Revision: 651
http://fail2ban.svn.sourceforge.net/fail2ban/?rev=651&view=rev
Author: lostcontrol
Date: 2008-02-06 12:17:12 -0800 (Wed, 06 Feb 2008)
Log Message:
-----------
- Renamed CHANGELOG to ChangeLog.
Modified Paths:
--------------
branches/FAIL2BAN-0_8/MANIFEST
Added Paths:
-----------
branches/FAIL2BAN-0_8/ChangeLog
Removed Paths:
-------------
branches/FAIL2BAN-0_8/CHANGELOG
Deleted: branches/FAIL2BAN-0_8/CHANGELOG
===================================================================
--- branches/FAIL2BAN-0_8/CHANGELOG 2008-02-02 20:07:06 UTC (rev 650)
+++ branches/FAIL2BAN-0_8/CHANGELOG 2008-02-06 20:17:12 UTC (rev 651)
@@ -1,385 +0,0 @@
- __ _ _ ___ _
- / _|__ _(_) |_ ) |__ __ _ _ _
- | _/ _` | | |/ /| '_ \/ _` | ' \
- |_| \__,_|_|_/___|_.__/\__,_|_||_|
-
-=============================================================
-Fail2Ban (version 0.8.2) 2008/??/??
-=============================================================
-
-ver. 0.8.2 (2008/??/??) - stable
-----------
-- Fixed named filter. Thanks to Yaroslav Halchenko
-- Fixed wrong path for apache-auth in jail.conf. Thanks to
- Vincent Deffontaines
-- Fixed timezone bug with epoch date template. Thanks to
- Michael Hanselmann
-- Added "full line failregex" patch. Thanks to Yaroslav
- Halchenko. It will be possible to create stronger failregex
- against log injection
-- Fixed ipfw action script. Thanks to Nick Munger
-- Removed date from logging message when using SYSLOG. Thanks
- to Iain Lea
-- Fixed "ignore IPs". Only the first value was taken into
- account. Thanks to Adrien Clerc
-- Moved socket to /var/run/fail2ban.
-- Rewrote the communication server.
-- Refactoring. Reduced number of files.
-- Removed Python 2.4. Minimum required version is now Python
- 2.3.
-- New log rotation detection algorithm.
-- Print monitored files in status.
-- Create a PID file in /var/run/fail2ban/. Thanks to Julien
- Perez.
-
-ver. 0.8.1 (2007/08/14) - stable
-----------
-- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
-- Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
-- Improved regular expressions. Thanks to Yaroslav Halchenko
- and others
-- Added sendmail actions. The action started with "mail" are
- now deprecated. Thanks to Raphaël Marichez
-- Added "ignoreregex" support to fail2ban-regex
-- Updated suse-initd and added it to MANIFEST. Thanks to
- Christian Rauch
-- Tightening up the pid check in redhat-initd. Thanks to
- David Nutter
-- Added webmin authentication filter. Thanks to Guillaume
- Delvit
-- Removed textToDns() which is not required anymore. Thanks
- to Yaroslav Halchenko
-- Added new action iptables-allports. Thanks to Yaroslav
- Halchenko
-- Added "named" date format to date detector. Thanks to
- Yaroslav Halchenko
-- Added filter file for named (bind9). Thanks to Yaroslav
- Halchenko
-- Fixed vsftpd filter. Thanks to Yaroslav Halchenko
-
-ver. 0.8.0 (2007/05/03) - stable
-----------
-- Fixed RedHat init script. Thanks to Jonathan Underwood
-- Added Solaris 10 files. Thanks to Hanno 'Rince' Wagner
-
-ver. 0.7.9 (2007/04/19) - release candidate
-----------
-- Close opened handlers. Thanks to Yaroslav Halchenko
-- Fixed "reload" bug. Many many thanks to Yaroslav Halchenko
-- Added date format for asctime without year
-- Modified filters config. Thanks to Michael C. Haller
-- Fixed a small bug in mail-buffered.conf
-
-ver. 0.7.8 (2007/03/21) - release candidate
-----------
-- Fixed asctime pattern in datedetector.py
-- Added new filters/actions. Thanks to Yaroslav Halchenko
-- Added Suse init script and modified gentoo-initd. Thanks to
- Christian Rauch
-- Moved every locking statements in a try..finally block
-
-ver. 0.7.7 (2007/02/08) - release candidate
-----------
-- Added signal handling in fail2ban-client
-- Added a wonderful visual effect when waiting on the server
-- fail2ban-client returns an error code if configuration is
- not valid
-- Added new filters/actions. Thanks to Yaroslav Halchenko
-- Call Python interpreter directly (instead of using "env")
-- Added file support to fail2ban-regex. Benchmark feature has
- been removed
-- Added cacti script and template.
