Fedora EPEL 6 Update: fail2ban-0.9.2-1.el6

updates at fedoraproject.org updates at fedoraproject.org
Thu Jul 23 19:15:54 UTC 2015 

--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2015-6452
2015-05-29 19:22:40
--------------------------------------------------------------------------------

Name        : fail2ban
Product     : Fedora EPEL 6
Version     : 0.9.2
Release     : 1.el6
URL         : http://fail2ban.sourceforge.net/
Summary     : Ban IPs that make too many password failures
Description :
Fail2ban scans log files like /var/log/pwdfail or
/var/log/apache/error_log and bans IP that makes too many password
failures. It updates firewall rules to reject the IP address.

To use the hostsdeny and shorewall actions you must install tcp_wrappers
and shorewall respectively.

--------------------------------------------------------------------------------
Update Information:

ver. 0.9.2 (2015/04/29) - better-quick-now-than-later
----------

- Fixes:
   * infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907. Thanks TonyThompson
   * port[s] typo in jail.conf/nginx-http-auth gh-913. Thanks Frederik Wagner (fnerdwq)
   * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255
   * grep'ing for IP in *mail-whois-lines.conf should now match also at the beginning and EOL.  Thanks Dean Lee
   * jail.conf
     - php-url-fopen: separate logpath entries by newline
   * failregex declared direct in jail was joined to single line (specifying of multiple expressions was not possible).
   * filters.d/exim.conf - cover different settings of exim logs
     details. Thanks bes.internal
   * filter.d/postfix-sasl.conf - failregex is now case insensitive
   * filters.d/postfix.conf - add 'Client host rejected error message' failregex
   * fail2ban/__init__.py - add strptime thread safety hack-around
   * recidive uses iptables-allports banaction by default now.
     Avoids problems with iptables versions not understanding 'all' for protocols and ports
   * filter.d/dovecot.conf
     - match pam_authenticate line from EL7
     - match unknown user line from EL7
   * Use use_poll=True for Python 2.7 and >=3.4 to overcome "Bad file
     descriptor" msgs issue (gh-161)
   * filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to ignore system authentication issues
   * fail2ban-regex reads filter file(s) completely, incl. '.local' file etc. (gh-954)
   * firewallcmd-* actions: split output into separate lines for grepping (gh-908)
   * Guard unicode encode/decode issues while storing records in the database.
     Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot for reporting
   * filter.d/sshd added regex for matching openSUSE ssh authentication failure
   * filter.d/asterisk.conf:
     - Dropped "Sending fake auth rejection" failregex since it incorrectly targets the asterisk server itself
     - match "hacking attempt detected" logs

- New Features:
   - New filters:
     - postfix-rbl  Thanks Lee Clemens
     - apache-fakegooglebot.conf  Thanks Lee Clemens
     - nginx-botsearch  Thanks Frantisek Sumsal
     - drupal-auth  Thanks Lee Clemens
   - New recursive embedded substitution feature added:
     - `<<PREF>HOST>` becomes `<IPV4HOST>` for PREF=`IPV4`;
     - `<<PREF>HOST>` becomes `1.2.3.4` for PREF=`IPV4` and IPV4HOST=`1.2.3.4`;
   - New interpolation feature for config readers - `%(known/parameter)s`. (means last known option with name `parameter`). This interpolation makes possible to extend a stock filter or jail regexp in .local file (opposite to simply set failregex/ignoreregex that overwrites it), see gh-867.
   - Monit config for fail2ban in files/monit/
   - New actions:
     - action.d/firewallcmd-multiport and action.d/firewallcmd-allports Thanks Donald Yandt
     - action.d/sendmail-geoip-lines.conf
     - action.d/nsupdate to update DNSBL. Thanks Andrew St. Jean
   - New status argument for fail2ban-client -- flavor:
     fail2ban-client status <jail> [flavor]
     - empty or "basic" works as-is
     - "cymru" additionally prints (ASN, Country RIR) per banned IP (requires dnspython or dnspython3)
   - Flush log at USR1 signal

