[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted fail2ban 0.8.0-4~bpo31+1 (source all)

Hash: SHA1

Format: 1.7
Date: Thu, 23 Aug 2007 14:02:26 +0200
Source: fail2ban
Binary: fail2ban
Architecture: source all
Version: 0.8.0-4~bpo31+1
Distribution: sarge-backports
Urgency: low
Maintainer: Yaroslav Halchenko <debian@onerussian.com>
Changed-By: Jan Wagner <waja@cyconet.org>
 fail2ban   - bans IPs that cause multiple authentication errors
Closes: 323451 323543 323840 329163 329304 329722 330311 330827 331695 333056 334272 336449 337223 339133 342144 343821 347766 350746 352053 354346 355443 356112 357164 358810 359218 363391 364278 366307 366687 367990 368218 369483 370095 373592 377711 382403 396668 397878 397878 398146 398739 400162 400278 402350 404060 404487 404921 407561 422655 425746 426050 429263
 fail2ban (0.8.0-4~bpo31+1) sarge-backports; urgency=low
   * rebuild for sarge
   * added dh_python to rules and removed dh_pycentral
   * removed python-central from Depends-Indep and added python2.3-dev to
 fail2ban (0.8.0-4) unstable; urgency=low
   * Moved <HOST> expansion into regex.py (closes: #429263). Thanks James
   * Added optional regexp entry for process PID in some entries (closes:
     #426050). Thanks Roderick Schertler.
   * Added a filter pam_generic to catch any login errors.
   * Added iptables-allports.
   * Use /var/run to keep socket file (closes: #425746)
   * Added a filter for named to catch refused/denied queries
   * Added new time template matching named log entries
   * jail.conf has specification of protocol (default to tcp) to be provided to
   * Adjusted failregex for sshd filter:
     - anchored properly at the end of line, and source code has .examples
       files to perform testing of the rules.
     - added new explicit rule for users not in the AllowUsers lists
 fail2ban (0.8.0-2) unstable; urgency=low
   * Manually changing the order of debhelper inserted scripts in prerm
     (Closes: #422655)
   * Removed obsolete hack to have /bin/env invocation of python for
     fail2ban-* scripts
   * Applied changes submitted by Bernd Zeimetz (thanks Bernd):
     - Removed obsolete Build-Depends-Indep on help2man, python-dev
     - Explicit removal of *.pyc files compiled during build
     - Invoke 'python setup.py clean' in clean target, which required also
       to move python into Build-Depends
   * Minor clean up of debian/rules
 fail2ban (0.8.0-1) unstable; urgency=low
   * New stable upstream release
 fail2ban (0.7.9-1) unstable; urgency=low
   * New upstream release
   * Updated copyright to include current year
   * Removed patches absorbed upstream
 fail2ban (0.7.8-1) unstable; urgency=low
   * New upstream release
   * Applied post-release upstream changes to resolve issues with
    - Fix to close opened handlers to log file
    - Tentative incomplete gamin fix
    - Fix to "reload" bug
 fail2ban (0.7.7-1) unstable; urgency=low
   * New upstream release (included most of the debian-provided patches -- new
     filters and actions)
   * Refreshed and made verbatim homepage in description
 fail2ban (0.7.6-3) unstable; urgency=low
   * Synchronized action.d/iptables-* rules from upstream SVN (closes:
   * Minor: options renames in the comments to be in sync with upstream
   * Use /usr/bin/python interpreter instead of wrapped call to python by
 fail2ban (0.7.6-2) unstable; urgency=low
   * iptables-multiport is default action to take since Debian kernel arrives
     with multiport module. That is to address the fact that most services
     listen on multiple port (for encrypted and non-encrypted connections)
   * Added [courierauth] jail (First 2 items are to partially address #407404
 fail2ban (0.7.6-1) unstable; urgency=low
   * New upstream release, which incorporates fixes introduced in 3~pre
     non-released versions (which were suggested to the users to overcome
     problems reported in bug reports). In particular attention should be paid
     to upstream changelog entries
     - Several "failregex" and "ignoreregex" are now accepted.
       Creation of rules should be easier now.
       This is an alternative solution to 'multiple <HOST>' entries fix,
       which is not applied to this shipped version - pay caution if upgrading
       from 0.7.5-3~pre?
     - Allow comma in action options. The value of the option must
       be escaped with " or '.