-- Added IP list in "status <JAIL>". Thanks to Eric Gerbier
-
-ver. 0.7.6 (2007/01/04) - beta
-----------
-- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
-- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
-- Use numeric output for iptables in "actioncheck"
-- Fixed removal of host in hosts.deny. Thanks to René Berber
-- Added new date format (2006-12-21 06:43:20) and Exim4
- filter. Thanks to mEDI
-- Several "failregex" and "ignoreregex" are now accepted.
- Creation of rules should be easier now.
-- Added license in COPYING. Thanks to Axel Thimm
-- Allow comma in action options. The value of the option must
- be escaped with " or '. Thanks to Yaroslav Halchenko
-- Now Fail2ban goes in /usr/share/fail2ban instead of
- /usr/lib/fail2ban. This is more compliant with FHS. Thanks
- to Axel Thimm and Yaroslav Halchenko
-
-ver. 0.7.5 (2006/12/07) - beta
-----------
-- Do not ban a host that is currently banned. Thanks to
- Yaroslav Halchenko
-- The supported tags in "action(un)ban" are <ip>, <failures>
- and <time>
-- Fixed refactoring bug (getLastcommand -> getLastAction)
-- Added option "ignoreregex" in filter scripts and jail.conf.
- Feature Request #1283304
-- Fixed a bug in user defined time regex/pattern
-- Improved documentation
-- Moved version.py and protocol.py to common/
-- Merged "maxtime" option with "findtime"
-- Added "<HOST>" tag support in failregex which matches
- default IP address/hostname. "(?P<host>\S)" is still valid
- and supported
-- Fixed exception when calling fail2ban-server with unknown
- option
-- Fixed Debian bug 400162. The "socket" option is now handled
- correctly by fail2ban-client
-- Fixed RedHat init script. Thanks to Justin Shore
-- Changed timeout to 30 secondes before assuming the server
- cannot be started. Thanks to Joël Bertrand
-
-ver. 0.7.4 (2006/11/01) - beta
-----------
-- Improved configuration files. Thanks to Yaroslav Halchenko
-- Added man page for "fail2ban-regex"
-- Moved ban/unban messages from "info" level to "warn"
-- Added "-s" option to specify the socket path and "socket"
- option in "fail2ban.conf"
-- Added "backend" option in "jail.conf"
-- Added more filters/actions and jail samples. Thanks to Nick
- Munger, Christoph Haas
-- Improved testing framework
-- Fixed a bug in the return code handling of the executed
- commands. Thanks to Yaroslav Halchenko
-- Signal handling. There is a bug with join() and signal in
- Python
-- Better debugging output for "fail2ban-regex"
-- Added support for more date format
-- cPickle does not work with Python 2.5. Use pickle instead
- (performance is not a problem in our case)
-
-ver. 0.7.3 (2006/09/28) - beta
-----------
-- Added man pages. Thanks to Yaroslav Halchenko
-- Added wildcard support for "logpath"
-- Added Gamin (file and directory monitoring system) support
-- (Re)added "ignoreip" option
-- Added more concurrency protection
-- First attempt at solving bug #1457620 (locale issue)
-- Performance improvements
-- (Re)added permanent banning with banTime < 0
-- Added DNS support to "ignoreip". Feature Request #1285859
-
-ver. 0.7.2 (2006/09/10) - beta
-----------
-- Refactoring and code cleanup
-- Improved client output
-- Added more get/set commands
-- Added more configuration templates
-- Removed "logpath" and "maxretry" from filter templates.
