From: Yaroslav H. <li...@on...> - 2012-12-06 14:33:18
|
Hello everyone, I am delighted to announce the availability of 0.8.8 release. Below you can find the final changelog. 0.8.8-1 was uploaded to Debian experimental, and NeuroDebian (http://neuro.debian.net) so any Debian/Ubuntu people could easily upgrade it. tar/zip-balls should be provided by github: https://github.com/fail2ban/fail2ban/tags and I also uploaded locally generated tarball for the release to https://github.com/fail2ban/fail2ban/downloads One of the important changes is escaping of the <matches> content -- so if you crafted some custom action which uses it -- you must upgrade, or you would be at a significant security risk. IPv6 support is still slow-cooking and will be planned for the next major release (e.g. 0.9.0) while 0.8.x series would be primarily a bugfix and non-intrusive enhancements. Enjoy: ver. 0.8.8 (2012/12/06) - stable ---------- - Fixes: Alan Jenkins * [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid banning due to misconfigured DNS. Close gh-64 Yaroslav Halchenko * [83109bc] IMPORTANT: escape the content of <matches> (if used in custom action files) since its value could contain arbitrary symbols. Thanks for discovery go to the NBS System security team * [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. Close gh-83 * [b159eab] do not enable pyinotify backend if pyinotify < 0.8.3 * [37a2e59] store IP as a base, non-unicode str to avoid spurious messages in the console. Close gh-91 - New features: David Engeset * [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of touching the log file to take 'banip' or 'unbanip' in effect. Close gh-81, gh-86 Yaroslav Halchenko - Enhancements: * [2d66f31] replaced uninformative "Invalid command" message with warning log exception why command actually failed * [958a1b0] improved failregex to "support" auth.backend = "htdigest" * [9e7a3b7] until we make it proper module -- adjusted sys.path only if system-wide run * [f52ba99] downgraded "already banned" from WARN to INFO level. Closes gh-79 * [f105379] added hints into the log on some failure return codes (e.g. 0x7f00 for this gh-87) * Various others: travis-ci integration, script to run tests against all available Python versions, etc -- Yaroslav O. Halchenko Debian Developer Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Tony C. <to...@ev...> - 2012-12-06 16:27:11
|
Hi Yaroslav Thank you for all your work! I've been using a CentOS yum package, which is still stuck in 0.8.4 or so. I've modified it to take account of patches here and there. But I would like to completely replace my yum version with the new version. (I'm on CentOS 6, fully updated with everything else). Is it as simple as using Yum to remove the existing one, and then simply dropping the files in place, or are there scripts I need to run? I did look for these kind of instructions but did not see any - forgive me if I've missed it! Tony Collins On 6 December 2012 14:33, Yaroslav Halchenko <li...@on...> wrote: > Hello everyone, > > I am delighted to announce the availability of 0.8.8 release. > > Below you can find the final changelog. 0.8.8-1 was uploaded to Debian > experimental, and NeuroDebian (http://neuro.debian.net) so any > Debian/Ubuntu > people could easily upgrade it. tar/zip-balls should be provided by > github: > https://github.com/fail2ban/fail2ban/tags and I also uploaded locally > generated > tarball for the release to https://github.com/fail2ban/fail2ban/downloads > > One of the important changes is escaping of the <matches> content -- so if > you > crafted some custom action which uses it -- you must upgrade, or you > would be at a significant security risk. > > IPv6 support is still slow-cooking and will be planned for the next > major release (e.g. 0.9.0) while 0.8.x series would be primarily a > bugfix and non-intrusive enhancements. > > Enjoy: > > ver. 0.8.8 (2012/12/06) - stable > ---------- > - Fixes: > Alan Jenkins > * [8c38907] Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to > avoid > banning due to misconfigured DNS. Close gh-64 > Yaroslav Halchenko > * [83109bc] IMPORTANT: escape the content of <matches> (if used in > custom action files) since its value could contain arbitrary > symbols. Thanks for discovery go to the NBS System security > team > * [0935566,5becaf8] Various python 2.4 and 2.5 compatibility fixes. > Close gh-83 > * [b159eab] do not enable pyinotify backend if pyinotify < 0.8.3 > * [37a2e59] store IP as a base, non-unicode str to avoid spurious > messages > in the console. Close gh-91 > - New features: > David Engeset > * [2d672d1,6288ec2] 'unbanip' command for the client + avoidance of > touching > the log file to take 'banip' or 'unbanip' in effect. Close gh-81, > gh-86 > Yaroslav Halchenko > - Enhancements: > * [2d66f31] replaced uninformative "Invalid command" message with > warning log > exception why command actually failed > * [958a1b0] improved failregex to "support" auth.backend = "htdigest" > * [9e7a3b7] until we make it proper module -- adjusted sys.path only if > system-wide run > * [f52ba99] downgraded "already banned" from WARN to INFO level. Closes > gh-79 > * [f105379] added hints into the log on some failure return codes (e.g. > 0x7f00 > for this gh-87) > * Various others: travis-ci integration, script to run tests > against all available Python versions, etc > > > -- > Yaroslav O. Halchenko > Debian Developer > Postdoctoral Fellow, Department of Psychological and Brain Sciences > Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 > Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 > WWW: http://www.linkedin.com/in/yarik > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |
From: Brian K. <ch...@sm...> - 2012-12-06 17:19:23
|
On Dec 6, 2012, at 6:33 AM, Yaroslav Halchenko wrote: > Hello everyone, > > I am delighted to announce the availability of 0.8.8 release. > > Below you can find the final changelog. 0.8.8-1 was uploaded to Debian > experimental, and NeuroDebian (http://neuro.debian.net) so any Debian/Ubuntu > people could easily upgrade it. tar/zip-balls should be provided by github: > https://github.com/fail2ban/fail2ban/tags and I also uploaded locally generated > tarball for the release to https://github.com/fail2ban/fail2ban/downloads Hello, this is very cool. It looks like the readme file link on github is still going to 0.8.7, will that be updated soon? -- chort |
From: Yaroslav H. <li...@on...> - 2012-12-06 17:36:37
|
On Thu, 06 Dec 2012, Brian Keefer wrote: > It looks like the readme file link on github is still going to 0.8.7, will that be updated soon? ha -- I knew that I have forgotten something... "git push"! ;) now it all should be nice and dandy -- thanks! -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Yaroslav H. <li...@on...> - 2012-12-06 17:42:49
|
On Thu, 06 Dec 2012, Tony Collins wrote: > Hi Yaroslav > Thank you for all your work! > I've been using a CentOS yum package, which is still stuck in 0.8.4 or so. > I've modified it to take account of patches here and there. > But I would like to completely replace my yum version with the new > version. (I'm on CentOS 6, fully updated with everything else). > Is it as simple as using Yum to remove the existing one, and then simply > dropping the files in place, or are there scripts I need to run? I did > look for these kind of instructions but did not see any - forgive me if > I've missed it! ideally -- someone (experienced with CentOS) should prepare updated .rpm's and make it available from official or some other rpm repository. I wish someone experienced in CentOS/Fedora ecosystem could help with this. you could indeed just "dump" updated files in place of old ones, but that is EVIL and might have various side-effects, but I guess it might be the best way ATM for those systems. anyone to chime in with more helpful advice? -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Tony C. <to...@ev...> - 2012-12-06 19:57:15
|
