suhosin is hardened php implmentation, which will log the alerts (as
seen in samples) to stderr, which is picked up by fastcgi webserver
(e.g. lighttpd, apache, nginx)
* commit '0.8.10-31-g1ab0f0f': (24 commits)
BF/ENH: Incorrect authentication data doesn't need tailier so that's optional. Also gained log entry for Unrouteable address
ENH: readibility thanks to Yaroslav
DOC: Changelog for fail2ban-regex RF
DOC: Changelog for asterisk hardening
ENH: fail2ban-regex -- add specification of loglevels to enable
RF: reworked -regex cmdline tool to use optparse, some unification and enhancement of outputs
ENH: 'heavydebug' level == 5 for even more debugging in tricky cases
ENH: asterisk -- use \S instead of [^:] + prefix failregex with ^\[
BF: missed a space
BF: [SSL-out] is optional in assp
ENH: regex hardening on assp
ENH: anchor a bit mor. Use \d and \w where possible. Escape a literal .
TST: attempts at injection with username=rhost=1.2.3.4 have no user= logged in dovecot-1.2.15
ENH: proftpd chan accept usernames with spaces
ENH: injection of fail data into USER field
ENH: dovecot regexs rewritten and extra failures
ENH: proftp regex hardening and log messages
ENH/BF: exim improvements with sample
BF: fix to proxy port in 3proxy example
ENH: sample log + more specific regex
...
Conflicts: -- it was a messy merge/resolution.
ChangeLog
bin/fail2ban-regex
fail2ban-testcases
fail2ban/server/filter.py
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlGRBZ8ACgkQjRFFY3XAJMhqzwCgvUsrv6cSjo1d8YCQUA8Na0Kk
44QAoKk7X2sqFM+wvj2vK3stsHa/80qm
=iBfR
-----END PGP SIGNATURE-----
Merge tag '0.8.9' into 0.9 (quite a bit of conflicts "resolved")
Release 0.8.9
* tag '0.8.9':
BF: add missing files to MANIFEST (I think we shoult not rely on sdist anyways -- 'git tag' tarballs are more thorough ;) )
All the (version) updates for the release of 0.8.9
BF: (travis) relax the test for needed to be presented installed directories -- allow new
BF: (travis) if tests ran under coverage -- there is a traceback parts to report (thus > would be present)
ENH: also print the failing traceback line in case of failure
ENH: include explicit list of new files which should not be there upon "install --root"
ENH: now we know that logging handlers closing was still buggy in 2.6.2
ENH: issue a warning if jail name is longer than 19 symbols (Close#222)
DOC: inline commends with ';' are in effect only if ';' follows as space
BF: Fix for filterpoll incorrectly checking for jailless state
ENH: strengthen detection of working pyinotify
ENH: use the same python executable for setup.py test
ENH: actually tune up TraceBack to determine "unittest" portions of the stack across all python releases
TST: Some primarily smoke tests for tests utils
TST: cover few more lines in fail2banreader.py
ENH: basic test for setup.py itself (when applicable, should greatly improve coverage ;) )
ENH: consistent operation of formatExceptionInfo + unittest for it
ENH: point to the status of master branch on travis
Conflicts:
ChangeLog
MANIFEST
README.md
fail2ban/version.py -- all of the above obvious version changes
below files primarily needed just a bit of help in resolution
config/jail.conf
fail2ban/server/filterpoll.py
fail2ban/server/server.py
fail2ban/tests/servertestcase.py
and following were more difficult -- git wasn't able to track renames/moves of the code
fail2ban-testcases -- needed to introduce those changes to tests/utils.py
testcases/clientreadertestcase.py -- manually applied patch from master
testcases/utils.py -- manually applied patch from master
* master: (51 commits)
ENH: Use real (resolving) example.com instead of test.example.com
DOC: Slight tune ups to ChangeLog -- we must release!
Changelog entries for the latest merges
BF: add bash-completion to MANIFEST
DOC: ChangeLog for default action type change
ENH: consolidate where blocktype is defined for iptables rules
BF: default type to unreachable
ENH: separate out regex and escape a .
ENH: logs/sshd -- have ":" after [daemon] (other uses are uncommon)
ENH: logs/sshd -- use example.com as the resolved hostname in sample log lines
ENH: filter.d/sshd.conf -- allow for trailing "via IP" in logs
DOC: Drop sudo from bash-completion
DOC: Added bash-completion script
ENH: add blocktype to all relevant actions. Also default the rejection to a ICMP reject rather than a drop
ENH: Removed unused log line
ENH: logrotate file
BF: missed MANIFEST include
BF: missed MANIFEST include
BF: missed MANIFEST include
ENH: some form of logrotate based on what distros are doing
...
Conflicts:
ChangeLog
MANIFEST
client/actionreader.py
config/jail.conf
fail2ban/server/datedetector.py
fail2ban/tests/datedetectortestcase.py
This reverts commit 47a62b6072.
Enabling any jail by default should be a prerogative of particular
distributions (thanks Fabian Wenk for the discussion)
Conflicts:
config/jail.conf
* 0.9: (45 commits)
Beef up changelog for 0.9
ENH: make fail2ban-regex aware of possible maxlines in the filter config file
BF+TST: Correctly reset time in tearDownMyTime
ENH: Reimplement warning suppression of setup.py test --quiet
ENH: Renamed OptionConfigReader to DefinitionInitConfigReader
ENH: Rename splitAction to extractOptions in jailreader
ENH: Use os.path.join for filter/action config readers
BF: Remove warnings handler which breaks setup.py python2<2.7 and python3<3.2
ENH: For python3.2+ use ConfigPaser which replaces SafeConfigParser
TST: Change depreciated unittest assertEquals method to assertEqual
TST: Ensure files are closed in tests to remove ResourceWarnings
BF: Change logging instance logSys `warn` method to `warning`
ENH: use os.path.join for consistency -- add "Contributors" to authors
RF: setup.py now imports version number again
DOC: tune up formatting (spaces) and prelude for the changelog entry
TST+RF: Add ability to execute test from setup.py with setuptools
TST: Move test gathering to function is test utils
TST: Move test TZ changes to setUp and tearDown methods
ENH: Remove redundant `maxlines` option from jail reader
TST: Add test for FilterReader [Init] `maxlines` override
...
Conflicts:
config/jail.conf
* 'py3' of https://github.com/kwirk/fail2ban: (38 commits)
DOC: Add python3 to requirements
ENH: Clarify use of bytes in csocket and asyncserver for python3
DOC: Revert dnsToIp error change, seperate log message for socket.error
TST: Tweak python3 open statement to resolve python2.5 SyntaxError
TST: Revert changes for filter testcase open statement
DOC: Revert setup.py messages to use print statement
Add *.bak files generated by 2to3 to gitignore
TST: Fix up fail2ban python3 scripts
TST: Fix issues in tests which assumed dictionary's order
ENH: setup.py now automatically runs 2to3 for python3.x
TST: Remove Travis CI unsupported versions of python from Travis config
add fail2ban-2to3 to MANIFEST file
ENH: Add python3 versions to Travis CI config
BF: Handle expected errors for python3.{0,1} when changing log target
Minor tweaks to fail2ban-regex for encoding
Added ability to set log file encoding with fail2ban-regex
Add ability to set log encoding for jail
Move handling of unicode decoding to FileContainer readline
Fix incorrect exit code from fail2ban-2to3
Remove redundant reassignment of variable
...
Conflicts:
fail2ban/tests/servertestcase.py -- both branches added a new unittest at the same point
Daniel Black