- They must be defined in jail.conf now
-- Added interactive mode. Use "-i"
-- Added a date detector. "timeregex" and "timepattern" are no
- more needed
-- Added "fail2ban-regex". This is a tool to help finding
- "failregex"
-- Improved server communication. Start a new thread for each
- incoming request. Fail2ban is not really thread-safe yet
-
-ver. 0.7.1 (2006/08/23) - alpha
-----------
-- Fixed daemon mode bug
-- Added Gentoo init.d script
-- Fixed path bug when trying to start "fail2ban-server"
-- Fixed reload command
-
-ver. 0.7.0 (2006/08/23) - alpha
-----------
-- Almost a complete rewrite :) Fail2ban design is really
- better (IMHO). There is a lot of new features
-- Client/Server architecture
-- Multithreading. Each jail has its own threads: one for the
- log reading and another for the actions
-- Execute several actions
-- Split configuration files. They are more readable and easy
- to use
-- failregex uses group (<host>) now. This feature was already
- present in the Debian package
-- lots of things...
-
-ver. 0.6.1 (2006/03/16) - stable
-----------
-- Added permanent banning. Set banTime to a negative value to
- enable this feature (-1 is perfect). Thanks to Mannone
-- Fixed locale bug. Thanks to Fernando José
-- Fixed crash when time format does not match data
-- Propagated patch from Debian to fix fail2ban search path
- addition to the path search list: now it is added first.
- Thanks to Nick Craig-Wood
-- Added SMTP authentification for mail notification. Thanks
- to Markus Hoffmann
-- Removed debug mode as it is confusing for people
-- Added parsing of timestamp in TAI64N format (#1275325).
- Thanks to Mark Edgington
-- Added patch #1382936 (Default formatted syslog logging).
- Thanks to Patrick B�rjesson
-- Removed 192.168.0.0/16 from ignoreip. Attacks could also
- come from the local network.
-- Robust startup: if iptables module does not get fully
- initialized after startup of fail2ban, fail2ban will do
- "maxreinit" attempts to initialize its own firewall. It
- will sleep between attempts for "polltime" number of
- seconds (closes Debian: #334272). Thanks to Yaroslav
- Halchenko
-- Added "interpolations" in fail2ban.conf. This is provided
- by the ConfigParser module. Old configuration files still
- work. Thanks to Yaroslav Halchenko
-- Added initial support for hosts.deny and shorewall. Need
- more testing. Please test. Thanks to kojiro from Gentoo
- forum for hosts.deny support
-- Added support for vsftpd. Thanks to zugeschmiert
-
-ver. 0.6.0 (2005/11/20) - stable
-----------
-- Propagated patches introduced by Debian maintainer
- (Yaroslav Halchenko):
- * Added an option to report local time (including timezone)
- or GMT in mail notification.
-
-ver. 0.5.5 (2005/10/26) - beta
-----------
-- Propagated patches introduced by Debian maintainer
- (Yaroslav Halchenko):
- * Introduced fwcheck option to verify consistency of the
- chains. Implemented automatic restart of fail2ban main
- function in case check of fwban or fwunban command failed
- (closes: #329163, #331695). (Introduced patch was further
- adjusted by upstream author).
- * Added -f command line parameter for [findtime].
- * Added a cleanup of firewall rules on emergency shutdown
- when unknown exception is catched.
- * Fail2ban should not crash now if a wrong file name is
- specified in config.
- * reordered code a bit so that log targets are setup right
- after background and then only loglevel (verbose, debug)
- is processed, so the warning could be seen in the logs
- * Added a keyword <section> in parsing of the subject and
- the body of an email sent out by fail2ban (closes:
- #330311)
-
-ver. 0.5.4 (2005/09/13) - beta
-----------
-- Fixed bug #1286222.
-- Propagated patches introduced by Debian maintainer
- (Yaroslav Halchenko):
- * Fixed handling of SYSLOG logging target. Now it can log
- to any SYSLOG target and facility as directed by the
- config
- * Format of SYSLOG entries fixed to look closer to standard
- * Fixed errata in config/gentoo-confd
- * Introduced findtime configuration variable to control the
- lifetime of caught "failed" log entries
-
-ver. 0.5.3 (2005/09/08) - beta
-----------
-- Fixed a bug when overriding "maxfailures" or "bantime".
