forked from pool/fail2ban
a495133311
- Updated to version 0.10.3.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog * fixed JSON serialization for the set-object within dump into database (gh-2103). - Updated to version 0.10.3. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog - Fixes * `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060); * `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048); * `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069; * `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` : - fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064); * `filter.d/sshd.conf`: - failregex got an optional space in order to match new log-format (see gh-2061); - fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062); - fixed root login refused regex (optional port before preauth, gh-2080); - avoid banning of legitimate users when pam_unix used in combination with other password method, so bypass pam_unix failures if accepted available for this user gh-2070; - amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly); - mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it counts failure on closing connection within preauth-stage (gh-2085); * `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101); * `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059); * `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066); * (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054); - New Features * several stability and performance optimizations, more effective filter parsing, etc; * stable runnable within python versions 3.6 (as well as within 3.7-dev); - Enhancements * `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097); * `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073); * date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029); * possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038); the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line, e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line. * badips.py now uses https instead of plain http when requesting badips.com (gh-2057); * add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056); * Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG): Usage `logtarget = target[padding=on|off]` OBS-URL: https://build.opensuse.org/request/show/599593 OBS-URL: https://build.opensuse.org/package/show/security/fail2ban?expand=0&rev=90