lp:debian/squeeze/fail2ban

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

18. By Yaroslav Halchenko on 2013-06-12

Anchor apache- filters failregexes to avoid possible DoS on servers
which enabled corresponding jails. Fix cherry-picked from upstream
0.8.9-29-g6ccd578 . See http://seclists.org/fulldisclosure/2013/Jun/66

17. By Yaroslav Halchenko on 2012-02-16

[ Jonathan Wiltshire ]
* [e2232fc] Backport patch to fix CVE-2009-5023: Insecure creation of
  tempfile (Closes: #544232, #635746)

[ Yaroslav Halchenko ]
* [6fc6c7b] Backport patch: Lock server's executeCmd to prevent racing
  among iptables calls (Closes: #650678)

16. By Yaroslav Halchenko on 2010-06-28

* Commenting out named-refused-udp jail and providing even fatter
  WARNING against using it (Closes: #583364)
* Merging upstream's commit for fixing missing import

15. By Yaroslav Halchenko on 2010-02-25

* Merged few upstream patches (svn rev ) which fixed:
  - Patch to make log file descriptors cloexec to stop leaking file
    descriptors on fork/exec.
* debian/rules,control: -install-layout=deb for setup.py + python (>=
  2.5.4-1~) to fix install with python2.6 (Closes: #571213).
* Boosted policy to 3.8.4 (no changes seems to be due).

14. By Yaroslav Halchenko on 2009-09-10

* New upstream release. Fixes compatibility issue with python2.6
* Yet only in Debian fixes:
 - escaping () in pure-ftpd. Thanks Teodor (Closes: #544744)
 - use "set logtarget" instead of "reload" while logrotate. Thanks
   J.M.Roth (Closes: #537773)
 - be able to detect time for VNC recording only 2 letters of year
   (Closes: #537610)
 - proftpd filter: count all failed logins regardless of the reason
* Debian-specific changes:
 - adjusted README.Debian - multiport is default (closes: #545971)
 - Boosted policy to 3.8.3 (no changes seems to be due)

13. By Yaroslav Halchenko on 2009-07-09

* Time to shake the ground with upload to unstable.
* Merged upstream's development as of SVN revision 732:
   - Fixed maxretry/findtime rate. Many thanks to Christos Psonis.
     Tracker #2019714.
   - Made the named-refused regex a bit less restrictive in order to match
     logs with "view". Thanks to Stephen Gildea.
   - Use timetuple instead of utctimetuple for ISO 8601. Maybe not a 100%
     correct fix but seems to work. Tracker #2500276.
   - Changed <HOST> template to be more restrictive (closes: #514163).
   - Added cyrus-imap and sieve filters. Thanks to Jan Wagner. (closes:
     #513953).
   - Pull a commit from Yaroslav git repo. BF: addressing added bang to ssh
     log (closes: #512193).
   - Added missing semi-colon in the bind9 example. Thanks to Yaroslav
     Halchenko.
   - Added NetBSD ipfilter (ipf command) action. Thanks to Ed Ravin. Tracker
     #2484115.
   - Improved SASL filter. Thanks to Loic Pefferkorn. Tracker #2310410.
     (closes: #507990)
   - Added CPanel date format. Thanks to David Collins. Tracker #1967610.
   - Added nagios script. Thanks to Sebastian Mueller.
   - Removed print.
   - Removed begin-line anchor for "standard" timestamp (closes: #500824)
   - Remove socket file on startup is fail2ban crashed. Thanks to Detlef
     Reichelt.
* Added a comment into Debian-shipped jail.conf about sasl logpath -- it
  might preferable to monitor warn.log in case of postfix (To complete react
  to #507990) (git branch up/fixes). Also added sasl example log file (git
  branch up/log_examples).
* Removing minor bashism in ipmasq example file (closes: #530078).
  Thanks Raphael Geissert (git branch up/ipmasq)
* Allow for trailing spaces in proftpd logs (closes: #507986)
  (git branch up/fixes).
* Removed duplicate entry for DataCha0s/2\.0 in badbots (closes: #519557)
  (git branch up/fixes).
* Adjusted Git-vcs field to point to git:// .
* Thanks lintian fixes:
  - Boosted policy to 3.8.2 (no changes are due).
  - Boosted debhelper compatibility to 5.
  - Misspell in README.Debian
  - Removing stale /var/run/fail2ban from dirs -- should be created by
    init script

12. By Yaroslav Halchenko on 2009-02-05

* NF: adding unittests for previous commit
* BF: anchoring regex for IP with " *$" at the end + adjust regexp for
  <HOST> (closes: #514163)

11. By Yaroslav Halchenko on 2008-07-21

* Fresh upstream release
* Boosted policy compliance to 3.8.0 (no changes needed)
* Specify explicitely facilities in "Failed .. for". Thanks Dean
  Gaudet. (closes: #481760)
* Added failregex for "User not known" in sshd.conf. thanks Alexander
  Gerasiov (closes: #479966)

10. By Yaroslav Halchenko on 2006-12-10

* NEWS.Debian confusions - the latest NEWS entry and postinst message were
  rephrased (Closes: #402350)
* Added mail-whois-lines action, which emails log lines containing abuser
  IP. Those lines are often required for proper abuse reports sent to the
  Internet providers. Forwarding of such received emails to the email
  addresses of abuse departments present in the output of whois is a
  tentative solution for semi-automatic abuse reporting (Closes: #358810)

9. By Yaroslav Halchenko on 2006-12-07

* New upstream release which fixes next issues
 + Socket parameter not work with other path (Closes: #400162)
 + fail2ban does not start with /etc/init.d/fail2ban start but
   with fail2ban-client start (Closes: #400278)
* Removed obsolete patches left from 0.6
* Adjusted wsftpd patch to use <HOST> tag to be in line with the other
  filter definitions