- Thanks to Yaroslav Halchenko
-- Added more debug output if an error occurs when sending
- mail. Thanks to Stephen Gildea
-- Renamed "maxretry" to "maxfailures" and changed default
- value to 5. Thanks to Stephen Gildea
-- Hopefully fixed bug #1256075
-- Fixed bug #1262345
-- Fixed exception handling in PIDLock
-- Removed warning when using "-V" or "-h" with no config
- file. Thanks to Yaroslav Halchenko
-- Removed "-i eth0" from config file. Thanks to Yaroslav
- Halchenko
-
-ver. 0.5.2 (2005/08/06) - beta
-----------
-- Better PID lock file handling. Should close #1239562
-- Added man pages
-- Removed log4py dependency. Use logging module instead
-- "maxretry" and "bantime" can be overridden in each section
-- Fixed bug #1246278 (excessive memory usage)
-- Fixed crash on wrong option value in configuration file
-- Changed custom chains to lowercase
-
-ver. 0.5.1 (2005/07/23) - beta
-----------
-- Fixed bugs #1241756, #1239557
-- Added log targets in configuration file. Removed -l option
-- Changed iptables rules in order to create a separated chain
- for each section
-- Fixed static banList in firewall.py
-- Added an initd script for Debian. Thanks to Yaroslav
- Halchenko
-- Check for obsolete files after install
-
-ver. 0.5.0 (2005/07/12) - beta
-----------
-- Added support for CIDR mask in ignoreip
-- Added mail notification support
-- Fixed bug #1234699
-- Added tags replacement in rules definition. Should allow a
- clean solution for Feature Request #1229479
-- Removed "interface" and "firewall" options
-- Added start and end commands in the configuration file.
- Thanks to Yaroslav Halchenko
-- Added firewall rules definition in the configuration file
-- Cleaned fail2ban.py
-- Added an initd script for RedHat/Fedora. Thanks to Andrey
- G. Grozin
-
-ver. 0.4.1 (2005/06/30) - stable
-----------
-- Fixed textToDNS method which generated wrong matches for
- "rhost=12-xyz...". Thanks to Tom Pike
-- fail2ban.conf modified for readability. Thanks to Iain Lea
-- Added an initd script for Gentoo
-- Changed default PID lock file location from /tmp to
- /var/run
-
-ver. 0.4.0 (2005/04/24) - stable
-----------
-- Fixed textToDNS which did not recognize strings like
- "12-345-67-890.abcd.mnopqr.xyz"
-
-ver. 0.3.1 (2005/03/31) - beta
-----------
-- Corrected level of messages
-- Added DNS lookup support
-- Improved parsing speed. Only parse the new log messages
-- Added a second verbose level (-vv)
-
-ver. 0.3.0 (2005/02/24) - beta
-----------
-- Re-writting of parts of the code in order to handle several
- log files with different rules
-- Removed sshd.py because it is no more needed
-- Fixed a bug when exiting with IP in the ban list
-- Added PID lock file
-- Improved some parts of the code
-- Added ipfw-start-rule option (thanks to Robert Edeker)
-- Added -k option which kills a currently running Fail2Ban
-
-ver. 0.1.2 (2004/11/21) - beta
-----------
-- Add ipfw and ipfwadm support. The rules are taken from
- BlockIt. Thanks to Robert Edeker
-- Add -e option which allows to set the interface. Thanks to
- Robert Edeker who reminded me this
-- Small code cleaning
-
-ver. 0.1.1 (2004/10/23) - beta
-----------
-- Add SIGTERM handler in order to exit nicely when in daemon
- mode
-- Add -r option which allows to set the maximum number of
- login failures
-- Remove the Metalog class as the log file are not so syslog
- daemon specific
-- Rewrite log reader to be service centered. Sshd support
- added. Match "Failed password" and "Illegal user"
-- Add /etc/fail2ban.conf configuration support
-- Code documentation
-
-
-ver. 0.1.0 (2004/10/12) - alpha
-----------
-- Initial release
Copied: branches/FAIL2BAN-0_8/ChangeLog (from rev 647, branches/FAIL2BAN-0_8/CHANGELOG)
===================================================================
--- branches/FAIL2BAN-0_8/ChangeLog (rev 0)
+++ branches/FAIL2BAN-0_8/ChangeLog 2008-02-06 20:17:12 UTC (rev 651)
@@ -0,0 +1,385 @@
+ __ _ _ ___ _
+ / _|__ _(_) |_ ) |__ __ _ _ _
+ | _/ _` | | |/ /| '_ \/ _` | ' \
+ |_| \__,_|_|_/___|_.__/\__,_|_||_|
+
+=============================================================
+Fail2Ban (version 0.8.2) 2008/??/??
