Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package fail2ban for openSUSE:Factory
checked in at 2022-12-05 18:02:07
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/fail2ban (Old)
and /work/SRC/openSUSE:Factory/.fail2ban.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "fail2ban"
Mon Dec 5 18:02:07 2022 rev:66 rq:1040251 version:1.0.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/fail2ban/fail2ban.changes 2022-10-13
15:45:21.491114255 +0200
+++ /work/SRC/openSUSE:Factory/.fail2ban.new.1835/fail2ban.changes
2022-12-05 18:02:29.697004305 +0100
@@ -1,0 +2,8 @@
+Sun Dec 4 21:07:21 UTC 2022 - Dirk Müller <dmuel...@suse.com>
+
+- update to 1.0.2:
+ * Update of major version of fail2ban with primary target to fix a
+ dovecot-filter regression #3370.
+ * See the ChangeLog for more information.
+
+-------------------------------------------------------------------
Old:
----
fail2ban-1.0.1.tar.gz
fail2ban-1.0.1.tar.gz.asc
New:
----
fail2ban-1.0.2.tar.gz
fail2ban-1.0.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ fail2ban.spec ++++++
--- /var/tmp/diff_new_pack.HpEQcB/_old 2022-12-05 18:02:30.457008445 +0100
+++ /var/tmp/diff_new_pack.HpEQcB/_new 2022-12-05 18:02:30.465008487 +0100
@@ -22,12 +22,12 @@
%define _fillupdir %{_localstatedir}/adm/fillup-templates
%endif
Name: fail2ban
-Version: 1.0.1
+Version: 1.0.2
Release: 0
Summary: Bans IP addresses that make too many authentication failures
License: GPL-2.0-or-later
Group: Productivity/Networking/Security
-URL: http://www.fail2ban.org/
+URL: https://www.fail2ban.org/
Source0:
https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1:
https://github.com/fail2ban/fail2ban/releases/download/%{version}/%{name}-%{version}.tar.gz.asc
Source2: %{name}.sysconfig
@@ -50,7 +50,6 @@
Patch300: fail2ban-opensuse-service-sfw.patch
# PATCH-FEATURE-OPENSUSE harden_fail2ban.service.patch jseg...@suse.com --
Added hardening to systemd service(s) bsc#1181400
Patch301: harden_fail2ban.service.patch
-
BuildRequires: fdupes
BuildRequires: logrotate
BuildRequires: python-rpm-macros
@@ -272,7 +271,6 @@
%endif
%files
-%defattr(-, root, root)
%dir %{_sysconfdir}/%{name}
%dir %{_sysconfdir}/%{name}/action.d
%dir %{_sysconfdir}/%{name}/%{name}.d
@@ -327,14 +325,12 @@
%if !0%{?suse_version} > 1500
%if 0%{?_unitdir:1}
%files -n SuSEfirewall2-%{name}
-%defattr(-,root,root)
%{_unitdir}/SuSEfirewall2.service.d
%{_unitdir}/%{name}.service.d
%endif
%endif
%files -n monitoring-plugins-%{name}
-%defattr(-,root,root)
%license COPYING
%doc files/nagios/README
%dir %{_libexecdir}/nagios
++++++ fail2ban-1.0.1.tar.gz -> fail2ban-1.0.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/ChangeLog new/fail2ban-1.0.2/ChangeLog
--- old/fail2ban-1.0.1/ChangeLog 2022-09-27 18:27:51.000000000 +0200
+++ new/fail2ban-1.0.2/ChangeLog 2022-11-09 16:46:15.000000000 +0100
@@ -7,6 +7,25 @@
Fail2Ban: Changelog
===================
+ver. 1.0.2 (2022/11/09) - finally-war-game-test-tape-not-a-nuclear-alarm
+-----------
+
+### Fixes
+* backend `systemd`: code review and several fixes:
+ - wait only if it is necessary, e. g. in operational mode and if no more
entries retrieved (end of journal);
+ - ensure we give enough time after possible rotation, vacuuming or
adding/removing journal files,
+ and move cursor back and forth to avoid entering dead space
+* `filter.d/named-refused.conf`:
+ - support BIND named log categories, gh-3388
+ - allow `info:` as possible error prefix too ("query (cache) denied" may
occur as info)
+* `filter.d/dovecot.conf`:
+ - fixes regression introduced in gh-3210: resolve extremely long search by
repeated apply of non-greedy RE-part
+ with following branches (it may be extremely slow up to infinite search
depending on message), gh-3370
+ - fixes regression and matches new format in aggressive mode too (amend to
gh-3210)
+
+### New Features and Enhancements
+
+
ver. 1.0.1 (2022/09/27) - energy-equals-mass-times-the-speed-of-light-squared
-----------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/config/filter.d/dovecot.conf
new/fail2ban-1.0.2/config/filter.d/dovecot.conf
--- old/fail2ban-1.0.1/config/filter.d/dovecot.conf 2022-09-27
18:27:51.000000000 +0200
+++ new/fail2ban-1.0.2/config/filter.d/dovecot.conf 2022-11-09
16:46:15.000000000 +0100
@@ -7,19 +7,21 @@
[Definition]
+_daemon = (?:dovecot(?:-auth)?|auth)
+
_auth_worker = (?:dovecot: )?auth(?:-worker)?