       That allowed to implement requested ability to ban multiple ports
       at once (See 373592). README.Debian and jail.conf adjusted to reflect
       possible use of iptables-mport
     - Now Fail2ban goes in /usr/share/fail2ban instead of
       /usr/lib/fail2ban. This is more compliant with FHS.
       Patch 00_share_insteadof_lib no longer applied
   * Refactored installed by debian package jail.conf:
     - Added option banaction which is to incorporate banning agent
       (usually some flavor of iptables rule), which can then be easily
       overriden globally or per section
     - Multiple actions are defined as action_* to serve as shortcuts
   * Initd script was modified to inform about present socket file which
     would forbid fail2ban-server from starting
   * Adjusted default log file for postfix to be /var/log/mail.log
     (Closes: #404921)
 fail2ban (0.7.5-3~pre6) unstable; urgency=low
   * Fail2ban now bans vsftpd logins (corrected logfile path and failregex)
     (Closes: #404060)
   * Made fail2ban-server tollerate multiple <HOST> entries in failregex
   * Moved call to dh_pycentral before dh_installinit
   * Removed unnecessary call of dh_shlibdeps
   * Added filter ssh-ddos to fight DDOS attacks. Must be used with caution
     if there is a possibility of valid clients accessing through
     unreliable connection or faulty firewall (Closes: #404487)
   * Not applying patch any more for rigid python2.4 - it is default now in
   * Moving waiting loop for fail2ban-server to stop under do_stop
     function, so it gets invoked by both 'restart' and 'stop' commands
   * do_status action of init script is now using 'fail2ban-client ping'
     instead of '... status' since we don't really use returned status
     information, besides the return error code
 fail2ban (0.7.5-2) unstable; urgency=low
   * NEWS.Debian confusions - the latest NEWS entry and postinst message were
     rephrased (Closes: #402350)
   * Added mail-whois-lines action, which emails log lines containing abuser
     IP. Those lines are often required for proper abuse reports sent to the
     Internet providers.  Forwarding of such received emails to the email
     addresses of abuse departments present in the output of whois is a
     tentative solution for semi-automatic abuse reporting (Closes: #358810)
 fail2ban (0.7.5-1) unstable; urgency=low
   * New upstream release which fixes next issues
    + Socket parameter not work with other path (Closes: #400162)
    + fail2ban does not start with /etc/init.d/fail2ban start but
      with fail2ban-client start (Closes: #400278)
   * Removed obsolete patches left from 0.6
   * Adjusted wsftpd patch to use <HOST> tag to be in line with the other
     filter definitions
 fail2ban (0.7.4-5) unstable; urgency=low
   * Added Suggests on mailx and relevant comments in README.Debian about
     invoking mail actions (closes: #396668)
   * Removed obsolete entries in TODO and README
   * README.Debian describes the use of interpolations vs parameters passed
     from jail.{conf,local} into an action definitions (closes:
   * Initial version of postfix filter has been present in 0.7 (closes:
   * Removed Uploaded field from control since I am a DD now. Big thanks to
     Barak Pearlmutter for being the sponsor of my packages for few years.
 fail2ban (0.7.4-4) unstable; urgency=low
   * Added debian/backports to contain patches necessary for backporting. It
     gets used by pbuilder-ssh to create package for backports.org
 fail2ban (0.7.4-3) unstable; urgency=low
   * Reincarnated logrotate configuration (Closes: #397878)
   * Only block new connects by using a new action iptables-new instead of
     iptables (Closes: #350746)
   * Updated README.Debian to reflect transition over to 0.7 branch and to
     comment on 350746
   * "Clean" target removes generated .pyc files now (Closes: #398146)
   * Cleaned up debian/rules a bit
 fail2ban (0.7.4-2) unstable; urgency=low
   * Added reload/force-reload actions to init script
   * Adjusted jail.conf a bit
   * Warning NEWS entry for 0.7.1 was not shown during installation on test
     boxes, thus postinst was adjusted accordingly to inform the user about the
     changes in the configuration files since 0.6.