+=============================================================
+
+ver. 0.8.2 (2008/??/??) - stable
+----------
+- Fixed named filter. Thanks to Yaroslav Halchenko
+- Fixed wrong path for apache-auth in jail.conf. Thanks to
+ Vincent Deffontaines
+- Fixed timezone bug with epoch date template. Thanks to
+ Michael Hanselmann
+- Added "full line failregex" patch. Thanks to Yaroslav
+ Halchenko. It will be possible to create stronger failregex
+ against log injection
+- Fixed ipfw action script. Thanks to Nick Munger
+- Removed date from logging message when using SYSLOG. Thanks
+ to Iain Lea
+- Fixed "ignore IPs". Only the first value was taken into
+ account. Thanks to Adrien Clerc
+- Moved socket to /var/run/fail2ban.
+- Rewrote the communication server.
+- Refactoring. Reduced number of files.
+- Removed Python 2.4. Minimum required version is now Python
+ 2.3.
+- New log rotation detection algorithm.
+- Print monitored files in status.
+- Create a PID file in /var/run/fail2ban/. Thanks to Julien
+ Perez.
+
+ver. 0.8.1 (2007/08/14) - stable
+----------
+- Fixed vulnerability in sshd.conf. Thanks to Daniel B. Cid
+- Expand <HOST> in ignoreregex. Thanks to Yaroslav Halchenko
+- Improved regular expressions. Thanks to Yaroslav Halchenko
+ and others
+- Added sendmail actions. The action started with "mail" are
+ now deprecated. Thanks to Raphaël Marichez
+- Added "ignoreregex" support to fail2ban-regex
+- Updated suse-initd and added it to MANIFEST. Thanks to
+ Christian Rauch
+- Tightening up the pid check in redhat-initd. Thanks to
+ David Nutter
+- Added webmin authentication filter. Thanks to Guillaume
+ Delvit
+- Removed textToDns() which is not required anymore. Thanks
+ to Yaroslav Halchenko
+- Added new action iptables-allports. Thanks to Yaroslav
+ Halchenko
+- Added "named" date format to date detector. Thanks to
+ Yaroslav Halchenko
+- Added filter file for named (bind9). Thanks to Yaroslav
+ Halchenko
+- Fixed vsftpd filter. Thanks to Yaroslav Halchenko
+
+ver. 0.8.0 (2007/05/03) - stable
+----------
+- Fixed RedHat init script. Thanks to Jonathan Underwood
+- Added Solaris 10 files. Thanks to Hanno 'Rince' Wagner
+
+ver. 0.7.9 (2007/04/19) - release candidate
+----------
+- Close opened handlers. Thanks to Yaroslav Halchenko
+- Fixed "reload" bug. Many many thanks to Yaroslav Halchenko
+- Added date format for asctime without year
+- Modified filters config. Thanks to Michael C. Haller
+- Fixed a small bug in mail-buffered.conf
+
+ver. 0.7.8 (2007/03/21) - release candidate
+----------
+- Fixed asctime pattern in datedetector.py
+- Added new filters/actions. Thanks to Yaroslav Halchenko
+- Added Suse init script and modified gentoo-initd. Thanks to
+ Christian Rauch
+- Moved every locking statements in a try..finally block
+
+ver. 0.7.7 (2007/02/08) - release candidate
+----------
+- Added signal handling in fail2ban-client
+- Added a wonderful visual effect when waiting on the server
+- fail2ban-client returns an error code if configuration is
+ not valid
+- Added new filters/actions. Thanks to Yaroslav Halchenko
+- Call Python interpreter directly (instead of using "env")
+- Added file support to fail2ban-regex. Benchmark feature has
+ been removed
+- Added cacti script and template.
