Revisions of fail2ban
buildservice-autocommit
accepted
request 762815
from
Dominique Leuenberger (dimstar)
(revision 99)
baserev update by copy to link target
Dominique Leuenberger (dimstar)
accepted
request 762228
from
Dominique Leuenberger (dimstar)
(revision 98)
- Switch to use python3 (upstream supported): + BuildRequire python3-tools instead of python-devel (for the 2to3 tool). + Drop the python-gamin dependency. + Replace all python-FOO deps for their python3-FOO counterpart. - removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2 - fail2ban-0.10.4-upstream-pid-file-location.patch changed fail2ban unit file
buildservice-autocommit
accepted
request 722644
from
Johannes Weberhofer (weberho)
(revision 97)
baserev update by copy to link target
Johannes Weberhofer (weberho)
accepted
request 722640
from
Johannes Weberhofer (weberho)
(revision 96)
- Added fail2ban-0.10.4-env-script-interpreter.patch to define interpreter - removal of SuSEfirewall2-fail2ban for factory versions since SuSEfirewall2 will be removed from Factory (see sr#713247): * fail2ban-opensuse-service.patch: removed references to SuSEfirewall2 service * fail2ban-opensuse-service-sfw.patch: use references to SuSEfirewall2 only for older distributions * Removed installation recommendation of the SuSEfirewall2-fail2ban package for all distributions as it is deprecated. - fail2ban-0.10.4-upstream-pid-file-location.patch changed fail2ban unit file location (boo#1145181, gh#fail2ban/fail2ban#2474)
buildservice-autocommit
accepted
request 709174
from
Johannes Weberhofer (weberho)
(revision 95)
baserev update by copy to link target
Johannes Weberhofer (weberho)
accepted
request 709167
from
Dominique Leuenberger (dimstar)
(revision 94)
Allow OBS to pick better candidates to shorten rebuild queues
buildservice-autocommit
accepted
request 677464
from
Johannes Weberhofer (weberho)
(revision 93)
baserev update by copy to link target
Johannes Weberhofer (weberho)
accepted
request 676713
from
Christian Wittmer (computersalat)
(revision 92)
Update to 0.10.4
buildservice-autocommit
accepted
request 599594
from
Johannes Weberhofer (weberho)
(revision 91)
baserev update by copy to link target
Johannes Weberhofer (weberho)
accepted
request 599593
from
Johannes Weberhofer (weberho)
(revision 90)
- Updated to version 0.10.3.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3.1/ChangeLog * fixed JSON serialization for the set-object within dump into database (gh-2103). - Updated to version 0.10.3. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.3/ChangeLog - Fixes * `filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060); * `filter.d/exim.conf`: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048); * `filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069; * `filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` : - fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064); * `filter.d/sshd.conf`: - failregex got an optional space in order to match new log-format (see gh-2061); - fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062); - fixed root login refused regex (optional port before preauth, gh-2080); - avoid banning of legitimate users when pam_unix used in combination with other password method, so bypass pam_unix failures if accepted available for this user gh-2070; - amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly); - mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it counts failure on closing connection within preauth-stage (gh-2085); * `action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101); * `action.d/badips.py`: implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059); * `action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066); * (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054); - New Features * several stability and performance optimizations, more effective filter parsing, etc; * stable runnable within python versions 3.6 (as well as within 3.7-dev); - Enhancements * `filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097); * `filter.d/apache-noscript.conf`: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073); * date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029); * possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038); the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line, e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line. * badips.py now uses https instead of plain http when requesting badips.com (gh-2057); * add support for "any" badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056); * Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG): Usage `logtarget = target[padding=on|off]`
buildservice-autocommit
accepted
request 578362
from
Johannes Weberhofer (weberho)
(revision 89)
baserev update by copy to link target
Johannes Weberhofer (weberho)
committed
(revision 88)
Johannes Weberhofer (weberho)
accepted
request 578297
from
Johannes Weberhofer (weberho)
(revision 87)
- Updated to version 0.10.2. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog - rebased patch
buildservice-autocommit
accepted
request 544894
from
Johannes Weberhofer (weberho)
(revision 86)
baserev update by copy to link target
Johannes Weberhofer (weberho)
accepted
request 544725
from
Richard Brown (RBrownSUSE)
(revision 85)
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
buildservice-autocommit
accepted
request 537301
from
Factory Maintainer (factory-maintainer)
(revision 84)
baserev update by copy to link target
Johannes Weberhofer (weberho)
accepted
request 536273
from
Johannes Weberhofer (weberho)
(revision 83)
- Updated to version 0.10.1. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10/ChangeLog - Removed 607568f.patch and 1783.patch - New features: * IPv6 support - IP addresses are now handled as objects rather than strings capable for handling both address types IPv4 and IPv6 - iptables related actions have been amended to support IPv6 specific actions additionally - hostsdeny and route actions have been tested to be aware of v4 and v6 already - pf action for *BSD systems has been improved and supports now also v4 and v6 - name resolution is now working for either address type - new conditional section functionality used in config resp. includes: - [Init?family=inet4] - IPv4 qualified hosts only - [Init?family=inet6] - IPv6 qualified hosts only * Reporting via abuseipdb.com - Bans can now be reported to abuseipdb - Catagories must be set in the config - Relevant log lines included in report * Several commands extended and new commands introduced * Implemented execution of `actionstart` on demand * nftables actions are IPv6-capable now * Introduced new filter option `prefregex` for pre-filtering using single regular expression * Many times faster because of several optimizations * Several filters optimized * Introduced new jail option "ignoreself" - Lots of fixes and internal improvements - Incompatibitilities: * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always your own capture-group (like below `_cond_ip_`) to do this. ``` testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" ``` - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `<F-*>` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now.
buildservice-autocommit
accepted
request 506342
from
Johannes Weberhofer (weberho)
(revision 82)
baserev update by copy to link target
Johannes Weberhofer (weberho)
accepted
request 506341
from
Johannes Weberhofer (weberho)
(revision 81)
- added 1783.patch from upstream: "Updated roundcube authentication filter" - use tmpfiles_create macro
buildservice-autocommit
accepted
request 495374
from
Johannes Weberhofer (weberho)
(revision 80)
baserev update by copy to link target
Displaying revisions 21 - 40 of 119