   * no logrotation anymore? (Closes: #397878)
 fail2ban (0.7.4-1) experimental; urgency=low
   * New upstream release
 fail2ban (0.7.4~pre20061023.2-3) experimental; urgency=low
   * Corrected init.d script to properly perform restart due to server delay to
     react to client command to stop. Handling of status was adjusted as well
 fail2ban (0.7.4~pre20061023.2-2) experimental; urgency=low
   * Added apache-noscript to jail.conf
   * Default action does not send emails to be inline with previous (0.6.x)
 fail2ban (0.7.4~pre20061023.2-1) experimental; urgency=low
   * Fresh upstream: fixed a bug with not handling error producing
     actioncheck call
 fail2ban (0.7.4~pre2006102-1) experimental; urgency=low
   * Currrent snapshot of trunk
   * Removed outdated (applied in 0.7.4 or specific for 0.6.?) patches
     from debian/patches
   * Adjusted rule to install man pages -- only .1 files since there are also
     h2m sources
   * debian/{rules,control} adjusted to conform all points in recent python
     policy changes
   * install under /usr/share instead of /usr/lib
 fail2ban (0.7.3-2) experimental; urgency=low
   * Added wuftpd section
 fail2ban (0.7.3-1) experimental; urgency=low
   * New upstream release
   * Debian shipped jail.conf
   * Refreshen init.d script
 fail2ban (0.7.1-0.2) experimental; urgency=low
   * New upstream release (closes: #370095,#366307)
 fail2ban (0.6.1-11) unstable; urgency=low
   * Adjusted manpage for fail2ban.conf to point to shipped examples of
     configuration files as the source of details about available configuration
     options (closes: #382403)
   * Changes in man/fail2ban.conf.5 are managed via dpatch now
 fail2ban (0.6.1-10) unstable; urgency=low
   * Adjusted to comply with recent changes in debian python policy and use
     pycentral to byte compile modules
   * Filtered out empty entries for ignoreip to reduce confusing WARNING log
   * Added configuration parameter "locale" to specify LC_TIME for time
     pattern matching (closes: #367990,363391)
   * Verbosity is chosen to be max between cmdline parameters and config file
 fail2ban (0.6.1-9) unstable; urgency=low
   * Adjusted rm commands in init script to don't use -r for removal of
     the pidfile (thanks Stephen Gran)
   * Added clarification about multiport banning to README.Debian
     (closes: #373592)
 fail2ban (0.6.1-8) unstable; urgency=low
   * Removed bashism (arrays) from init.d script to make it POSIX shell
     complient (closes: #368218)
   * Added new proftpd section
   * Added new saslauthd section. Thanks to martin f krafft
     <madduck@debian.org> (closes: #369483)
   * Mentioned apache2 log file in Other. comment field for FILE in
     apache section.  Nothing has to be changed besides the logfile path to
     work with apache2 (closes: #342144)
 fail2ban (0.6.1-5) unstable; urgency=low
   * Further fixed debian packaging: to comply with policy empty target
     binary-arch was provided
 fail2ban (0.6.1-4) unstable; urgency=low
   * Adjusted debian packaging:
     - Clean up of debian/rules: removed commented out dh_ scripts which
       definetly will never be used
     - debhelper and dpatch moved to Build-Depends
     - added --no-compile for python setup.py install, and removed explicit
       cleaning of .pyc's
     - fixed separation binary-indep and binary-arch in debian/rules
     - restricted depends on python >= 2.3
 fail2ban (0.6.1-3) unstable; urgency=low
   * Fixed vsftpd failregexp (closes: #366687)
   * Started to use dpatch
 fail2ban (0.6.1-2) unstable; urgency=low
   * Assigned maxreinits to 1000 to be reasonable since otherwise logfile grows
     indefinetly if there is a real problem on the system (closes: #359218)
   * Adjusted debian/{copyright,watch}
   * New version of init.d script (Thanks to Aaron Isotton) (closes: #364278)
 fail2ban (0.6.1-1) unstable; urgency=low
   * New upstream release
   * In config file added fwchain to ease switching to another input chain
     (closes: #357164)
 fail2ban (0.6.0-8) unstable; urgency=low
   * Minor adjustments to reduce the deviation from the upstream code
 fail2ban (0.6.0-7) unstable; urgency=low
   * Fixed a typo in failregex for SSH section (closes: #356112)
 fail2ban (0.6.0-6) unstable; urgency=low
   * Updated README.Debian with information about some cases with
     not-as-shipped configurations of sshd on the boxes running older versions
     of openssh server
   * Included regexps for SSH in case iff authentication as root using keys was
     attempted whenever PermitRootLogin is set to something else than "yes" and
     key authentication fails
   * Included postrm script to remove log files during purge to comply with