+- Added IP list in "status <JAIL>". Thanks to Eric Gerbier
+
+ver. 0.7.6 (2007/01/04) - beta
+----------
+- Added a "sleep 1" in redhat-initd. Thanks to Jim Wight
+- Use /dev/log for SYSLOG output. Thanks to Joerg Sommrey
+- Use numeric output for iptables in "actioncheck"
+- Fixed removal of host in hosts.deny. Thanks to René Berber
+- Added new date format (2006-12-21 06:43:20) and Exim4
+ filter. Thanks to mEDI
+- Several "failregex" and "ignoreregex" are now accepted.
+ Creation of rules should be easier now.
+- Added license in COPYING. Thanks to Axel Thimm
+- Allow comma in action options. The value of the option must
+ be escaped with " or '. Thanks to Yaroslav Halchenko
+- Now Fail2ban goes in /usr/share/fail2ban instead of
+ /usr/lib/fail2ban. This is more compliant with FHS. Thanks
+ to Axel Thimm and Yaroslav Halchenko
+
+ver. 0.7.5 (2006/12/07) - beta
+----------
+- Do not ban a host that is currently banned. Thanks to
+ Yaroslav Halchenko
+- The supported tags in "action(un)ban" are <ip>, <failures>
+ and <time>
+- Fixed refactoring bug (getLastcommand -> getLastAction)
+- Added option "ignoreregex" in filter scripts and jail.conf.
+ Feature Request #1283304
+- Fixed a bug in user defined time regex/pattern
+- Improved documentation
+- Moved version.py and protocol.py to common/
+- Merged "maxtime" option with "findtime"
+- Added "<HOST>" tag support in failregex which matches
+ default IP address/hostname. "(?P<host>\S)" is still valid
+ and supported
+- Fixed exception when calling fail2ban-server with unknown
+ option
+- Fixed Debian bug 400162. The "socket" option is now handled
+ correctly by fail2ban-client
+- Fixed RedHat init script. Thanks to Justin Shore
+- Changed timeout to 30 secondes before assuming the server
+ cannot be started. Thanks to Joël Bertrand
+
+ver. 0.7.4 (2006/11/01) - beta
+----------
+- Improved configuration files. Thanks to Yaroslav Halchenko
+- Added man page for "fail2ban-regex"
+- Moved ban/unban messages from "info" level to "warn"
+- Added "-s" option to specify the socket path and "socket"
+ option in "fail2ban.conf"
+- Added "backend" option in "jail.conf"
+- Added more filters/actions and jail samples. Thanks to Nick
+ Munger, Christoph Haas
+- Improved testing framework
+- Fixed a bug in the return code handling of the executed
+ commands. Thanks to Yaroslav Halchenko
+- Signal handling. There is a bug with join() and signal in
+ Python
+- Better debugging output for "fail2ban-regex"
+- Added support for more date format
+- cPickle does not work with Python 2.5. Use pickle instead
+ (performance is not a problem in our case)
+
+ver. 0.7.3 (2006/09/28) - beta
+----------
+- Added man pages. Thanks to Yaroslav Halchenko
+- Added wildcard support for "logpath"
+- Added Gamin (file and directory monitoring system) support
+- (Re)added "ignoreip" option
+- Added more concurrency protection
+- First attempt at solving bug #1457620 (locale issue)
+- Performance improvements
+- (Re)added permanent banning with banTime < 0
+- Added DNS support to "ignoreip". Feature Request #1285859
+
+ver. 0.7.2 (2006/09/10) - beta
+----------
+- Refactoring and code cleanup
+- Improved client output
+- Added more get/set commands
+- Added more configuration templates
+- Removed "logpath" and "maxretry" from filter templates.
+ They must be defined in jail.conf now
+- Added interactive mode. Use "-i"
+- Added a date detector. "timeregex" and "timepattern" are no
+ more needed
+- Added "fail2ban-regex". This is a tool to help finding
+ "failregex"
+- Improved server communication. Start a new thread for each
+ incoming request. Fail2ban is not really thread-safe yet
+
+ver. 0.7.1 (2006/08/23) - alpha
+----------
+- Fixed daemon mode bug
+- Added Gentoo init.d script
+- Fixed path bug when trying to start "fail2ban-server"
+- Fixed reload command
+
+ver. 0.7.0 (2006/08/23) - alpha
+----------
+- Almost a complete rewrite :) Fail2ban design is really
+ better (IMHO). There is a lot of new features
+- Client/Server architecture
+- Multithreading. Each jail has its own threads: one for the
+ log reading and another for the actions
+- Execute several actions
+- Split configuration files. They are more readable and easy
+ to use
+- failregex uses group (<host>) now. This feature was already
+ present in the Debian package
+- lots of things...
