The fail2ban server can take several seconds to shut down. This can
make Gentoo's start-stop-service time out and decide that stopping has
failed, even if it actually succeeds a few seconds later.
The default timeout for start-stop-service if --retry is not specified
appears to be 5 seconds. Increase that to 30 seconds to be sure that if
fail2ban-server is going to be able to stop, it has time to do so.
* enh-rel0.9.6: (60 commits)
updated man pages
ENH: prep for 0.9.6 release (as of tomorrow)
BF: added missing entires into MANIFEST
Update ChangeLog
ChangeLog entry added + jail.conf review
code review, makes the test cases workable, added dev-notes
ChangeLog update
`filter.d/apache-modsecurity.conf` - fixed for newer version (one space, closes gh-1626) reviewed and optimized: - non-greedy catch-all replaced for safer match - unneeded catch-all anchoring removed - non-capturing groups
filter.d/dovecot.conf update: - fixes failregex, that ignores failures through some irrelevant info (closes#1623); - ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)` - review, IPv6 compatibility fix, non-capturing groups
Update jail.conf
Use Fedora's backend-settings for openSUSE
amend after code review of merge gh-1581
Make changes and add test file
Add Mongodb-auth filter and jail
Update FILTERS
filter.d/sshd.conf: Match 'Invalid user' with 'port \d*'
ChangeLog entry added
filter.d/sendmail-reject.conf: double space (should be by missing dns-host only) Closes#1578
Update Changelog to reflect the new np.conf action
Create npf.conf for the NPF packet filter
...
- fixed for newer version (one space, closes gh-1626)
reviewed and optimized:
- non-greedy catch-all replaced for safer match
- unneeded catch-all anchoring removed
- non-capturing groups
- fixes failregex, that ignores failures through some irrelevant info (closes#1623);
- ignores whole additionally irrelevant info in anchored regex before fixed failure data `\((?:auth failed, \d+ attempts( in \d+ secs)?|tried to use (disabled|disallowed) \S+ auth)\)`
- review, IPv6 compatibility fix, non-capturing groups
added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files
test cases: executing of some complex actions covered
Hank Leininger