     policy 10.8 (closes: #355443)
 fail2ban (0.6.0-5) unstable; urgency=low
   * Fixed Apache section: changed filepath to point at error.log, thus I had
     to revert timeregex and timepattern to user RFC 2822 format (closes:
 fail2ban (0.6.0-4) unstable; urgency=low
   * Modifications in README.Debian to reflect a "finding" on
     not-AllowedUsers banning which requires default Debian configuration
     of "ChallengeResponseAuthentication no" and "PasswordAuthentication
   * Fixed Apache timeregex and timepattern to confirm
     the fomat of time stamp used in Debian's acccess.log (error.log uses
     RFC 2822 format)
   * Added section ApacheAttacks to specify some common patterns of attacks on
     a webserver (awstats.pl as a try). This section stays split from Apache
     since it is of different nature and might be not appropriate for some
   * Forced owner/permissions of log file to be root:adm/640 in postinst and
     logrotate (closes: #352053)
 fail2ban (0.6.0-3) unstable; urgency=low
   * ignoreip is now empty by default (closes: #347766)
   * increased verbosity in verbose=2 mode: now prints options accepted
     from the config file
   * to make fail2ban.conf more compact, thus to improve its readability,
     fail2ban.conf was converted to use "interpolations" provided by
     ConfigParser class. fw{start,end,{,un}ban} options were moved into
     DEFAULT section and required options (port, protocol) were added
 fail2ban (0.6.0-2) unstable; urgency=low
   * fail2ban path is inserted first in the list to avoid a conflict with
     existing elsewhere modules with the same names. (Thanks for report and
     patch to Nick Craig-Wood) (closes: #343821)
 fail2ban (0.6.0-1) unstable; urgency=low
   * Merged with the latest stable upstream release. That incure some
     changes for the Debian configuration of the package to be more
     upstream-like. Visible one is: subject in the sent email includes
     section outside of "[Fail2Ban]"
   * Updated README.Debian to answer possible question regarding effective
     bantime starting moment
 fail2ban (0.5.4-10) unstable; urgency=low
   * Fixed the order of ssh and apache rules to avoid possible race
     condition (Thanks to Jefferson Cowart for the bug report) (closes:
 fail2ban (0.5.4-9) unstable; urgency=low
   * Fixed init.d script so it doesn't return non-0 status if fail2ban is not
     running. That fixes issues with purging the package and leaving garbage in
     /usr/share/fail2ban (Thanx to Justin Pryzby for the insight)
     (closes: #337223)
 fail2ban (0.5.4-8) unstable; urgency=low
   * Added config option MAIL.localtime (closes: #336449)
 fail2ban (0.5.4-7) unstable; urgency=low
   * Adjusted init.d script so it is resistant to delayed shutdowns of
     fail2ban and in general more stable
 fail2ban (0.5.4-6.2) unstable; urgency=low
   * Fixed typos (thanx to Ross Boylan).
   * Robust startup: if iptables module gets fully initialized after
     startup of fail2ban, fail2ban will do "maxreinit" attempts to
     initialize its own firewall. It will sleep between attempts for
     "polltime" number of seconds (closes: #334272).
   * To overcome possible conflict with other firewall solutions and as a
     secondary solution for the bug 334272, fail2ban startup is moved
     during bootup to the latest (S99) sequenece position. That should not
     cause any discomfort I believe.
 fail2ban (0.5.4-5.14) unstable; urgency=low
   * Added a notification regarding the importance of 0.5.4-5 change of
     failregex in the config file.
   * Adjusted address to FSF.
   * Adjusted failregex for SSH so it bans "Illegal user" entries as well, and
     restricted full failregex more to include ":" at the beginning, because
     otherwise it might not be sufficient and would revive bug 330827 (closes:
   * Adjusted failregex for SSH to accommodate recent changes in logging of
     SSH: Illegal -> Invalid. Should match both now.
   * Fixed a problem of raise AttributeError exception reported as a side
     effect of crash during parsing of the config file.
   * Introduced fwcheck option to verify consistency of the
     chains. Implemented automatic restart of fail2ban main function in
     case check of fwban or fwunban command failed (closes: #329163, #331695).
     (Introduced patch was further adjusted by upstream author).
   * Added -f command line parameter for [findtime].
   * Fixed the issue of not respecting command line parameters for parameters
     within sections.
   * Added -e command line parameter to provide enabled sections from command
   * Added a cleanup of firewall rules on emergency shutdown when unknown
     exception is catched.