Thanks for your reply. I will look into whether I could learn how to submit a CentOS package. Obviously, these Enterprise Linux distros often lag behind, for stability - but if people install the Yum package, they're definitely not getting the best version. If I can contribute, I will. In the meantime, thanks for this mailing list - I'm learning my way around fail2ban, and have written a personal WordPress plugin that writes to a log file if a comment is marked as spam; the file is monitored by a jail I've created - the reason I haven't offered this to anyone yet is that I'm dreadful with regex patterns, and I seem to have some problems with fail2ban banning IPs after 1 failure, if I open and update the log file manually (when it scans, it bans every IP even if it's less than maxretry). Once I've been able to quantify the problem, I will post it here so people can have a look and hopefully help me solve the bugs. But given that this is all running on an old version of fail2ban, that could be part of the reason I have problems :) Tony Collins On 6 December 2012 17:42, Yaroslav Halchenko <li...@on...> wrote: > > On Thu, 06 Dec 2012, Tony Collins wrote: > > > Hi Yaroslav > > > Thank you for all your work! > > > I've been using a CentOS yum package, which is still stuck in 0.8.4 > or so. > > I've modified it to take account of patches here and there. > > > But I would like to completely replace my yum version with the new > > version. (I'm on CentOS 6, fully updated with everything else). > > > Is it as simple as using Yum to remove the existing one, and then > simply > > dropping the files in place, or are there scripts I need to run? I did > > look for these kind of instructions but did not see any - forgive me > if > > I've missed it! > > ideally -- someone (experienced with CentOS) should prepare > updated .rpm's and make it available from official or some other rpm > repository. I wish someone experienced in CentOS/Fedora ecosystem > could help with this. > > you could indeed just "dump" updated files in place of old ones, but > that is EVIL and might have various side-effects, but I guess it might > be the best way ATM for those systems. anyone to chime in with more > helpful advice? > > -- > Yaroslav O. Halchenko > Postdoctoral Fellow, Department of Psychological and Brain Sciences > Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 > Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 > WWW: http://www.linkedin.com/in/yarik > > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > |
From: Arturo 'B. B. <bu...@bu...> - 2012-12-06 20:09:25
|
I'd just remove the package using yum/rpm, keep the dependencies in, then roughly follow this guide: http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Installing_from_sources_on_a_GNU.2FLinux_system On Thu, Dec 6, 2012 at 2:42 PM, Yaroslav Halchenko <li...@on...> wrote: > > On Thu, 06 Dec 2012, Tony Collins wrote: > >> Hi Yaroslav > >> Thank you for all your work! > >> I've been using a CentOS yum package, which is still stuck in 0.8.4 or so. >> I've modified it to take account of patches here and there. > >> But I would like to completely replace my yum version with the new >> version. (I'm on CentOS 6, fully updated with everything else). > >> Is it as simple as using Yum to remove the existing one, and then simply >> dropping the files in place, or are there scripts I need to run? I did >> look for these kind of instructions but did not see any - forgive me if >> I've missed it! > > ideally -- someone (experienced with CentOS) should prepare > updated .rpm's and make it available from official or some other rpm > repository. I wish someone experienced in CentOS/Fedora ecosystem > could help with this. > > you could indeed just "dump" updated files in place of old ones, but > that is EVIL and might have various side-effects, but I guess it might > be the best way ATM for those systems. anyone to chime in with more > helpful advice? > > -- > Yaroslav O. Halchenko > Postdoctoral Fellow, Department of Psychological and Brain Sciences > Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 > Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 > WWW: http://www.linkedin.com/in/yarik > > ------------------------------------------------------------------------------ > LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial > Remotely access PCs and mobile devices and provide instant support > Improve your efficiency, and focus on delivering more value-add services > Discover what IT Professionals Know. Rescue delivers > http://p.sf.net/sfu/logmein_12329d2d > _______________________________________________ > Fail2ban-users mailing list > Fai...