_auth_worker_info = (?:conn \w+:auth(?:-worker)? \([^\)]+\):
auth(?:-worker)?<\d+>: )?
-_daemon = (?:dovecot(?:-auth)?|auth)
+_bypass_reject_reason = (?:: (?:\w+\([^\):]*\) \w+|[^\(]+))*
prefregex = ^%(__prefix_line)s(?:%(_auth_worker)s(?:\([^\)]+\))?:
)?(?:%(__pam_auth)s(?:\(dovecot:auth\))?:
|(?:pop3|imap|managesieve|submission)-login: )?(?:Info:
)?%(_auth_worker_info)s<F-CONTENT>.+</F-CONTENT>$
failregex = ^authentication failure; logname=<F-ALT_USER1>\S*</F-ALT_USER1>
uid=\S* euid=\S* tty=dovecot ruser=<F-USER>\S*</F-USER>
rhost=<HOST>(?:\s+user=<F-ALT_USER>\S*</F-ALT_USER>)?\s*$
- ^(?:Aborted login|Disconnected|Remote closed connection|Client has
quit the connection)(?:: (?:[^\(]+|\w+\([^\)]*\))+)? \((?:auth failed, \d+
attempts(?: in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy
dest auth failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)?
rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
+ ^(?:Aborted login|Disconnected|Remote closed connection|Client has
quit the connection)%(_bypass_reject_reason)s \((?:auth failed, \d+ attempts(?:
in \d+ secs)?|tried to use (?:disabled|disallowed) \S+ auth|proxy dest auth
failed)\):(?: user=<<F-USER>[^>]*</F-USER>>,)?(?: method=\S+,)?
rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
^pam\(\S+,<HOST>(?:,\S*)?\): pam_authenticate\(\) failed: (?:User
not known to the underlying authentication module: \d+ Time\(s\)|Authentication
failure \([Pp]assword mismatch\?\)|Permission denied)\s*$
^[a-z\-]{3,15}\(\S*,<HOST>(?:,\S*)?\): (?:[Uu]nknown
user|[Ii]nvalid credentials|[Pp]assword mismatch)
<mdre-<mode>>
-mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed
connection|Client has quit the connection)(?::(?: [^ \(]+)+)? \((?:no auth
attempts|disconnected before auth was ready,|client didn't finish \S+ auth,)(?:
(?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)?
rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
+mdre-aggressive = ^(?:Aborted login|Disconnected|Remote closed
connection|Client has quit the connection)%(_bypass_reject_reason)s \((?:no
auth attempts|disconnected before auth was ready,|client didn't finish \S+
auth,)(?: (?:in|waited) \d+ secs)?\):(?: user=<[^>]*>,)?(?: method=\S+,)?
rip=<HOST>(?:[^>]*(?:, session=<\S+>)?)\s*$
mdre-normal =
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/config/filter.d/named-refused.conf
new/fail2ban-1.0.2/config/filter.d/named-refused.conf
--- old/fail2ban-1.0.1/config/filter.d/named-refused.conf 2022-09-27
18:27:51.000000000 +0200
+++ new/fail2ban-1.0.2/config/filter.d/named-refused.conf 2022-11-09
16:46:15.000000000 +0100
@@ -30,11 +30,14 @@
__daemon_re=\(?%(_daemon)s(?:\(\S+\))?\)?:?
__daemon_combs_re=(?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
+_category = (?!error|info)[\w-]+
+_category_re = (?:%(_category)s: )?
+
# hostname daemon_id spaces
# this can be optional (for instance if we match named native log files)
-__line_prefix=(?:\s*\S+ %(__daemon_combs_re)s\s+)?
+__line_prefix=\s*(?:\S+ %(__daemon_combs_re)s\s+)?%(_category_re)s
-prefregex = ^%(__line_prefix)s(?: error:)?\s*client(?: @\S*)? <HOST>#\S+(?:
\([\S.]+\))?: <F-CONTENT>.+</F-CONTENT>\s(?:denied|\(NOTAUTH\))\s*$
+prefregex = ^%(__line_prefix)s(?:(?:error|info):\s*)?client(?: @\S*)?
<HOST>#\S+(?: \([\S.]+\))?:
<F-CONTENT>.+</F-CONTENT>\s(?:denied|\(NOTAUTH\))\s*$
failregex = ^(?:view (?:internal|external): )?query(?: \(cache\))?
^zone transfer
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/fail2ban/server/filtersystemd.py
new/fail2ban-1.0.2/fail2ban/server/filtersystemd.py
--- old/fail2ban-1.0.1/fail2ban/server/filtersystemd.py 2022-09-27
18:27:51.000000000 +0200
+++ new/fail2ban-1.0.2/fail2ban/server/filtersystemd.py 2022-11-09
16:46:15.000000000 +0100
@@ -312,20 +312,37 @@
except OSError:
pass # Reading failure, so safe to ignore
+ wcode = journal.NOP
line = None
while self.active:
# wait for records (or for timeout in sleeptime
seconds):
try:
- ## todo: find better method as wait_for to
break (e.g. notify) journal.wait(self.sleeptime),
- ## don't use `journal.close()` for it, because
in some python/systemd implementation it may
- ## cause abnormal program termination
- #self.__journal.wait(self.sleeptime) !=
journal.NOP
- ##
- ## wait for entries without sleep in intervals,
because "sleeping" in journal.wait:
- if not logentry:
- Utils.wait_for(lambda: not self.active
or \
-
self.__journal.wait(Utils.DEFAULT_SLEEP_INTERVAL) != journal.NOP,
+ ## wait for entries using journal.wait:
+ if wcode == journal.NOP and self.inOperation:
+ ## todo: find better method as wait_for
to break (e.g. notify) journal.wait(self.sleeptime),
+ ## don't use `journal.close()` for it,
because in some python/systemd implementation it may
+ ## cause abnormal program termination
(e. g. segfault)
+ ##
+ ## wait for entries without sleep in
intervals, because "sleeping" in journal.wait,
+ ## journal.NOP is 0, so we can wait for
non zero (APPEND or INVALIDATE):
+ wcode = Utils.wait_for(lambda: not
self.active and journal.APPEND or \
+
self.__journal.wait(Utils.DEFAULT_SLEEP_INTERVAL),
self.sleeptime, 0.00001)
+ ## if invalidate (due to rotation,
vacuuming or journal files added/removed etc):
+ if self.active and wcode ==
journal.INVALIDATE:
+ if self.ticks:
+
logSys.log(logging.DEBUG, "[%s] Invalidate signaled, take a little break
(rotation ends)", self.jailName)
+
time.sleep(self.sleeptime * 0.25)
+ Utils.wait_for(lambda: not
self.active or \
+
self.__journal.wait(Utils.DEFAULT_SLEEP_INTERVAL) != journal.INVALIDATE,
+ self.sleeptime * 3,
0.00001)
+ if self.ticks:
+ # move back and forth
to ensure do not end up in dead space by rotation or vacuuming,
+ # if position beyond
end of journal (gh-3396)
+ try:
+ if
self.__journal.get_previous(): self.__journal.get_next()
+ except OSError:
+ pass
if self.idle:
# because journal.wait will returns
immediatelly if we have records in journal,
# just wait a little bit here for not
idle, to prevent hi-load:
@@ -360,11 +377,13 @@
self.processLineAndAdd(line, tm)
self.__modified += 1
if self.__modified >= 100: #
todo: should be configurable
+ wcode = journal.APPEND;
# don't need wait - there are still unprocessed entries
break
else:
# "in operation" mode since we
don't have messages anymore (reached end of journal):
if not self.inOperation:
self.inOperationMode()
+ wcode = journal.NOP; # enter
wait - no more entries to process
break
self.__modified = 0
if self.ticks % 10 == 0:
@@ -384,6 +403,7 @@
except Exception as e: # pragma: no cover
if not self.active: # if not active - error by
stop...
break
+ wcode = journal.NOP
logSys.error("Caught unhandled exception in
main cycle: %r", e,
exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)
# incr common error counter:
@@ -392,15 +412,20 @@
logSys.debug("[%s] filter terminated", self.jailName)
# close journal:
+ self.closeJournal()
+
+ logSys.debug("[%s] filter exited (systemd)", self.jailName)
+ return True
+
+ def closeJournal(self):
try:
- if self.__journal:
- self.__journal.close()
+ jnl, self.__journal = self.__journal, None
+ if jnl:
+ jnl.close()
except Exception as e: # pragma: no cover
logSys.error("Close journal failed: %r", e,
exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)
- logSys.debug("[%s] filter exited (systemd)", self.jailName)
- return True
def status(self, flavor="basic"):
ret = super(FilterSystemd, self).status(flavor=flavor)
@@ -422,6 +447,8 @@
def onStop(self):
"""Stop monitoring of journal. Invoked after run method.
"""
+ # close journal:
+ self.closeJournal()
# ensure positions of pending logs are up-to-date:
if self._pendDBUpdates and self.jail.database:
self._updateDBPending()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/fail2ban-1.0.1/fail2ban/tests/fail2banregextestcase.py
new/fail2ban-1.0.2/fail2ban/tests/fail2banregextestcase.py
--- old/fail2ban-1.0.1/fail2ban/tests/fail2banregextestcase.py 2022-09-27
18:27:51.000000000 +0200
+++ new/fail2ban-1.0.2/fail2ban/tests/fail2banregextestcase.py 2022-11-09
16:46:15.000000000 +0100
@@ -36,7 +36,7 @@
fail2banregex.logSys = logSys
def _test_output(*args):
- logSys.notice(args[0])
+ logSys.notice('output: %s', args[0])
fail2banregex.output = _test_output
@@ -360,57 +360,57 @@
def testFrmtOutput(self):
# id/ip only:
self.assertTrue(_test_exec('-o', 'id', STR_00, RE_00_ID))
- self.assertLogged('kevin')
+ self.assertLogged('output: %s' % 'kevin')
self.pruneLog()
# multiple id combined to a tuple (id, tuple_id):
self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH',
'1591983743.667 192.0.2.1 192.0.2.2',
r'^\s*<F-ID/> <F-TUPLE_ID>\S+</F-TUPLE_ID>'))
- self.assertLogged(str(('192.0.2.1', '192.0.2.2')))
+ self.assertLogged('output: %s' % str(('192.0.2.1',
'192.0.2.2')))
self.pruneLog()
# multiple id combined to a tuple, id first - (id, tuple_id_1,
tuple_id_2):
self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH',
'1591983743.667 left 192.0.2.3 right',
r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID/>
<F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>'))
- self.assertLogged(str(('192.0.2.3', 'left', 'right')))
+ self.assertLogged('output: %s' % str(('192.0.2.3', 'left',
'right')))
self.pruneLog()
# id had higher precedence as ip-address:
self.assertTrue(_test_exec('-o', 'id', '-d', '{^LN-BEG}EPOCH',
'1591983743.667 left [192.0.2.4]:12345 right',
r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1>
<F-ID><ADDR>:<F-PORT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>'))
- self.assertLogged(str(('[192.0.2.4]:12345', 'left', 'right')))
+ self.assertLogged('output: %s' % str(('[192.0.2.4]:12345',
'left', 'right')))
self.pruneLog()
# ip is not id anymore (if IP-address deviates from ID):
self.assertTrue(_test_exec('-o', 'ip', '-d', '{^LN-BEG}EPOCH',
'1591983743.667 left [192.0.2.4]:12345 right',
r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1>
<F-ID><ADDR>:<F-PORT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>'))
- self.assertNotLogged(str(('[192.0.2.4]:12345', 'left',
'right')))
- self.assertLogged('192.0.2.4')
+ self.assertNotLogged('output: %s' % str(('[192.0.2.4]:12345',
'left', 'right')))
+ self.assertLogged('output: %s' % '192.0.2.4')
self.pruneLog()
self.assertTrue(_test_exec('-o', 'ID:<fid> | IP:<ip>', '-d',
'{^LN-BEG}EPOCH',
'1591983743.667 left [192.0.2.4]:12345 right',
r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1>
<F-ID><ADDR>:<F-PORT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>'))
- self.assertLogged('ID:'+str(('[192.0.2.4]:12345', 'left',
'right'))+' | IP:192.0.2.4')
+ self.assertLogged('output: %s' %
'ID:'+str(('[192.0.2.4]:12345', 'left', 'right'))+' | IP:192.0.2.4')
self.pruneLog()
# row with id :
self.assertTrue(_test_exec('-o', 'row', STR_00, RE_00_ID))
- self.assertLogged("['kevin'", "'ip4': '192.0.2.0'", "'fid':
'kevin'", all=True)
+ self.assertLogged('output: %s' % "['kevin'", "'ip4':
'192.0.2.0'", "'fid': 'kevin'", all=True)
self.pruneLog()
# row with ip :
self.assertTrue(_test_exec('-o', 'row', STR_00, RE_00_USER))
- self.assertLogged("['192.0.2.0'", "'ip4': '192.0.2.0'",
"'user': 'kevin'", all=True)
+ self.assertLogged('output: %s' % "['192.0.2.0'", "'ip4':
'192.0.2.0'", "'user': 'kevin'", all=True)
self.pruneLog()
# log msg :
self.assertTrue(_test_exec('-o', 'msg', STR_00, RE_00_USER))
- self.assertLogged(STR_00)
+ self.assertLogged('output: %s' % STR_00)
self.pruneLog()
# item of match (user):
self.assertTrue(_test_exec('-o', 'user', STR_00, RE_00_USER))
- self.assertLogged('kevin')
+ self.assertLogged('output: %s' % 'kevin')
self.pruneLog()
# complex substitution using tags (ip, user, family):
self.assertTrue(_test_exec('-o', '<ip>, <F-USER>, <family>',
STR_00, RE_00_USER))
- self.assertLogged('192.0.2.0, kevin, inet4')
+ self.assertLogged('output: %s' % '192.0.2.0, kevin, inet4')
self.pruneLog()
def testStalledIPByNoFailFrmtOutput(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/fail2ban/tests/files/logs/dovecot
new/fail2ban-1.0.2/fail2ban/tests/files/logs/dovecot
--- old/fail2ban-1.0.1/fail2ban/tests/files/logs/dovecot 2022-09-27
18:27:51.000000000 +0200
+++ new/fail2ban-1.0.2/fail2ban/tests/files/logs/dovecot 2022-11-09
16:46:15.000000000 +0100
@@ -115,6 +115,17 @@
# failJSON: { "time": "2004-08-28T06:38:52", "match": true , "host":
"192.0.2.4", "desc": "open parenthesis in optional part between Disconnected
and (auth failed ...), gh-3210" }
Aug 28 06:38:52 s166-62-100-187 dovecot: imap-login: Disconnected: Connection
closed: read(size=1003) failed: Connection reset by peer (auth failed, 1
attempts in 0 secs): user=<t...@example.com>, rip=192.0.2.4, lip=127.0.0.19,
session=<Lsz0Oo7WXti3b7xe>
+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid
slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection
closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0
secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026)
failed: Connection reset by peer
+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid
slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection
closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong
version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5,
lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid
slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many
invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5,
lip=127.0.0.1
+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid
slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected:
Connection closed: read(size=1007) failed: Connection reset by peer (no auth
attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
+# failJSON: { "time": "2004-08-29T01:49:33", "match": false , "desc": "avoid
slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection
closed: SSL_accept() failed: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol (no auth
attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking:
SSL_accept() failed: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol
+
# failJSON: { "time": "2004-08-29T03:17:18", "match": true , "host":
"192.0.2.133" }
Aug 29 03:17:18 server dovecot: submission-login: Client has quit the
connection (auth failed, 1 attempts in 2 secs): user=<user1>, method=LOGIN,
rip=192.0.2.133, lip=0.0.0.0
# failJSON: { "time": "2004-08-29T03:53:52", "match": true , "host":
"192.0.2.169" }
@@ -128,6 +139,17 @@
# filterOptions: [{"mode": "aggressive"}]
+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host":
"192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection
closed: read(size=1026) failed: Connection reset by peer (no auth attempts in 0
secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking: read(size=1026)
failed: Connection reset by peer
+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host":
"192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[459]: imap-login: Disconnected: Connection
closed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong
version number (no auth attempts in 0 secs): user=<>, rip=192.0.2.5,
lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number
+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host":
"192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected: Too many
invalid commands. (no auth attempts in 0 secs): user=<>, rip=192.0.2.5,
lip=127.0.0.1
+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host":
"192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[459]: managesieve-login: Disconnected:
Connection closed: read(size=1007) failed: Connection reset by peer (no auth
attempts in 1 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1
+# failJSON: { "time": "2004-08-29T01:49:33", "match": true , "host":
"192.0.2.5", "desc": "matches in aggressive mode, avoid slow RE, gh-3370" }
+Aug 29 01:49:33 server dovecot[472]: imap-login: Disconnected: Connection
closed: SSL_accept() failed: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol (no auth
attempts in 0 secs): user=<>, rip=192.0.2.5, lip=127.0.0.1, TLS handshaking:
SSL_accept() failed: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol
+
# failJSON: { "time": "2004-08-29T16:06:58", "match": true , "host":
"192.0.2.5" }
Aug 29 16:06:58 s166-62-100-187 dovecot: imap-login: Disconnected
(disconnected before auth was ready, waited 0 secs): user=<>, rip=192.0.2.5,
lip=192.168.1.2, TLS handshaking: SSL_accept() syscall failed: Connection reset
by peer
# failJSON: { "time": "2004-08-31T16:15:10", "match": true , "host":
"192.0.2.6" }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/fail2ban-1.0.1/fail2ban/tests/files/logs/named-refused
new/fail2ban-1.0.2/fail2ban/tests/files/logs/named-refused
--- old/fail2ban-1.0.1/fail2ban/tests/files/logs/named-refused 2022-09-27
18:27:51.000000000 +0200
+++ new/fail2ban-1.0.2/fail2ban/tests/files/logs/named-refused 2022-11-09
16:46:15.000000000 +0100
@@ -27,6 +27,11 @@
# failJSON: { "time": "2004-08-27T16:59:00", "match": true , "host":
"192.0.2.1", "desc": "new log format, 9.11.0 (#2406)" }
Aug 27 16:59:00 host named[28098]: client @0x7f6450002ef0 192.0.2.1#23332
(example.com): bad zone transfer request: 'test.com/IN': non-authoritative zone
(NOTAUTH)
+# failJSON: { "match": true , "host": "192.0.2.8", "desc": "log message with
category (security), gh-3388" }
+Oct 23 02:06:39 security: info: client @0x7f4e446fd6e8 192.0.2.8#53
(example.io): query (cache) 'example.io/A/IN' denied
+# failJSON: { "match": true , "host": "192.0.2.237", "desc": "log message with
category, gh-3388" }
+Oct 23 03:35:40 update-security: error: client @0x7f4e45c07a48
192.0.2.237#55956 (example.ca): zone transfer 'example.ca/AXFR/IN' denied
+
# filterOptions: {"logtype": "journal"}
# failJSON: { "match": true , "host": "192.0.2.1", "desc": "systemd-journal
entry" }
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/fail2ban/version.py
new/fail2ban-1.0.2/fail2ban/version.py
--- old/fail2ban-1.0.1/fail2ban/version.py 2022-09-27 18:27:51.000000000
+0200
+++ new/fail2ban-1.0.2/fail2ban/version.py 2022-11-09 16:46:15.000000000
+0100
@@ -24,7 +24,7 @@
__copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2005-2016 Yaroslav
Halchenko, 2013-2014 Steven Hiscocks, Daniel Black"
__license__ = "GPL-v2+"
-version = "1.0.1"
+version = "1.0.2"
def normVersion():
""" Returns fail2ban version in normalized machine-readable format"""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/man/fail2ban-client.1
new/fail2ban-1.0.2/man/fail2ban-client.1
--- old/fail2ban-1.0.1/man/fail2ban-client.1 2022-09-27 18:27:51.000000000
+0200
+++ new/fail2ban-1.0.2/man/fail2ban-client.1 2022-11-09 16:46:15.000000000
+0100
@@ -1,12 +1,12 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.48.1.
-.TH FAIL2BAN-CLIENT "1" "September 2022" "Fail2Ban v1.0.1" "User Commands"
+.TH FAIL2BAN-CLIENT "1" "November 2022" "Fail2Ban v1.0.2" "User Commands"
.SH NAME
fail2ban-client \- configure and control the server
.SH SYNOPSIS
.B fail2ban-client
[\fI\,OPTIONS\/\fR] \fI\,<COMMAND>\/\fR
.SH DESCRIPTION
-Fail2Ban v1.0.1 reads log file that contains password failure report
+Fail2Ban v1.0.2 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.
.SH OPTIONS
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/man/fail2ban-python.1
new/fail2ban-1.0.2/man/fail2ban-python.1
--- old/fail2ban-1.0.1/man/fail2ban-python.1 2022-09-27 18:27:51.000000000
+0200
+++ new/fail2ban-1.0.2/man/fail2ban-python.1 2022-11-09 16:46:15.000000000
+0100
@@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.48.1.
-.TH FAIL2BAN-PYTHON "1" "September 2022" "fail2ban-python 1.0.1" "User
Commands"
+.TH FAIL2BAN-PYTHON "1" "November 2022" "fail2ban-python 1.0.2" "User Commands"
.SH NAME
fail2ban-python \- a helper for Fail2Ban to assure that the same Python is used
.SH DESCRIPTION
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/man/fail2ban-regex.1
new/fail2ban-1.0.2/man/fail2ban-regex.1
--- old/fail2ban-1.0.1/man/fail2ban-regex.1 2022-09-27 18:27:51.000000000
+0200
+++ new/fail2ban-1.0.2/man/fail2ban-regex.1 2022-11-09 16:46:15.000000000
+0100
@@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.48.1.
-.TH FAIL2BAN-REGEX "1" "September 2022" "fail2ban-regex 1.0.1" "User Commands"
+.TH FAIL2BAN-REGEX "1" "November 2022" "fail2ban-regex 1.0.2" "User Commands"
.SH NAME
fail2ban-regex \- test Fail2ban "failregex" option
.SH SYNOPSIS
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/man/fail2ban-server.1
new/fail2ban-1.0.2/man/fail2ban-server.1
--- old/fail2ban-1.0.1/man/fail2ban-server.1 2022-09-27 18:27:51.000000000
+0200
+++ new/fail2ban-1.0.2/man/fail2ban-server.1 2022-11-09 16:46:15.000000000
+0100
@@ -1,12 +1,12 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.48.1.
-.TH FAIL2BAN-SERVER "1" "September 2022" "Fail2Ban v1.0.1" "User Commands"
+.TH FAIL2BAN-SERVER "1" "November 2022" "Fail2Ban v1.0.2" "User Commands"
.SH NAME
fail2ban-server \- start the server
.SH SYNOPSIS
.B fail2ban-server
[\fI\,OPTIONS\/\fR]
.SH DESCRIPTION
-Fail2Ban v1.0.1 reads log file that contains password failure report
+Fail2Ban v1.0.2 reads log file that contains password failure report
and bans the corresponding IP addresses using firewall rules.
.SH OPTIONS
.TP
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/fail2ban-1.0.1/man/fail2ban-testcases.1
new/fail2ban-1.0.2/man/fail2ban-testcases.1
--- old/fail2ban-1.0.1/man/fail2ban-testcases.1 2022-09-27 18:27:51.000000000
+0200
+++ new/fail2ban-1.0.2/man/fail2ban-testcases.1 2022-11-09 16:46:15.000000000
+0100
@@ -1,5 +1,5 @@
.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.48.1.
-.TH FAIL2BAN-TESTCASES "1" "September 2022" "fail2ban-testcases 1.0.1" "User
Commands"
+.TH FAIL2BAN-TESTCASES "1" "November 2022" "fail2ban-testcases 1.0.2" "User
Commands"
.SH NAME
fail2ban-testcases \- run Fail2Ban unit-tests
.SH SYNOPSIS
