Bans IP addresses that make too many authentication failures

Edit Package fail2ban

Fail2ban scans log files like /var/log/messages and bans IP addresses
that makes too many password failures. It updates firewall rules to
reject the IP address, can send e-mails, or set host.deny entries.
These rules can be defined by the user. Fail2Ban can read multiple log
files such as sshd or Apache web server ones.

Refresh
Refresh
Source Files
Filename Size Changed
f2b-restart.conf 0000000163 163 Bytes
fail2ban-0.10.2.tar.gz 0000474624 464 KB
fail2ban-disable-iptables-w-option.patch 0000000855 855 Bytes
fail2ban-opensuse-locations.patch 0000001158 1.13 KB
fail2ban-opensuse-service.patch 0000001451 1.42 KB
fail2ban-rpmlintrc 0000000146 146 Bytes
fail2ban.changes 0000053738 52.5 KB
fail2ban.logrotate 0000000232 232 Bytes
fail2ban.spec 0000010407 10.2 KB
fail2ban.sysconfig 0000000200 200 Bytes
fail2ban.tmpfiles 0000000031 31 Bytes
paths-opensuse.conf 0000000975 975 Bytes
sfw-fail2ban.conf 0000000217 217 Bytes
Revision 52 (latest revision is 70)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 578362 from Johannes Weberhofer's avatar Johannes Weberhofer (weberho) (revision 52)
- Updated to version 0.10.2. Changelog:
  https://github.com/fail2ban/fail2ban/blob/0.10.2/ChangeLog
- rebased patch
- Incompatibility list (compared to v.0.9):
  * Filter (or `failregex`) internal capture-groups:
    - If you've your own `failregex` or custom filters using conditional match `(?P=host)`, you should
      rewrite the regex like in example below resp. using `(?:(?P=ip4)|(?P=ip6)` instead of `(?P=host)`
      (or `(?:(?P=ip4)|(?P=ip6)|(?P=dns))` corresponding your `usedns` and `raw` settings).
      Of course you can always define your own capture-group (like below `_cond_ip_`) to do this.
      testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1"
      fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$"
    - New internal groups (currently reserved for internal usage):
      `ip4`, `ip6`, `dns`, `fid`, `fport`, additionally `user` and another captures in lower case if
      mapping from tag `<F-*>` used in failregex (e. g. `user` by `<F-USER>`).
  * v.0.10 uses more precise date template handling, that can be theoretically incompatible to some
    user configurations resp. `datepattern`.
  * Since v0.10 fail2ban supports the matching of the IPv6 addresses, but not all ban actions are
    IPv6-capable now.
- Incompatibility:
  * The configuration for jails using banaction `pf` can be incompatible after upgrade, because pf-action uses
    anchors now (see `action.d/pf.conf` for more information). If you want use obsolete handling without anchors,
    just rewrite it in the `jail.local` by overwrite of `pfctl` parameter, e. g. like `banaction = pf[pfctl="pfctl"]`. 
- Fixes
  * Fixed logging to systemd-journal: new logtarget value SYSOUT can be used instead of STDOUT, to avoid 
    write of the time-stamp, if logging to systemd-journal from foreground mode (gh-1876)
  * Fixed recognition of the new date-format on mysqld-auth filter (gh-1639)
  * jail.conf: port `imap3` replaced with `imap` everywhere, since imap3 is not a standard port and old rarely 
    (if ever) used and can missing on some systems (e. g. debian stretch), see gh-1942.
  * config/paths-common.conf: added missing initial values (and small normalization in config/paths-*.conf)
    in order to avoid errors while interpolating (e. g. starting with systemd-backend), see gh-1955.
  * `action.d/pf.conf`: 
    - fixed syntax error in achnor definition (documentation, see gh-1919);
    - enclose ports in braces for multiport jails (see gh-1925);
  * `action.d/firewallcmd-ipset.conf`: fixed create of set for ipv6 (missing `family inet6`, gh-1990)
  * `filter.d/sshd.conf`:
    - extended failregex for modes "extra"/"aggressive": now finds all possible (also future)
      forms of "no matching (cipher|mac|MAC|compression method|key exchange method|host key type) found", 
      see "ssherr.c" for all possible SSH_ERR_..._ALG_MATCH errors (gh-1943, gh-1944);
    - fixed failregex in order to avoid banning of legitimate users with multiple public keys (gh-2014, gh-1263);
- New Features
  * datedetector: extended default date-patterns (allows extra space between the date and time stamps);
    introduces 2 new format directives (with corresponding %Ex prefix for more precise parsing):
    - %k - one- or two-digit number giving the hour of the day (0-23) on a 24-hour clock,
      (corresponds %H, but allows space if not zero-padded).
    - %l - one- or two-digit number giving the hour of the day (12-11) on a 12-hour clock,
      (corresponds %I, but allows space if not zero-padded).
  * `filter.d/exim.conf`: added mode `aggressive` to ban flood resp. DDOS-similar failures (gh-1983);
- New Actions:
  * `action.d/nginx-block-map.conf` - in order to ban not IP-related tickets via nginx (session blacklisting in
     nginx-location with map-file);
  - Enhancements
    * jail.conf: extended with new parameter `mode` for the filters supporting it (gh-1988);
    * action.d/pf.conf: extended with bulk-unban, command `actionflush` in order to flush all bans at once.
    * Introduced new parameters for logging within fail2ban-server (gh-1980).
      Usage `logtarget = target[facility=..., datetime=on|off, format="..."]`:
      - `facility` - specify syslog facility (default `daemon`, see https://docs.python.org/2/library/logging.handlers.html#sysloghandler
        for the list of facilities);
      - `datetime` - add date-time to the message (default on, ignored if `format` specified);
      - `format` - specify own format how it will be logged, for example for short-log into STDOUT:
        `fail2ban-server -f --logtarget 'stdout[format="%(relativeCreated)5d | %(message)s"]' start`;
    * Automatically recover or recreate corrupt persistent database (e. g. if failed to open with 
     'database disk image is malformed'). Fail2ban will create a backup, try to repair the database,
      if repair fails - recreate new database (gh-1465, gh-2004).
Comments 0
openSUSE Build Service is sponsored by