@li... > https://lists.sourceforge.net/lists/listinfo/fail2ban-users |
From: James B. <jl...@bo...> - 2012-12-07 00:01:41
|
Upgraded from 0.8.6 to 0.8.8 on Mac OS 10.7.4. Seemed to work fine. When I start it I get: WARNING 'action' not defined in 'php-url-fopen'. Using default value WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value WARNING 'action' not defined in 'lighttpd-auth'. Using default value 2012-12-07 10:56:29,845 fail2ban.server : INFO Starting Fail2ban v0.8.8 2012-12-07 10:56:29,845 fail2ban.server : INFO Starting in daemon mode I don't use those jails, so I'm not worried, just letting you know. Thanks, James. |
From: Yaroslav H. <li...@on...> - 2012-12-07 01:13:07
|
On Fri, 07 Dec 2012, James Brown wrote: > Upgraded from 0.8.6 to 0.8.8 on Mac OS 10.7.4. Seemed to work fine. > When I start it I get: > WARNING 'action' not defined in 'php-url-fopen'. Using default value > WARNING 'action' not defined in 'lighttpd-fastcgi'. Using default value > WARNING 'action' not defined in 'lighttpd-auth'. Using default value > 2012-12-07 10:56:29,845 fail2ban.server : INFO Starting Fail2ban v0.8.8 > 2012-12-07 10:56:29,845 fail2ban.server : INFO Starting in daemon mode > I don't use those jails, so I'm not worried, just letting you know. good catch ;) indeed those jail.conf sections lack any action definition, so config file reader warns that it is not defined. it is benign but we should have at least some action defined. For 0.9.0 I will probably just switch to the jail.conf as shipped in Debian -- there sections define only customizations for the default action type or override completely: https://github.com/fail2ban/fail2ban/blob/debian/debian/jail.conf -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Yaroslav H. <li...@on...> - 2013-05-13 17:25:22
|
Hello everyone, I am delighted to announce the availability of 0.8.9 release. Below you can find the final changelog. 0.8.9-1 was uploaded to Debian unstable, and NeuroDebian (http://neuro.debian.net) so any Debian/Ubuntu people could easily upgrade it. tar/zip-balls should be provided by github: https://github.com/fail2ban/fail2ban/tags . Unfortunately there is too many of them and the only available sorting scheme is suboptimal for our case. So here would be the complete tarball https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9 straight from github. Originally targeted as a bugfix release, this release incorporated many new enhancements, few new features, and more importantly -- quite extended tests battery with current 94% coverage (from 56% of 0.8.8). Despite extensive testing now, for critical production deployment you might want to wait for a few days if no major would be found in this release. This release introduces over 200 of non-merge commits from 16 contributors (sorted by number of commits): Yaroslav Halchenko, Daniel Black, Steven Hiscocks, James Stout, Orion Poplawski, Enrico Labedzki, ArndRa, hamilton5, pigsyn, Erwan Ben Souiden, Michael Gebetsroither, Artur Penttinen, blotus, sebres, Nicolas Collignon, Pascal Borreli. Special Kudos also go to Fabian Wenk, Arturo 'Buanzo' Busleiman, Tom Hendrikx, Yehuda Katz and other TBN heroes supporting users on fail2ban-users mailing list and IRC. - Fixes: Yaroslav Halchenko * [6f4dad46] python-2.4 is the minimal version. * [1eb23cf8] do not rely on scripts being under /usr -- might differ e.g. on Fedora. Closes gh-112. Thanks to Camusensei for the bug report. * [bf4d4af1] Changes for atomic writes. Thanks to Steven Hiscocks for insight. Closes gh-103. * [ab044b75] delay check for the existence of config directory until read. * [3b4084d4] fixing up for handling of TAI64N timestamps. * [154aa38e] do not shutdown logging until all jails stop. * [f2156604] pyinotify -- monitor IN_MOVED_TO events. Closes gh-184. Thanks to Jon Foster for report and troubleshooting. Orion Poplawski * [e4aedfdc00] pyinotify - use bitwise op on masks and do not try tracking newly created directories. Nicolas Collignon * [39667ff6] Avoid leaking file descriptors. Closes gh-167. Sergey Brester * [b6bb2f88 and d17b4153] invalid date recognition, irregular because of sorting template list. Steven Hiscocks * [7a442f07] When changing log target with python2.{4,5} handle KeyError. Closes gh-147, gh-148. * [b6a68f51] Fix delaction on server side. Closes gh-124. Daniel Black * [f0610c01] Allow more that a one word command when changing and Action via the fail2ban-client. Closes gh-134. * [945ad3d9] Fix dates on email actions to work in different locals. Closes gh-70. Thanks to iGeorgeX for the idea. blotus * [96eb8986] ' and " should also be escaped in action tags Closes gh-109 Christoph Theis, Nick Hilliard, Daniel Black * [b3bd877d,cde71080] Make syslog -v and syslog -vv formats work on FreeBSD - New features: Yaroslav Halchenko * [9ba27353] Add support for jail.d/{confilefile} and fail2ban.d/{configfile} to provide additional flexibility to system adminstrators. Thanks to beilber for the idea. Closes gh-114. * [3ce53e87] Add exim filter. Erwan Ben Souiden * [d7d5228] add nagios integration documentation and script to ensure fail2ban is running. Closes gh-166. Artur Penttinen * [29d0df5] Add mysqld filter. Closes gh-152. ArndRaphael Brandes * [bba3fd8] Add Sogo filter. Closes gh-117. Michael Gebetsriother * [f9b78ba] Add action route to block at routing level. Teodor Micu & Yaroslav Halchenko * [5f2d383] Add roundcube auth filter. Closes Debian bug #699442. Daniel Black * [be06b1b] Add action for iptables-ipsets. Closes gh-102. Nick Munger, Ken Menzel, Daniel Black, Christoph Theis & Fabian Wenk * [b6d0e8a] Add and enhance the bsd-ipfw action from FreeBSD ports. Soulard Morgan * [f336d9f] Add filter for webmin. Closes gh-99. Steven Hiscocks * [..746c7d9] bash interactive shell completions for fail2ban-*'s Nick Hilliard * [0c5a9c5] Add pf action. - Enhancements: Enrico Labedzki * [24a8d07] Added new date format for ASSP SMTP Proxy. Steven Hiscocks * [3d6791f] Ensure restart of Actions after a check fails occurs consistently. Closes gh-172. * [MANY] Improvements to test cases, travis, and code coverage (coveralls). * [b36835f] Add get cinfo to fail2ban-client. Closes gh-124. * [ce3ab34] Added ability to specify PID file. Orion Poplawski * [ddebcab] Enhance fail2ban.service definition dependencies and Pidfile. Closes gh-142. Yaroslav Halchenko * [MANY] Lots of improvements to log messages, man pages and test cases. * [91d5736] Postfix filter improvements - empty helo, from and rcpt to. Closes gh-126. Bug report by Michael Heuberger. * [40c5a2d] adding more of diagnostic messages into -client while starting the daemon. * [8e63d4c] Compare against None with 'is' instead of '=='. * [6fef85f] Strip CR and LF while analyzing the log line Daniel Black * [3aeb1a9] Add jail.conf manual page. Closes gh-143. * [MANY] man page edits. * [7cd6dab] Added help command to fail2ban-client. * [c8c7b0b,23bbc60] Better logging of log file read errors. * [3665e6d] Added code coverage to development process. * [41b9f7b,32d10e9,39750b8] More complete ssh filter rules to match openssh source. Also include BSD changes. * [1d9abd1] Action files can have tags in definition that refer to other tags. * [10886e7,cec5da2,adb991a] Change actions to response with ICMP port unreachable rather than just a drop of the packet. Pascal Borreli * [a2b29b4] Fixed lots of typos in config files and documentation. hamilton5 * [7ede1e8] Update dovecot filter config. Romain Riviere * [0ac8746] Enhance named-refused filter for views. James Stout * [..2143cdf] Solaris support enhancements: - README.Solaris - failregex'es tune ups (sshd.conf) - hostsdeny: do not rely on support of '-i' in sed Thanks once again everyone who contributed to this release! -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Senior Research Associate, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Johannes W. <jwe...@we...> - 2013-05-14 09:58:04
