftpd,sogo-auth,webmin}- regex anchor at
* filter.d/{asterisk,assp,dovecot,proftpd}.conf -- regex hardening start
and extra failure examples in sample logs
* filter.d/apache-auth - added expressions for mod_authz, mod_auth and
mod_auth_digest failures.
* filter.d/recidive -- support f2b syslog target and anchor regex at start
* filter.d/vsftpd - anchored regex at start. disable old pam format regex * filter.d/vsftpd - anchored regex at start. disable old pam format regex
* filter.d/pam-generic - added syslog prefix. Disabled support for * filter.d/pam-generic - added syslog prefix. Disabled support for
linux-pam before version 0.99.2.0 (2005) linux-pam before version 0.99.2.0 (2005)
* filter.d/gssftpd - anchored regex at start
* filter.d/sogo-auth - anchor regex at start
* filter.d/mysqld-auth.conf - mysql can use syslog
* filter.d/postfix-sasl - renamed from sasl, anchor at start and base on * filter.d/postfix-sasl - renamed from sasl, anchor at start and base on
syslog syslog
* fail2ban-regex - now generates http://www.debuggex.com urls for debugging
regular expressions with the -D parameter.
* filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian
bug #722970
* filter.d/webmin - anchored regex at start
* filter.d/qmail - rewrote regex to anchor at start. Added regex for * filter.d/qmail - rewrote regex to anchor at start. Added regex for
another "in the wild" patch to rblsmtp. another "in the wild" patch to rblsmtp.
* filter.d/dropbear - add PAM is in dropbear-2013.60
Daniel Black & Georgiy Mernov & ftoppi & Мернов Георгий
* filter.d/exim.conf -- regex hardening and extra failure examples in
sample logs
* filter.d/named-refused.conf - BIND 9.9.3 regex changes
Daniel Black & Sebastian Arcus
* filter.d/asterisk -- more regexes
Yaroslav Halchenko Yaroslav Halchenko
* fail2ban-regex -- refactored to provide more details (missing and * fail2ban-regex -- refactored to provide more details (missing and
ignored lines, control over logging, etc) while maintaining look&feel ignored lines, control over logging, etc) while maintaining look&feel
@ -133,8 +138,6 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
* filter/named-refused - added refused on zone transfer * filter/named-refused - added refused on zone transfer
* filter.d/{courier{login,smtp},proftpd,sieve,wuftpd,xinetd} - General * filter.d/{courier{login,smtp},proftpd,sieve,wuftpd,xinetd} - General
regex impovements regex impovements
* IMPORTANT: 'lighttpd-fastcgi' filter has been renamed to 'suhosin', which
will require changing in jail.{conf,local} if using this filter.
Zurd Zurd
* filter.d/postfix - add filter for VRFY failures. closes gh-322. * filter.d/postfix - add filter for VRFY failures. closes gh-322.
Orion Poplawski Orion Poplawski