FEDORA-2018-e45c0e6856 created by orion 4 years ago for Fedora 28

Update to


  • fixed JSON serialization for the set-object within dump into database (gh-2103).
  • filter.d/asterisk.conf: fixed failregex prefix by log over remote syslog server (gh-2060);
  • filter.d/exim.conf: failregex extended - SMTP call dropped: too many syntax or protocol errors (gh-2048);
  • filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069;
  • filter.d/sendmail-auth.conf, filter.d/sendmail-reject.conf :
  • fixed failregex, sendmail uses prefix 'IPv6:' logging of IPv6 addresses (gh-2064);
  • filter.d/sshd.conf:
  • failregex got an optional space in order to match new log-format (see gh-2061);
  • fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062);
  • fixed root login refused regex (optional port before preauth, gh-2080);
  • avoid banning of legitimate users when pam_unix used in combination with other password method, so bypass pam_unix failures if accepted available for this user gh-2070;
  • amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly);
  • mode ddos (and aggressive) extended to catch Connection closed by ... [preauth], so in DDOS mode it counts failure on closing connection within preauth-stage (gh-2085);
  • action.d/abuseipdb.conf: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101);
  • action.d/ implicit convert IPAddr to str, solves an issue "expected string, IPAddr found" (gh-2059);
  • action.d/hostsdeny.conf: fixed IPv6 syntax (enclosed in square brackets, gh-2066);
  • (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054);

New Features

  • several stability and performance optimizations, more effective filter parsing, etc;
  • stable runnable within python versions 3.6 (as well as within 3.7-dev);


  • filter.d/apache-auth.conf: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097);
  • filter.d/apache-noscript.conf: extend failregex to match "Primary script unknown", e. g. from php-fpm (gh-2073);
  • date-detector extended with long epoch (LEPOCH) to parse milliseconds/microseconds posix-dates (gh-2029);
  • possibility to specify own regex-pattern to match epoch date-time, e. g. ^\[{EPOCH}\] or ^\[{LEPOCH}\] (gh-2038); the epoch-pattern similar to {DATE} patterns does the capture and cuts out the match of whole pattern from the log-line, e. g. date-pattern ^\[{LEPOCH}\]\s+: will match and cut out [1516469849551000] : from begin of the log-line.
  • now uses https instead of plain http when requesting (gh-2057);
  • add support for "any" bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056);
  • Introduced new parameter padding for logging within fail2ban-server (default on, excepting SYSLOG): Usage logtarget = target[padding=on|off]

Remove ipset.service from PartOf in service file (bug #1573185)

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2018-e45c0e6856

This update has been submitted for testing by orion.

4 years ago

This update has been pushed to testing.

4 years ago
User Icon filiperosset commented & provided feedback 4 years ago

no regressions noted

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for batched by orion.

4 years ago

This update has been submitted for stable by bodhi.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
4 years ago
in testing
4 years ago
in stable
4 years ago
BZ#1536235 fail2ban- is available
BZ#1573185 Fail2ban prevents restarting firewalld (again, this time conflicting on ipset.service)

Automated Test Results