   * Fail2ban should not crash now if a wrong file name is specified in
 fail2ban (0.5.4-5) unstable; urgency=low
   * Made failregex'es more specific to don't allow usernames to be used as a
     tool for denial of service attacks. Config files (or at least
     failregex'es) must be updated from this package, otherwise the security
     breach would remain open and only warning gets issued (closes: #330827)
 fail2ban (0.5.4-4) unstable; urgency=low
   * On a request from Calum Mackay added reporting of the enabled sections
 fail2ban (0.5.4-3) unstable; urgency=low
   * Resolved the mystery of debug mode in which commands are not really
     executed: added verbose option to config file, removed -v from
     /etc/default/fail2ban, reordered code a bit so that log targets are
     setup right after background and then only loglevel (verbose,debug) is
     processed, so the warning could be seen in the logs
 fail2ban (0.5.4-2) unstable; urgency=low
   * Now exporting PATH explicitely in init.d/fail2ban script, to avoid
     problems finding iptables in the cases when PATH was not exported outside
     (cfengine, broken shell environment) (closes: #329304)
   * Removed -b from start-stop-daemon because fail2ban detahes on its own
   * Added @localhost to MAIL:from and MAIL:to in fail2ban.conf and placed
     a note to README.Debian regarding necessity to specify full email
     address in MAIL:from (closes: #329722)
   * Added a keyword <section> in parsing of the subject and the body of an
     email sent out by fail2ban (closes: #330311)
 fail2ban (0.5.4-1) unstable; urgency=low
   * New upstream release
 fail2ban (0.5.3-2) unstable; urgency=low
   * Refined comments in README.Debian
   * Reindented init.d script
   P.S. Was not released
 fail2ban (0.5.3-1) unstable; urgency=low
   * New upstream release
 fail2ban (0.5.2-5) unstable; urgency=low
   * Included a patch from Stephen Gildea to provide "status" report by
     init.d script
   * Included a note in README.Debian regarding the fail2ban iptable's
 fail2ban (0.5.2-4) unstable; urgency=low
   * Format of SYSLOG entries is up to the standard now
 fail2ban (0.5.2-3) unstable; urgency=low
   * Fixed errata in /etc/default/fail2ban (closes: #323451)
   * Fixed handling of SYSLOG logging target. Now it can log to any syslog
     target and facility as directed by the config (revisions 160:166 patch
     from syslog branch) (closes: #323543)
   * Included upstream README and TODO
   * Mentioned in README.Debian that apache section is disabled by default
   * Adjusted man pages to cross-reference each other
   * Moved fail2ban man page under section 8 as in upstream
   * Introduced findtime configuration variable to control the lifetime
     of caught "failed" log entries (closes: #323840)
 fail2ban (0.5.2-2) unstable; urgency=low
   * Updated description to reflect flexibility in application of fail2ban
   * Included logrotate (Thanks to Baruch Even)
 fail2ban (0.5.2-1) unstable; urgency=low
   * New upstream release
   * No log4py any more
   * removed -i eth0 from config
 fail2ban (0.5.1-1) unstable; urgency=low
   * New upstream release
 fail2ban (0.5.0-1) unstable; urgency=low
   * New upstream release
   * Libraries placed under /usr/share/fail2ban instead of /usr/lib/fail2ban
   * Corrections to the description of the package
 fail2ban (0.4.1-1) unstable; urgency=low
   * First upstream release of a Debian package
 cffce0a3b4524aafda874cb2bebae910 697 net optional fail2ban_0.8.0-4~bpo31+1.dsc
 201aa995edfa0b892bb959010c316d02 65610 net optional fail2ban_0.8.0.orig.tar.gz
 371dc805815ef663b36623832cf1c947 25550 net optional fail2ban_0.8.0-4~bpo31+1.diff.gz
 8d65e9d1654ca5b5c7311a026db2dbed 75022 net optional fail2ban_0.8.0-4~bpo31+1_all.deb

Version: GnuPG v1.4.6 (GNU/Linux)


  to pool/main/f/fail2ban/fail2ban_0.8.0-4~bpo31+1.diff.gz
  to pool/main/f/fail2ban/fail2ban_0.8.0-4~bpo31+1.dsc
  to pool/main/f/fail2ban/fail2ban_0.8.0-4~bpo31+1_all.deb

Reply to: