Bans IP addresses that make too many authentication failures
Fail2ban scans log files like /var/log/messages and bans IP addresses
that makes too many password failures. It updates firewall rules to
reject the IP address, can send e-mails, or set host.deny entries.
These rules can be defined by the user. Fail2Ban can read multiple log
files such as sshd or Apache web server ones.
- Developed at security
- Sources inherited from project openSUSE:Factory
-
5
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:PowerPC/fail2ban && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
f2b-restart.conf | 0000000163 163 Bytes | |
fail2ban-0.10.2.tar.gz | 0000474624 464 KB | |
fail2ban-disable-iptables-w-option.patch | 0000000855 855 Bytes | |
fail2ban-opensuse-locations.patch | 0000001158 1.13 KB | |
fail2ban-opensuse-service.patch | 0000001451 1.42 KB | |
fail2ban-rpmlintrc | 0000000146 146 Bytes | |
fail2ban.changes | 0000053738 52.5 KB | |
fail2ban.logrotate | 0000000232 232 Bytes | |
fail2ban.spec | 0000010407 10.2 KB | |
fail2ban.sysconfig | 0000000200 200 Bytes | |
fail2ban.tmpfiles | 0000000031 31 Bytes | |
paths-opensuse.conf | 0000000975 975 Bytes | |
sfw-fail2ban.conf | 0000000217 217 Bytes |
Revision 52 (latest revision is 70)
Dominique Leuenberger (dimstar_suse)
accepted
request 578362
from
Johannes Weberhofer (weberho)
(revision 52)
- Updated to version 0.10.2. Changelog: https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog - rebased patch - Incompatibility list (compared to v.0.9): * Filter (or `failregex`) internal capture-groups: - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)` (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` settings). Of course you can always define your own capture-group (like below `_cond_ip_`) to do this. testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$" - New internal groups (currently reserved for internal usage): `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if mapping from tag `<F-*>` used in failregex (e. g. `user` by `<F-USER>`). * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some user configurations resp. `datepattern`. * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are IPv6-capable now. - Incompatibility: * The configuration for jails using banaction `pf` can be incompatible after upgrade, because pf-action uses anchors now (see `action.d/pf.conf` for more information). If you want use obsolete handling without anchors, just rewrite it in the `jail.local` by overwrite of `pfctl` parameter, e. g. like `banaction = pf[pfctl="pfctl"]`. - Fixes * Fixed logging to systemd-journal: new logtarget value SYSOUT can be used instead of STDOUT, to avoid write of the time-stamp, if logging to systemd-journal from foreground mode (gh-1876) * Fixed recognition of the new date-format on mysqld-auth filter (gh-1639) * jail.conf: port `imap3` replaced with `imap` everywhere, since imap3 is not a standard port and old rarely (if ever) used and can missing on some systems (e. g. debian stretch), see gh-1942. * config/paths-common.conf: added missing initial values (and small normalization in config/paths-*.conf) in order to avoid errors while interpolating (e. g. starting with systemd-backend), see gh-1955. * `action.d/pf.conf`: - fixed syntax error in achnor definition (documentation, see gh-1919); - enclose ports in braces for multiport jails (see gh-1925); * `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing `family inet6`, gh-1990) * `filter.d/sshd.conf`: - extended failregex for modes "extra"/"aggressive": now finds all possible (also future) forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors (gh-1943, gh-1944); - fixed failregex in order to avoid banning of legitimate users with multiple public keys (gh-2014, gh-1263); - New Features * datedetector: extended default date-patterns (allows extra space between the date and time stamps); introduces 2 new format directives (with corresponding %Ex prefix for more precise parsing): - %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock, (corresponds %H, but allows space if not zero-padded). - %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock, (corresponds %I, but allows space if not zero-padded). * `filter.d/exim.conf`: added mode `aggressive` to ban flood resp. DDOS-similar failures (gh-1983); - New Actions: * `action.d/nginx-block-map.conf` - in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file); - Enhancements * jail.conf: extended with new parameter `mode` for the filters supporting it (gh-1988); * action.d/pf.conf: extended with bulk-unban, command `actionflush` in order to flush all bans at once. * Introduced new parameters for logging within fail2ban-server (gh-1980). Usage `logtarget = target[facility=..., datetime=on|off, format="..."]`: - `facility` - specify syslog facility (default `daemon`, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler for the list of facilities); - `datetime` - add date-time to the message (default on, ignored if `format` specified); - `format` - specify own format how it will be logged, for example for short-log into STDOUT: `fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d | %(message)s"]' start`; * Automatically recover or recreate corrupt persistent database (e. g. if failed to open with 'database disk image is malformed'). Fail2ban will create a backup, try to repair the database, if repair fails - recreate new database (gh-1465, gh-2004).
Comments 0