- Enhancements:
   * Enable multiport for firewallcmd-new action.  Closes gh-834
   * files/debian-initd migrated from the debian branch and should be suitable for manual installations now (thanks Juan Karlo de Guzman)
   * Define empty ignoreregex in filters which didn't have it to avoid warnings (gh-934)
   * action.d/{sendmail-*,xarf-login-attack}.conf - report local
     timezone not UTC time/zone. Closes gh-911
   * Conditionally log Ignore IP with reason (dns, ip, command). Closes gh-916
   * Absorbed DNSUtils.cidr into addr2bin in filter.py, added unittests
   * Added syslogsocket configuration to fail2ban.conf
   * Note in the jail.conf for the recidive jail to increase dbpurgeage (gh-964)

Update to 0.9.1:
----

    Refactoring (IMPORTANT -- Please review your setup and configuration):

    iptables-common.conf replaced iptables-blocktype.conf (iptables-blocktype.local should still be read) and now also provides defaults for the chain, port, protocol and name tags

    Fixes:

    start of file2ban aborted (on slow hosts, systemd considers the server has been timed out and kills him), see gh-824
    UTF-8 fixes in pure-ftp thanks to Johannes Weberhofer. Closes gh-806.
    systemd backend error on bad utf-8 in python3
    badips.py action error when logging HTTP error raised with badips request
    fail2ban-regex failed to work in python3 due to space/tab mix
    recidive regex samples incorrect log level
    journalmatch for recidive incorrect PRIORITY
    loglevel couldn't be changed in fail2ban.conf
    Handle case when no sqlite library is available for persistent database
    Only reban once per IP from database on fail2ban restart
    Nginx filter to support missing server_name. Closes gh-676
    fail2ban-regex assertion error caused by miscount missed lines with multiline regex
    Fix actions failing to execute for Python 3.4.0. Workaround for http://bugs.python.org/issue21207
    Database now returns persistent bans on restart (bantime < 0)
    Recursive action tags now fully processed. Fixes issue with bsd-ipfw action
    Fixed TypeError with "ipfailures" and "ipjailfailures" action tags. Thanks Serg G. Brester
    Correct times for non-timezone date times formats during DST
    Pass a copy of, not original, aInfo into actions to avoid side-effects
    Per-distribution paths to the exim's main log
    Ignored IPs are no longer banned when being restored from persistent database
    Manually unbanned IPs are now removed from persistent database, such they wont be banned again when Fail2Ban is restarted
    Pass "bantime" parameter to the actions in default jail's action definition(s)
    filters.d/sieve.conf - fixed typo in _daemon. Thanks Jisoo Park
    cyrus-imap -- also catch also failed logins via secured (imaps/pop3s). Regression was introduced while strengthening failregex in 0.8.11 (bd175f) Debian bug #755173
    postfix-sasl - added journalmatch. Thanks Luc Maisonobe
    postfix* - match with a new daemon string (postfix/submission/smtpd). Closes gh-804 . Thanks Paul Traina

    apache - added filter for AH01630 client denied by server configuration.

    New features:

    New filters:
        monit Thanks Jason H Martin
        directadmin Thanks niorg
        apache-shellshock Thanks Eugene Hopkinson (SlowRiot)
    New actions:
        symbiosis-blacklist-allports for Bytemark symbiosis firewall
    fail2ban-client can fetch the running server version

    Added Cloudflare API action

    Enhancements

    Start performance of fail2ban-client (and tests) increased, start time and cpu usage rapidly reduced. Introduced a shared storage logic, to bypass reading lots of config files (see gh-824). Thanks to Joost Molenaar for good catch (reported gh-820).
    Fail2ban-regex - add print-all-matched option. Closes gh-652
    Suppress fail2ban-client warnings for non-critical config options
    Match non "Bye Bye" disconnect messages for sshd locked account regex
    courier-smtp filter:
        match lines with user names
        match lines containing "535 Authentication failed" attempts
    Add <chain> tag to iptables-ipsets
    Realign fail2ban log output with white space to improve readability. Does not affect SYSLOG output
    Log unhandled exceptions
    cyrus-imap: catch "user not found" attempts
    Add support for Portsentry

- Fix php-url-fopen logpath
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1097720 - Request for update to 0.9.0
        https://bugzilla.redhat.com/show_bug.cgi?id=1097720
--------------------------------------------------------------------------------

This update can be installed with the "yum" update programs.  Use
su -c 'yum update fail2ban' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the epel-package-announce mailing list