From: Daniel Black <daniel.subs@in...> - 2014-01-18 11:32:08
On 01/18/2014 10:05 PM, Dudi Goldenberg wrote:
> This produces a 404.
Could have some access control on it. The ugly cut-and-paste version:
Log rotation can now occur with the command "flushlogs" rather than
reloading fail2ban or keeping the logtarget settings consistent in
jail.conf/local and /etc/logrotate.d/fail2ban. (Debian bug #697333,
Redhat bug #891798).
Added ignorecommand option for allowing dynamic determination as to
ignore and IP or not.
Remove indentation of name and loglevel while logging to SYSLOG to
resolve syslog(-ng) parsing problems. (Debian bug #730202). Log lines
now also report "[PID]" after the name portion too.
Epoch dates can now be enclosed within 
apache-noscript now includes php cgi scripts
exim-spam filter to match spamassassin log entry for option SAdevnull.
Added to sshd filter expression for "Received disconnect from : 3: Auth
Improved ACL-handling for Asterisk
Added improper command pipelining to postfix filter.
Added lots of jail.conf entries for missing filters that creaped in over
the last year.
synchat changed to use push method which verifies whether all data was
send. This ensures that all data is sent before closing the connection.
Fixed python 2.4 compatibility (as sub-second in date patterns weren't
Complain/email actions fixed to only include relevant IPs to reporting
Added HTTP referrer bit of the apache access log to the apache filters.
Apache 2.4 perfork regexes fixed
Kernel syslog expression can have leading spaces
allow for ",milliseconds" in the custom date format of proftpd.log
recidive jail to block all protocols
smtps not a IANA standard so may be missing from /etc/services. Due to
(still) common use 465 has been used as the explicit port number
Filter dovecot reordered session and TLS items in regex with wider scope
for session characters
Ugly Fixes (Potentially incompatible changes):
Unfortunately at the end of last release when the action
firewall-cmd-direct-new was added it was too long and had a broken
action check. The action was renamed to firewallcmd-new to fit within
jail name name length. (#395).
Last release added mysqld-syslog-iptables as a jail configuration. This
jailname was too long and it has been renamed to mysqld-syslog.