|
Dear Yaroslav, did you tag the release? I can't find a corresponding tag to the release. I can download the code using https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9 but I can't browse the releases. Best regards, Johannes Am 13.05.2013 19:25, schrieb Yaroslav Halchenko: > Hello everyone, > > I am delighted to announce the availability of 0.8.9 release. > > Below you can find the final changelog. 0.8.9-1 was uploaded to Debian > unstable, and NeuroDebian (http://neuro.debian.net) so any Debian/Ubuntu > people could easily upgrade it. > > tar/zip-balls should be provided by github: > https://github.com/fail2ban/fail2ban/tags . Unfortunately there is too many of > them and the only available sorting scheme is suboptimal for our case. > So here would be the complete tarball > https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9 straight from > github. > > Originally targeted as a bugfix release, this release incorporated many > new enhancements, few new features, and more importantly -- quite extended > tests battery with current 94% coverage (from 56% of 0.8.8). Despite extensive > testing now, for critical production deployment you might want to wait for a > few days if no major would be found in this release. > > This release introduces over 200 of non-merge commits from 16 > contributors (sorted by number of commits): Yaroslav Halchenko, Daniel > Black, Steven Hiscocks, James Stout, Orion Poplawski, Enrico Labedzki, > ArndRa, hamilton5, pigsyn, Erwan Ben Souiden, Michael Gebetsroither, > Artur Penttinen, blotus, sebres, Nicolas Collignon, Pascal Borreli. > > Special Kudos also go to Fabian Wenk, Arturo 'Buanzo' Busleiman, Tom > Hendrikx, Yehuda Katz and other TBN heroes supporting users on > fail2ban-users mailing list and IRC. > > - Fixes: Yaroslav Halchenko > * [6f4dad46] python-2.4 is the minimal version. > * [1eb23cf8] do not rely on scripts being under /usr -- might differ e.g. > on Fedora. Closes gh-112. Thanks to Camusensei for the bug report. > * [bf4d4af1] Changes for atomic writes. Thanks to Steven Hiscocks for > insight. Closes gh-103. > * [ab044b75] delay check for the existence of config directory until read. > * [3b4084d4] fixing up for handling of TAI64N timestamps. > * [154aa38e] do not shutdown logging until all jails stop. > * [f2156604] pyinotify -- monitor IN_MOVED_TO events. Closes gh-184. > Thanks to Jon Foster for report and troubleshooting. > Orion Poplawski > * [e4aedfdc00] pyinotify - use bitwise op on masks and do not try tracking > newly created directories. > Nicolas Collignon > * [39667ff6] Avoid leaking file descriptors. Closes gh-167. > Sergey Brester > * [b6bb2f88 and d17b4153] invalid date recognition, irregular because of > sorting template list. > Steven Hiscocks > * [7a442f07] When changing log target with python2.{4,5} handle KeyError. > Closes gh-147, gh-148. > * [b6a68f51] Fix delaction on server side. Closes gh-124. > Daniel Black > * [f0610c01] Allow more that a one word command when changing and Action via > the fail2ban-client. Closes gh-134. > * [945ad3d9] Fix dates on email actions to work in different locals. Closes > gh-70. Thanks to iGeorgeX for the idea. > blotus > * [96eb8986] ' and " should also be escaped in action tags Closes gh-109 > Christoph Theis, Nick Hilliard, Daniel Black > * [b3bd877d,cde71080] Make syslog -v and syslog -vv formats work on FreeBSD > - New features: > Yaroslav Halchenko > * [9ba27353] Add support for jail.d/{confilefile} and fail2ban.d/{configfile} > to provide additional flexibility to system adminstrators. Thanks to > beilber