Merge branch '0.10' into 0.11 + version bump (back to dev)

ChangeLog

@@ -6,7 +6,7 @@
 Fail2Ban: Changelog
 ===================
 
-ver. 0.11.1 (2020/01/11) - this-is-the-way
+ver. 0.11.2-dev (20??/??/??) - development edition
 -----------
 
 ### Compatibility:
@@ -37,6 +37,16 @@ ver. 0.11.1 (2020/01/11) - this-is-the-way
   - Since v0.10 fail2ban supports the matching of IPv6 addresses, but not all ban actions are
     IPv6-capable now.
 
+### Fixes
+
+### New Features
+
+### Enhancements
+
+
+ver. 0.11.1 (2020/01/11) - this-is-the-way
+-----------
+
 ### Fixes
 * purge database will be executed now (within observer).
 * restoring currently banned ip after service restart fixed 

config/filter.d/sshd.conf

@@ -52,7 +52,7 @@ cmnfailre = ^[aA]uthentication (?:failure|error|failed) for <F-USER>.*</F-USER>
             ^User <F-USER>.+</F-USER> from <HOST> not allowed because a group is listed in DenyGroups%(__suff)s$
             ^User <F-USER>.+</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups%(__suff)s$
             ^<F-NOFAIL>%(__pam_auth)s\(sshd:auth\):\s+authentication failure;</F-NOFAIL>(?:\s+(?:(?:logname|e?uid|tty)=\S*)){0,4}\s+ruser=<F-ALT_USER>\S*</F-ALT_USER>\s+rhost=<HOST>(?:\s+user=<F-USER>\S*</F-USER>)?%(__suff)s$
-            ^(error: )?maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>%(__on_port_opt)s(?: ssh\d*)?%(__suff)s$
+            ^maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>%(__on_port_opt)s(?: ssh\d*)?%(__suff)s$
             ^User <F-USER>.+</F-USER> not allowed because account is locked%(__suff)s
             ^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\S+</F-USER> <HOST>%(__on_port_opt)s:\s*Change of username or service not allowed:\s*.*\[preauth\]\s*$
             ^Disconnecting: Too many authentication failures(?: for <F-USER>.+?</F-USER>)?%(__suff)s$
@@ -71,6 +71,7 @@ mdre-normal =
 mdre-normal-other = ^<F-NOFAIL><F-MLFFORGET>(Connection closed|Disconnected)</F-MLFFORGET></F-NOFAIL> (?:by|from)%(__authng_user)s <HOST>(?:%(__suff)s|\s*)$
 
 mdre-ddos = ^Did not receive identification string from <HOST>
+            ^kex_exchange_identification: client sent invalid protocol identifier
             ^Bad protocol version identification '.*' from <HOST>
             ^Connection <F-MLFFORGET>reset</F-MLFFORGET> by <HOST>
             ^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname|Version|Kex);Remote: <HOST>-\d+;[A-Z]\w+:

fail2ban/tests/files/logs/sshd

@@ -305,6 +305,11 @@ Jul 17 23:04:01 srv sshd[1300]: Connection closed by authenticating user test 12
 
 # filterOptions: [{"test.condition":"name=='sshd'", "mode": "ddos"}, {"test.condition":"name=='sshd'", "mode": "aggressive"}]
 
+# failJSON: { "match": false }
+Feb 17 17:40:17 sshd[19725]: Connection from 192.0.2.10 port 62004 on 192.0.2.10 port 22
+# failJSON: { "time": "2005-02-17T17:40:17", "match": true , "host": "192.0.2.10", "desc": "ddos: port scanner (invalid protocol identifier)" }
+Feb 17 17:40:17 sshd[19725]: error: kex_exchange_identification: client sent invalid protocol identifier ""
+
 # failJSON: { "time": "2005-03-15T09:21:01", "match": true , "host": "192.0.2.212", "desc": "DDOS mode causes failure on close within preauth stage" }
 Mar 15 09:21:01 host sshd[2717]: Connection closed by 192.0.2.212 [preauth]
 # failJSON: { "time": "2005-03-15T09:21:02", "match": true , "host": "192.0.2.212", "desc": "DDOS mode causes failure on close within preauth stage" }

fail2ban/version.py

@@ -24,7 +24,7 @@ __author__ = "Cyril Jaquier, Yaroslav Halchenko, Steven Hiscocks, Daniel Black"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2005-2016 Yaroslav Halchenko, 2013-2014 Steven Hiscocks, Daniel Black"
 __license__ = "GPL-v2+"
 
-version = "0.11.1"
+version = "0.11.2-dev"
 
 def normVersion():
   """ Returns fail2ban version in normalized machine-readable format"""

man/fail2ban-client.1

@@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.4.
-.TH FAIL2BAN-CLIENT "1" "February 2020" "fail2ban-client v0.11.1" "User Commands"
+.TH FAIL2BAN-CLIENT "1" "February 2020" "fail2ban-client v0.11.2-dev" "User Commands"
 .SH NAME
 fail2ban-client \- configure and control the server
 .SH SYNOPSIS
 .B fail2ban-client
 [\fI\,OPTIONS\/\fR] \fI\,<COMMAND>\/\fR
 .SH DESCRIPTION
-Fail2Ban v0.11.1 reads log file that contains password failure report
+Fail2Ban v0.11.2\-dev reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .SH OPTIONS
 .TP

man/fail2ban-python.1

@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.4.
-.TH FAIL2BAN-PYTHON "1" "January 2020" "fail2ban-python 0.11.1" "User Commands"
+.TH FAIL2BAN-PYTHON "1" "February 2020" "fail2ban-python 0.11.2-dev" "User Commands"
 .SH NAME
 fail2ban-python \- a helper for Fail2Ban to assure that the same Python is used
 .SH DESCRIPTION

man/fail2ban-regex.1

@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.4.
-.TH FAIL2BAN-REGEX "1" "January 2020" "fail2ban-regex 0.11.1" "User Commands"
+.TH FAIL2BAN-REGEX "1" "February 2020" "fail2ban-regex 0.11.2-dev" "User Commands"
 .SH NAME
 fail2ban-regex \- test Fail2ban "failregex" option
 .SH SYNOPSIS

man/fail2ban-server.1

@@ -1,12 +1,12 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.4.
-.TH FAIL2BAN-SERVER "1" "February 2020" "fail2ban-server v0.11.1" "User Commands"
+.TH FAIL2BAN-SERVER "1" "February 2020" "fail2ban-server v0.11.2-dev" "User Commands"
 .SH NAME
 fail2ban-server \- start the server
 .SH SYNOPSIS
 .B fail2ban-server
 [\fI\,OPTIONS\/\fR]
 .SH DESCRIPTION
-Fail2Ban v0.11.1 reads log file that contains password failure report
+Fail2Ban v0.11.2\-dev reads log file that contains password failure report
 and bans the corresponding IP addresses using firewall rules.
 .SH OPTIONS
 .TP

man/fail2ban-testcases.1

@@ -1,5 +1,5 @@
 .\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.47.4.
-.TH FAIL2BAN-TESTCASES "1" "January 2020" "fail2ban-testcases 0.11.1" "User Commands"
+.TH FAIL2BAN-TESTCASES "1" "February 2020" "fail2ban-testcases 0.11.2-dev" "User Commands"
 .SH NAME
 fail2ban-testcases \- run Fail2Ban unit-tests
 .SH SYNOPSIS