You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fix dnsToIp resolver for fqdn with large list of IPs (gh-1164)
filter.d/apache-badbots.conf
Updated useragent string regex adding escape for +
filter.d/mysqld-auth.conf
Updated "Access denied ..." regex for MySQL 5.6 and later (gh-1211, gh-1332)
filter.d/sshd.conf
Updated "Auth fail" regex for OpenSSH 5.9 and later
Treat failed and killed execution of commands identically (only
different log messages), which addresses different behavior on different
exit codes of dash and bash (gh-1155)
Fixed default banaction for allports jails like pam-generic, recidive, etc
with new default variable banaction_allports (gh-1216)
Fixed fail2ban-regex stops working on invalid (wrong encoded) character
for python version < 3.x (gh-1248)
Use postfix_log logpath for postfix-rbl jail
filters.d/postfix.conf - add 'Sender address rejected: Domain not found' failregex
use fail2ban_agent as user-agent in actions badips, blocklist_de, etc (gh-1271)
Fix ignoring the sender option by action_mw, action_mwl and action_c_mwl
Changed filter.d/asterisk regex for "Call from ..." (few vulnerable now)
Removed compression and rotation count from logrotate (inherit them from
the global logrotate config)
New Features:
New interpolation feature for definition config readers - <known/parameter>
(means last known init definition of filters or actions with name parameter).
This interpolation makes possible to extend a parameters of stock filter or
action directly in jail inside jail.local file, without creating a separately
filter.d/*.local file.
As extension to interpolation %(known/parameter)s, that does not works for
filter and action init parameters
New actions:
nftables-multiport and nftables-allports - filtering using nftables
framework. Note: it requires a pre-existing chain for the filtering rule.
New filters:
openhab - domotic software authentication failure with the
rest api and web interface (gh-1223)
nginx-limit-req - ban hosts, that were failed through nginx by limit
request processing rate (ngx_http_limit_req_module)
murmur - ban hosts that repeatedly attempt to connect to
murmur/mumble-server with an invalid server password or certificate.
haproxy-http-auth - filter to match failed HTTP Authentications against a
HAProxy server
New jails:
murmur - bans TCP and UDP from the bad host on the default murmur port.
sshd filter got new failregex to match "maximum authentication
attempts exceeded" (introduced in openssh 6.8)
Added filter for Mac OS screen sharing (VNC) daemon
Added openSUSE path configuration (Thanks Johannes Weberhofer)
Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197)
Added a timeout (3 sec) to urlopen within badips.py action
(Thanks M. Maraun)
Added check against atacker's Googlebot PTR fake records
(Thanks Pablo Rodriguez Fernandez)
Enhance filter against atacker's Googlebot PTR fake records
(gh-1226)
Nginx log paths extended (prefixed with "*" wildcard) (gh-1237)
Added filter for openhab domotic software authentication failure with the
rest api and web interface (gh-1223)
Add *_backend options for services to allow distros to set the default
backend per service, set default to systemd for Fedora as appropriate
Performance improvements while monitoring large number of files (gh-1265).
Use associative array (dict) for monitored log files to speed up lookup
operations. Thanks @kshetragia
Specified that fail2ban is PartOf iptables.service firewalld.service in
.service file -- would reload fail2ban if those services are restarted
Provides new default fail2ban_version and interpolation variable fail2ban_agent in jail.conf
Enhance filter 'postfix' to ban incoming SMTP client with no fqdn hostname,
and to support multiple instances of postfix having varying suffix (gh-1331)
(Thanks Tom Hendrikx)
files/gentoo-initd to use start-stop-daemon to robustify restarting the service