for the idea. Closes gh-114. > * [3ce53e87] Add exim filter. > Erwan Ben Souiden > * [d7d5228] add nagios integration documentation and script to ensure > fail2ban is running. Closes gh-166. > Artur Penttinen > * [29d0df5] Add mysqld filter. Closes gh-152. > ArndRaphael Brandes > * [bba3fd8] Add Sogo filter. Closes gh-117. > Michael Gebetsriother > * [f9b78ba] Add action route to block at routing level. > Teodor Micu & Yaroslav Halchenko > * [5f2d383] Add roundcube auth filter. Closes Debian bug #699442. > Daniel Black > * [be06b1b] Add action for iptables-ipsets. Closes gh-102. > Nick Munger, Ken Menzel, Daniel Black, Christoph Theis & Fabian Wenk > * [b6d0e8a] Add and enhance the bsd-ipfw action from > FreeBSD ports. > Soulard Morgan > * [f336d9f] Add filter for webmin. Closes gh-99. > Steven Hiscocks > * [..746c7d9] bash interactive shell completions for fail2ban-*'s > Nick Hilliard > * [0c5a9c5] Add pf action. > - Enhancements: > Enrico Labedzki > * [24a8d07] Added new date format for ASSP SMTP Proxy. > Steven Hiscocks > * [3d6791f] Ensure restart of Actions after a check fails occurs > consistently. Closes gh-172. > * [MANY] Improvements to test cases, travis, and code coverage (coveralls). > * [b36835f] Add get cinfo to fail2ban-client. Closes gh-124. > * [ce3ab34] Added ability to specify PID file. > Orion Poplawski > * [ddebcab] Enhance fail2ban.service definition dependencies and Pidfile. > Closes gh-142. > Yaroslav Halchenko > * [MANY] Lots of improvements to log messages, man pages and test cases. > * [91d5736] Postfix filter improvements - empty helo, from and rcpt to. > Closes gh-126. Bug report by Michael Heuberger. > * [40c5a2d] adding more of diagnostic messages into -client while starting > the daemon. > * [8e63d4c] Compare against None with 'is' instead of '=='. > * [6fef85f] Strip CR and LF while analyzing the log line > Daniel Black > * [3aeb1a9] Add jail.conf manual page. Closes gh-143. > * [MANY] man page edits. > * [7cd6dab] Added help command to fail2ban-client. > * [c8c7b0b,23bbc60] Better logging of log file read errors. > * [3665e6d] Added code coverage to development process. > * [41b9f7b,32d10e9,39750b8] More complete ssh filter rules to match openssh > source. Also include BSD changes. > * [1d9abd1] Action files can have tags in definition that refer to other > tags. > * [10886e7,cec5da2,adb991a] Change actions to response with ICMP port > unreachable rather than just a drop of the packet. > Pascal Borreli > * [a2b29b4] Fixed lots of typos in config files and documentation. > hamilton5 > * [7ede1e8] Update dovecot filter config. > Romain Riviere > * [0ac8746] Enhance named-refused filter for views. > James Stout > * [..2143cdf] Solaris support enhancements: > - README.Solaris > - failregex'es tune ups (sshd.conf) > - hostsdeny: do not rely on support of '-i' in sed > > > Thanks once again everyone who contributed to this release! > -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna |
From: Yaroslav H. <li...@on...> - 2013-05-14 12:57:10
|
On Tue, 14 May 2013, Johannes Weberhofer wrote: > did you tag the release? I can't find a corresponding tag to the release. I can download the code using https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9 but I can't browse the releases. well -- without me pushing a tag there would be no url above, would it? ;) let's check again $> git push --tags origin Everything up-to-date yeap -- there The problem is that there is too many tags on https://github.com/fail2ban/fail2ban/tags and you could find 0.8.9 only on the 2nd page (after 0.9.0a1) Cheers, -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Senior Research Associate, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Johannes W. <jwe...@we...> - 2013-05-14 15:03:45
|
