* debian: (23 commits)
Imported Upstream version 0.8.3
- Prepared for 0.8.3.
Adjusted vcs paths
- Prepared for 0.8.3
- Send file if the number of lines is greater or equal and not only equal to the limit.
- Use poll instead of select in asyncore.loop. This should solve the "Unknown error 514". Thanks to Michael Geiger and Klaus Lehmann.
- Added missing ignoreregex to filters. Thanks to Klaus Lehmann.
- Added and changed some logging level and messages.
- Added svn:keywords.
- Added ISO 8601 date/time format.
- Better (correct) fix for ignoreregex in jail.[conf|local].
- Fixed ignoreregex processing in fail2ban-client. Thanks to René Berber.
- Added "Day/Month/Year Hour:Minute:Second" date template. Thanks to Dennis Winter.
- Added svn:keywords.
- Added gssftpd filter. Thanks to Kevin Zembower.
- Changed some log level.
- Fixed "fail2ban-client get <jail> logpath". Bug #1916986.
- Fixed PID file while started in daemon mode. Thanks to Christian Jobic who submitted a similar patch.
- Fixed socket path in redhat and suse init script. Thanks to Jim Wight.
- Create /var/run/fail2ban during install.
...
Conflicts:
ChangeLog
config/filter.d/gssftpd.conf
config/filter.d/pam-generic.conf
debian/changelog
* debian:
2 new jails: xinetd-fail, apache-overflows added to jails.conf
minor: adjusted comment for named jails to come closer to upstream
BF: apache-* jails -- authentication failures are recorded in *error.log files, thus paths were adjusted
* debian:
Confirms to policy 3.7.3 (no changes)
Bye Bye dpatch: now everything is handled in git branches
removing patches from dpatch system since they are in branches now
added a comment to README.Debian and to the list of examples for ipmasq example file
Fixed == bashism (Closes: #464647). Thanks Raphael Geisser
* deb/specifics:
slight tune ups in upstream sources destined only for debian are kept in this branch
* up/0.9-0.8:
* up/apache_noscript_extend:
Extended apache-noscript filter with more file extensions and to react to "script not found or unable to stat" log message (closes: #456565). Thanks Tim Connors
* up/ipmasq:
Added ipmasq rule file to restart fail2ban when iptables are wiped out (closes: #461417). Thanks Guido Bozzetto
* up/log_examples:
up/log_examples: moved vsftpd log from up/vsftpd_optional_user
added examples of log lines (for named-refused, pam-generic, sshd) under files/logs for easy testing
* up/mail_whois_lines:
mail-whois-lines: moved fix for proper names from dpatch
* up/named_refused_fixed:
named_refused: moved fix for proper config+filters from dpatch
* up/pam_generic:
added pam-generic from dpatch
* up/proftpd_fix+extend:
Fix/extension of proftpd failrexes (Closes: #461412). Thanks Guido Bozzetto
* up/sshd_refused_connect:
* up/vsftpd_optional_user:
up/vsftpd_optional_user: moving examples into up/examples branch
BF: vsftp anchoring
- anchored properly at the end of line, and source code has .examples
files to perform testing of the rules.
- added new explicit rule for users not in the AllowUsers lists
- Removed obsolete Build-Depends-Indep on help2man, python-dev
- Explicit removal of *.pyc files compiled during build
- Invoke 'python setup.py clean' in clean target, which required also
to move python into Build-Depends
* Minor clean up of debian/rules
with multiport module. That is to address the fact that most services
listen on multiple port (for encrypted and non-encrypted connections)
* Added [courierauth] jail (First 2 items are to partially address #407404
non-released versions (which were suggested to the users to overcome
problems reported in bug reports). In particular attention should be paid
to upstream changelog entries
- Several "failregex" and "ignoreregex" are now accepted.
Creation of rules should be easier now.
This is an alternative solution to 'multiple <HOST>' entries fix,
which is not applied to this shipped version - pay cautios if upgrading
from 0.7.5-3~pre?
- Allow comma in action options. The value of the option must
be escaped with " or '.
That allowed to implement requested ability to ban multiple ports
at once (See 373592). README.Debian and jail.conf adjusted to reflect
possible use of iptables-mport
- Now Fail2ban goes in /usr/share/fail2ban instead of
/usr/lib/fail2ban. This is more compliant with FHS.
Patch 00_share_insteadof_lib no longer applied
* Refactored installed by debian package jail.conf:
- Added option banaction which is to incorporate banning agent
(usually some flavor of iptables rule), which can then be easily
overriden globally or per section
- Multiple actions are defined as action_* to serve as shortcuts
Yaroslav Halchenko