lp:debian/experimental/fail2ban
- Get this branch:
- bzr branch lp:debian/experimental/fail2ban
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 19. By Yaroslav Halchenko
-
[ Christoph Anton Mitterer ]
* Do not install the following configuration files which are not used within
the Debian package of fail2ban:
/etc/fail2ban/ paths-fedora. conf
/etc/fail2ban/ paths-freebsd. conf
/etc/fail2ban/ paths-osx. conf
Closes: #767123[ Yaroslav Halchenko ]
* New upstream snapshot from 0.9.1-44-gd65c4f8
- carries a lot of fixes and improvements. Consult upstream ChangeLog
- debian's init file is now maintained in upstream codebase (for manual
deployments)
- provides monit (now Suggest'ed) file which is now gets installed
but not enabled by default: ln -s /etc/monit/{monitrc, conf}.d/ fail2ban
to assure that fail2ban process is running - 18. By Yaroslav Halchenko
-
[ Yaroslav Halchenko ]
* New upstream snapshot from 0.9.0a2-814-g98dc084. [ Daniel Schaal ]
* debian/{control, rules}
- switching to python3 as the interpreter for Fail2Ban so we could use
python3-systemd which is N/A for Python2 any longer - 17. By Yaroslav Halchenko
-
[ Daniel Schaal ]
* debian/ updated for 0.9 release
0.9 release introduced big changes in internal organization (Python
module now), and new features, and stock jail.conf now follows
Debian's style, thus custom Debian jail.conf was deprecated. See NEWS
file and upstream ChangeLog for further details.[ Yaroslav Halchenko ]
* Post 0.9 release snapshot.
* debian/rules
- do not ignore tests failures
- run only tests not requiring network access
- nagios and cacti examples get installed - 14. By Yaroslav Halchenko
-
* New upstream release:
- inotify backend is supported (and the default if pyinotify is present).
It should bring number of wakeups to minimum (Closes: #481265)
- usedns jail.conf parameter to disable reverse DNS mapping to
avoid of DoS (see #588431, #514239 for related discussions)
- enforces non-unicode logging (Closes: #657286)
- new jail "recidive" to ban repeated offenders (Closes: #333557)
- catch failed ssh logins due to being listed in DenyUsers (Closes: #669063)
- document in config/*.conf on how to inline comments (Closes: #676146)
- match possibly present "pam_unix(sshd:auth) :" portion for sshd
(Closes: #648020)
- wu-ftpd: added failregex for use against syslog. Switch to monitor syslog
(instead of auth.log) by default (Closes: #514239)
- anchor chain name in actioncheck's for iptables actions (Closes: #672228)
* debian/jail.conf:
- adopted few jails from "upstreams" jail.conf: asterisk, recidive,
lighttpd, php-url-open
- provide instructions in jail.conf on how to comment (Closes: #676146)
Thanks Stefano Forli for a report
* debian/fail2ban. init:
- Should-(start| stop): iptables-persistent (Closes: #598109),
ferm (Closes: #604843)
- 'status' exits with code 3 if fail2ban is not running (Closes: #653074)
Thanks Glenn Aaldering for the patch
* debian/source:
- switch to 3.0 (quilt) format
* debian/control, rules:
- switch to use dh_python2 (Closes: #616803)
- boost policy compliance to 3.9.3
- recommend python-pyinotify and only suggest python-gamin - 13. By Yaroslav Halchenko
-
* BF: anchoring regex for IP with " *$" at the end + adjust regexp for
<HOST> (closes: #514163)
* NF: adding unittests for previous BF - 12. By Yaroslav Halchenko
-
* BF in apache-
noscript. conf - regexp matched in referer (Closes: #492319).
Thanks Bernd Zeimetz.
* BF: extended apache-noscript with additional regexp - 11. By Yaroslav Halchenko
-
* Fresh upstream release
* Boosted policy compliance to 3.8.0 (no changes needed)
* Specify explicitely facilities in "Failed .. for". Thanks Dean
Gaudet. (closes: #481760)
* Added failregex for "User not known" in sshd.conf. thanks Alexander
Gerasiov (closes: #479966) - 10. By Yaroslav Halchenko
-
* NEWS.Debian confusions - the latest NEWS entry and postinst message were
rephrased (Closes: #402350)
* Added mail-whois-lines action, which emails log lines containing abuser
IP. Those lines are often required for proper abuse reports sent to the
Internet providers. Forwarding of such received emails to the email
addresses of abuse departments present in the output of whois is a
tentative solution for semi-automatic abuse reporting (Closes: #358810)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/fail2ban