* up/fixes:
BF: proftpd filter -- if login failed -- count regardless of the reason for failure
BF: Allow for trailing spaces in proftpd logs (closes: #507986)
BF: be able to detect time for VNC recording only 2 letters of year (closes: #537610)
BF: escaping (). Thanks Teodor (Closes: #544744)
Conflicts:
config/filter.d/proftpd.conf
* upstream: (21 commits)
Imported Upstream version 0.8.4
- Release 0.8.4.
- Oups... Forgot the ChangeLog...
- Check the inode number for rotation in addition to checking the first line of the file. Thanks to Jonathan Kamens.
- Fixed typo. Thanks to Dudi Goldenberg.
added traceback to asyncserver.py's import.
Added item about logging subsystem shutdown being moved, to Changelog.
moved logging shutdown out of quit(), into end of start() in server.py
Disabled jail lighttpd-fastcgi by default.
- Added entry for "Ban IP" command.
added "Ban IP" command to fail2ban branch 0.8
- Added two new filters: lighttpd-fastcgi and php-url-fopen.
- Moved last entries in the config/ part.
added two new filter files (PHP url_fopen, lighttpd fastcgi alerts), updated MANIFEST and jail.conf accordingly
- Added svn:keywords property.
- Added helper module in common.
added 'unexpected communication error' fix to ChangeLog. Added formatExceptionInfo to server/asyncserver.py
added missing import sys to asyncserver.py
more readable code for python version comparison
added python version detection to asyncore.loop(use_poll=True|False)
...
* up/fixes:
Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
BF: Allow for trailing spaces in proftpd logs (closes: #507986)
* up/log_examples:
added sasl example log file
* debian:
Added a comment into Debian-shipped jail.conf about sasl logpath -- it might preferable to monitor warn.log in case of postfix
* up/ipmasq:
BF: removing minor bashism in ipmasq example file (closes: #530078). Thanks Raphael Geissert
* upstream:
- Use 80 columns.
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714.
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct fix but seems to work. Tracker #2500276.
- Changed <HOST> template to be more restrictive. Debian bug #514163.
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log (closes: #512193).
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko.
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115.
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
- Added nagios script. Thanks to Sebastian Mueller.
- Removed print.
- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
- Remove socket file on startup is fail2ban crashed. Thanks to Detlef Reichelt.
Conflicts:
config/filter.d/sshd.conf
server/filter.py
* commit 'upstream-repo/FAIL2BAN-0_8':
- Use 80 columns.
- Fixed maxretry/findtime rate. Many thanks to Christos Psonis. Tracker #2019714.
- Made the named-refused regex a bit less restrictive in order to match logs with "view". Thanks to Stephen Gildea.
- Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100% correct fix but seems to work. Tracker #2500276.
- Changed <HOST> template to be more restrictive. Debian bug #514163.
- Added cyrus-imap and sieve filters. Thanks to Jan Wagner. Debian bug #513953.
- Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh log (closes: #512193).
- Added missing semi-colon in the bind9 example. Thanks to Yaroslav Halchenko.
- Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker #2484115.
- Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
- Added CPanel date format. Thanks to David Collins. Tracker #1967610.
- Added nagios script. Thanks to Sebastian Mueller.
- Removed print.
- Removed begin-line anchor for "standard" timestamp. Fixed Debian bug #500824.
- Remove socket file on startup is fail2ban crashed. Thanks to Detlef Reichelt.
Conflicts:
MANIFEST
TODO
* debian:
- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom.
- Added svn:keywords property.
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
- Added new time format. No idea from where it comes...
- Added new regex. Thanks to Tobias Offermann.
- Try to match the regex even if the line does not contain a valid date/time. Described in Debian #491253. Thanks to Yaroslav Halchenko.
- Removed "timeregex" and "timepattern" stuff that is not needed anymore.
- Added date template for Day-Month-Year Hour:Minute:Second.
- Added date pattern for Hour:Minute:Second. Thanks to Andreas Itzchak Rehberg.
- Use current day and month instead of Jan 1st if both are not available in the log. Thanks to Andreas Itzchak Rehberg.
- Improved pattern. Thanks to Yaroslav Halchenko.
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
- Changed to SVN version.
Conflicts:
config/filter.d/sshd.conf
* commit 'remotes/upstream-repo/FAIL2BAN-0_8':
- Added actions to report abuse to ISP, DShield and myNetWatchman. Thanks to Russell Odom.
- Added svn:keywords property.
- Added apache-nohome.conf. Thanks to Yaroslav Halchenko.
- Added new time format. No idea from where it comes...
- Added new regex. Thanks to Tobias Offermann.
- Try to match the regex even if the line does not contain a valid date/time. Described in Debian #491253. Thanks to Yaroslav Halchenko.
- Removed "timeregex" and "timepattern" stuff that is not needed anymore.
- Added date template for Day-Month-Year Hour:Minute:Second.
- Added date pattern for Hour:Minute:Second. Thanks to Andreas Itzchak Rehberg.
- Use current day and month instead of Jan 1st if both are not available in the log. Thanks to Andreas Itzchak Rehberg.
- Improved pattern. Thanks to Yaroslav Halchenko.
- Merged patches from Debian package. Thanks to Yaroslav Halchenko.
- Changed to SVN version.
Conflicts:
MANIFEST
* up/sshd_fixes:
BF: Specify explicitely facilities in "Failed .. for". Thanks Dean Gaudet. (closes: #481760)
Added failregex for "User not known" in sshd.conf. thanks Alexander Gerasiov (closes: #479966)
* debian: (23 commits)
Imported Upstream version 0.8.3
- Prepared for 0.8.3.
Adjusted vcs paths
- Prepared for 0.8.3
- Send file if the number of lines is greater or equal and not only equal to the limit.
- Use poll instead of select in asyncore.loop. This should solve the "Unknown error 514". Thanks to Michael Geiger and Klaus Lehmann.
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
- Added and changed some logging level and messages.
- Added svn:keywords.
- Added ISO 8601 date/time format.
- Better (correct) fix for ignoreregex in jail.[conf|local].
- Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber.
- Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis Winter.
- Added svn:keywords.
- Added gssftpd filter. Thanks to Kevin Zembower.
- Changed some log level.
- Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
- Fixed PID file while started in daemon mode. Thanks to Christian Jobic who submitted a similar patch.
- Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
- Create /var/run/fail2ban during install.
...
Conflicts:
ChangeLog
config/filter.d/gssftpd.conf
config/filter.d/pam-generic.conf
debian/changelog
Yaroslav Halchenko