+
+ver. 0.6.1 (2006/03/16) - stable
+----------
+- Added permanent banning. Set banTime to a negative value to
+ enable this feature (-1 is perfect). Thanks to Mannone
+- Fixed locale bug. Thanks to Fernando José
+- Fixed crash when time format does not match data
+- Propagated patch from Debian to fix fail2ban search path
+ addition to the path search list: now it is added first.
+ Thanks to Nick Craig-Wood
+- Added SMTP authentification for mail notification. Thanks
+ to Markus Hoffmann
+- Removed debug mode as it is confusing for people
+- Added parsing of timestamp in TAI64N format (#1275325).
+ Thanks to Mark Edgington
+- Added patch #1382936 (Default formatted syslog logging).
+ Thanks to Patrick B�rjesson
+- Removed 192.168.0.0/16 from ignoreip. Attacks could also
+ come from the local network.
+- Robust startup: if iptables module does not get fully
+ initialized after startup of fail2ban, fail2ban will do
+ "maxreinit" attempts to initialize its own firewall. It
+ will sleep between attempts for "polltime" number of
+ seconds (closes Debian: #334272). Thanks to Yaroslav
+ Halchenko
+- Added "interpolations" in fail2ban.conf. This is provided
+ by the ConfigParser module. Old configuration files still
+ work. Thanks to Yaroslav Halchenko
+- Added initial support for hosts.deny and shorewall. Need
+ more testing. Please test. Thanks to kojiro from Gentoo
+ forum for hosts.deny support
+- Added support for vsftpd. Thanks to zugeschmiert
+
+ver. 0.6.0 (2005/11/20) - stable
+----------
+- Propagated patches introduced by Debian maintainer
+ (Yaroslav Halchenko):
+ * Added an option to report local time (including timezone)
+ or GMT in mail notification.
+
+ver. 0.5.5 (2005/10/26) - beta
+----------
+- Propagated patches introduced by Debian maintainer
+ (Yaroslav Halchenko):
+ * Introduced fwcheck option to verify consistency of the
+ chains. Implemented automatic restart of fail2ban main
+ function in case check of fwban or fwunban command failed
+ (closes: #329163, #331695). (Introduced patch was further
+ adjusted by upstream author).
+ * Added -f command line parameter for [findtime].
+ * Added a cleanup of firewall rules on emergency shutdown
+ when unknown exception is catched.
+ * Fail2ban should not crash now if a wrong file name is
+ specified in config.
+ * reordered code a bit so that log targets are setup right
+ after background and then only loglevel (verbose, debug)
+ is processed, so the warning could be seen in the logs
+ * Added a keyword <section> in parsing of the subject and
+ the body of an email sent out by fail2ban (closes:
+ #330311)
+
+ver. 0.5.4 (2005/09/13) - beta
+----------
+- Fixed bug #1286222.
+- Propagated patches introduced by Debian maintainer
+ (Yaroslav Halchenko):
+ * Fixed handling of SYSLOG logging target. Now it can log
+ to any SYSLOG target and facility as directed by the
+ config
+ * Format of SYSLOG entries fixed to look closer to standard
+ * Fixed errata in config/gentoo-confd
+ * Introduced findtime configuration variable to control the
+ lifetime of caught "failed" log entries
+
+ver. 0.5.3 (2005/09/08) - beta
+----------
+- Fixed a bug when overriding "maxfailures" or "bantime".