Am 14.05.2013 14:57, schrieb Yaroslav Halchenko: > > On Tue, 14 May 2013, Johannes Weberhofer wrote: >> did you tag the release? I can't find a corresponding tag to the release. I can download the code using https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.8.9 but I can't browse the releases. > > well -- without me pushing a tag there would be no url above, would it? ;) > > let's check again > > $> git push --tags origin > Everything up-to-date > > yeap -- there > > The problem is that there is too many tags on > https://github.com/fail2ban/fail2ban/tags and you could find 0.8.9 only on the > 2nd page (after 0.9.0a1) > > Cheers, > Thank you, I've found it. The problem here is, that all the debian-tags are ordered in front of the number-only tags; when the releases would be named "fail2ban-VERSION", those would possibly be sorted in the front because the sort-order seem to be Z-A9-0. Best regards, Johannes -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna |
From: Yaroslav H. <li...@on...> - 2013-05-14 15:39:11
|
On Tue, 14 May 2013, Johannes Weberhofer wrote: > The problem here is, that all the debian-tags are ordered in front of the number-only tags; when the releases would be named "fail2ban-VERSION", those would possibly be sorted in the front because the sort-order seem to be Z-A9-0. yeah... and I know some projects using NAME-VERSION tag convention (IIRC ipython) but in general it is rare and sdist/ would still sort before fail2ban-*, so would not help on its own alternatively I could just wipe out all the sdist/ and debian/ tags and keep them in my clone but not sure if eventually they would not leak again yesterday I also sent a support request to github -- if they had sorting (e.g. by tag date) -- it could be also very logical and would pretty much resolve the issue. -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Senior Research Associate, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |
From: Johannes W. <jwe...@we...> - 2013-05-14 15:46:57
|
Am 14.05.2013 17:39, schrieb Yaroslav Halchenko: > yesterday I also sent a support request to github -- if they had sorting > (e.g. by tag date) -- it could be also very logical and would pretty > much resolve the issue. That's an good idea! -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna |
From: Johannes W. <jwe...@we...> - 2013-07-03 13:41:39
|
Am 14.05.2013 17:39, schrieb Yaroslav Halchenko: > > On Tue, 14 May 2013, Johannes Weberhofer wrote: >> The problem here is, that all the debian-tags are ordered in front of the number-only tags; when the releases would be named "fail2ban-VERSION", those would possibly be sorted in the front because the sort-order seem to be Z-A9-0. > > yeah... and I know some projects using NAME-VERSION tag convention (IIRC > ipython) but in general it is rare > > > and sdist/ would still sort before fail2ban-*, so would not help on its > own > > alternatively I could just wipe out all the sdist/ and debian/ tags and > keep them in my clone but not sure if eventually they would not leak > again > > yesterday I also sent a support request to github -- if they had sorting > (e.g. by tag date) -- it could be also very logical and would pretty > much resolve the issue. > Dear Yaroslav, have a look on the new github-feature "releases". It's documented at https://help.github.com/categories/85/articles Best regards, Johannes -- Johannes Weberhofer Weberhofer GmbH, Austria, Vienna |
From: Yaroslav H. <li...@on...> - 2013-07-03 14:29:11
|
On Wed, 03 Jul 2013, Johannes Weberhofer wrote: > > yesterday I also sent a support request to github -- if they had sorting > > (e.g. by tag date) -- it could be also very logical and would pretty > > much resolve the issue. > Dear Yaroslav, > have a look on the new github-feature "releases". It's documented at https://help.github.com/categories/85/articles ha -- new feature -- thanks Johannes. I have added changelogs for the latest few releases. and adjusted http://www.fail2ban.org/wiki/index.php/Downloads to point there instead of /tags Cheers -- Yaroslav O. Halchenko, Ph.D. http://neuro.debian.net http://www.pymvpa.org http://www.fail2ban.org Senior Research Associate, Psychological and Brain Sciences Dept. Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik |