This is a limited proof of concept to search for research data, not a production system.

Search the MIT Libraries

Title: fail2ban: better, faster, stronger

Type Software Daniel Black, Yaroslav Halchenko, Cyril Jaquier, Steven Hiscocks, Serg G. Brester, Lee Clemens, Ivo Truxa, buanzo, James Stout, Mark McKinstry, Cameron Norman, enrico, alasdairdc, ArndRa, hamilton5, bes-internal, Viktor Szépe, JoelSnyder, leftyfb, hlein, Orion Poplawski, pacop, Tom Hendrikx, Morgan Soulard, aseques, Florian Pelgrim, Andy Fragen, Michael Gebetsroither, Jason Martin, Erwan Ben Souiden (2014): fail2ban: better, faster, stronger. Zenodo. Software. https://zenodo.org/record/12426

Authors: Daniel Black ; Yaroslav Halchenko (Dartmouth College) ; Cyril Jaquier ; Steven Hiscocks ; Serg G. Brester ; Lee Clemens ; Ivo Truxa (truXoft) ; buanzo ; James Stout (Independent) ; Mark McKinstry ; Cameron Norman ; enrico ; alasdairdc ; ArndRa ; hamilton5 ; bes-internal ; Viktor Szépe ; JoelSnyder ; leftyfb ; hlein ; Orion Poplawski (NWRA) ; pacop ; Tom Hendrikx ; Morgan Soulard ; aseques ; Florian Pelgrim (craneworks) ; Andy Fragen ; Michael Gebetsroither ; Jason Martin ; Erwan Ben Souiden ;

Links

Summary

ver. 0.9.1 (2014/10/29) - better, faster, stronger

Refactoring (IMPORTANT -- Please review your setup and configuration):

iptables-common.conf replaced iptables-blocktype.conf (iptables-blocktype.local should still be read) and now also provides defaults for the chain, port, protocol and name tags

Fixes:

start of file2ban aborted (on slow hosts, systemd considers the server has been timed out and kills him), see gh-824 UTF-8 fixes in pure-ftp thanks to Johannes Weberhofer. Closes gh-806. systemd backend error on bad utf-8 in python3 badips.py action error when logging HTTP error raised with badips request fail2ban-regex failed to work in python3 due to space/tab mix recidive regex samples incorrect log level journalmatch for recidive incorrect PRIORITY loglevel couldn't be changed in fail2ban.conf Handle case when no sqlite library is available for persistent database Only reban once per IP from database on fail2ban restart Nginx filter to support missing server_name. Closes gh-676 fail2ban-regex assertion error caused by miscount missed lines with multiline regex Fix actions failing to execute for Python 3.4.0. Workaround for http://bugs.python.org/issue21207 Database now returns persistent bans on restart (bantime < 0) Recursive action tags now fully processed. Fixes issue with bsd-ipfw action Fixed TypeError with "ipfailures" and "ipjailfailures" action tags. Thanks Serg G. Brester Correct times for non-timezone date times formats during DST Pass a copy of, not original, aInfo into actions to avoid side-effects Per-distribution paths to the exim's main log Ignored IPs are no longer banned when being restored from persistent database Manually unbanned IPs are now removed from persistent database, such they wont be banned again when Fail2Ban is restarted Pass "bantime" parameter to the actions in default jail's action definition(s) filters.d/sieve.conf - fixed typo in _daemon. Thanks Jisoo Park cyrus-imap -- also catch also failed logins via secured (imaps/pop3s). Regression was introduced while strengthening failregex in 0.8.11 (bd175f) Debian bug #755173 postfix-sasl - added journalmatch. Thanks Luc Maisonobe postfix* - match with a new daemon string (postfix/submission/smtpd). Closes gh-804 . Thanks Paul Traina apache - added filter for AH01630 client denied by server configuration.

New features:

New filters: monit Thanks Jason H Martin directadmin Thanks niorg apache-shellshock Thanks Eugene Hopkinson (SlowRiot) New actions: symbiosis-blacklist-allports for Bytemark symbiosis firewall fail2ban-client can fetch the running server version Added Cloudflare API action

Enhancements

Start performance of fail2ban-client (and tests) increased, start time and cpu usage rapidly reduced. Introduced a shared storage logic, to bypass reading lots of config files (see gh-824). Thanks to Joost Molenaar for good catch (reported gh-820). Fail2ban-regex - add print-all-matched option. Closes gh-652 Suppress fail2ban-client warnings for non-critical config options Match non "Bye Bye" disconnect messages for sshd locked account regex courier-smtp filter: match lines with user names match lines containing "535 Authentication failed" attempts Add tag to iptables-ipsets Realign fail2ban log output with white space to improve readability. Does not affect SYSLOG output Log unhandled exceptions cyrus-imap: catch "user not found" attempts Add support for Portsentry

More information

  • DOI: 10.5281/zenodo.12426

Dates

  • Publication date: 2014
  • Issued: October 28, 2014

Rights

  • info:eu-repo/semantics/openAccess Open Access

Much of the data past this point we don't have good examples of yet. Please share in #rdi slack if you have good examples for anything that appears below. Thanks!

Format

electronic resource

Relateditems

DescriptionItem typeRelationshipUri
IsSupplementTohttps://github.com/fail2ban/fail2ban/tree/0.9.1
IsPartOfhttps://zenodo.org/communities/zenodo