+ Thanks to Yaroslav Halchenko
+- Added more debug output if an error occurs when sending
+ mail. Thanks to Stephen Gildea
+- Renamed "maxretry" to "maxfailures" and changed default
+ value to 5. Thanks to Stephen Gildea
+- Hopefully fixed bug #1256075
+- Fixed bug #1262345
+- Fixed exception handling in PIDLock
+- Removed warning when using "-V" or "-h" with no config
+ file. Thanks to Yaroslav Halchenko
+- Removed "-i eth0" from config file. Thanks to Yaroslav
+ Halchenko
+
+ver. 0.5.2 (2005/08/06) - beta
+----------
+- Better PID lock file handling. Should close #1239562
+- Added man pages
+- Removed log4py dependency. Use logging module instead
+- "maxretry" and "bantime" can be overridden in each section
+- Fixed bug #1246278 (excessive memory usage)
+- Fixed crash on wrong option value in configuration file
+- Changed custom chains to lowercase
+
+ver. 0.5.1 (2005/07/23) - beta
+----------
+- Fixed bugs #1241756, #1239557
+- Added log targets in configuration file. Removed -l option
+- Changed iptables rules in order to create a separated chain
+ for each section
+- Fixed static banList in firewall.py
+- Added an initd script for Debian. Thanks to Yaroslav
+ Halchenko
+- Check for obsolete files after install
+
+ver. 0.5.0 (2005/07/12) - beta
+----------
+- Added support for CIDR mask in ignoreip
+- Added mail notification support
+- Fixed bug #1234699
+- Added tags replacement in rules definition. Should allow a
+ clean solution for Feature Request #1229479
+- Removed "interface" and "firewall" options
+- Added start and end commands in the configuration file.
+ Thanks to Yaroslav Halchenko
+- Added firewall rules definition in the configuration file
+- Cleaned fail2ban.py
+- Added an initd script for RedHat/Fedora. Thanks to Andrey
+ G. Grozin
+
+ver. 0.4.1 (2005/06/30) - stable
+----------
+- Fixed textToDNS method which generated wrong matches for
+ "rhost=12-xyz...". Thanks to Tom Pike
+- fail2ban.conf modified for readability. Thanks to Iain Lea
+- Added an initd script for Gentoo
+- Changed default PID lock file location from /tmp to
+ /var/run
+
+ver. 0.4.0 (2005/04/24) - stable
+----------
+- Fixed textToDNS which did not recognize strings like
+ "12-345-67-890.abcd.mnopqr.xyz"
+
+ver. 0.3.1 (2005/03/31) - beta
+----------
+- Corrected level of messages
+- Added DNS lookup support
+- Improved parsing speed. Only parse the new log messages
+- Added a second verbose level (-vv)
+
+ver. 0.3.0 (2005/02/24) - beta
+----------
+- Re-writting of parts of the code in order to handle several
+ log files with different rules
+- Removed sshd.py because it is no more needed
+- Fixed a bug when exiting with IP in the ban list
+- Added PID lock file
+- Improved some parts of the code
+- Added ipfw-start-rule option (thanks to Robert Edeker)
+- Added -k option which kills a currently running Fail2Ban
+
+ver. 0.1.2 (2004/11/21) - beta
+----------
+- Add ipfw and ipfwadm support. The rules are taken from
+ BlockIt. Thanks to Robert Edeker
+- Add -e option which allows to set the interface. Thanks to
+ Robert Edeker who reminded me this
+- Small code cleaning
+
+ver. 0.1.1 (2004/10/23) - beta
+----------
+- Add SIGTERM handler in order to exit nicely when in daemon
+ mode
+- Add -r option which allows to set the maximum number of
+ login failures
+- Remove the Metalog class as the log file are not so syslog
+ daemon specific
+- Rewrite log reader to be service centered. Sshd support
+ added. Match "Failed password" and "Illegal user"
+- Add /etc/fail2ban.conf configuration support
+- Code documentation
+
+
+ver. 0.1.0 (2004/10/12) - alpha
+----------
+- Initial release
Modified: branches/FAIL2BAN-0_8/MANIFEST
===================================================================
--- branches/FAIL2BAN-0_8/MANIFEST 2008-02-02 20:07:06 UTC (rev 650)
+++ branches/FAIL2BAN-0_8/MANIFEST 2008-02-06 20:17:12 UTC (rev 651)
@@ -1,5 +1,5 @@
README
-CHANGELOG
+ChangeLog
TODO
COPYING
fail2ban-client
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|