Fail2ban: 0.10.3.1 – the-time-is-always-right-to-do-what-is-right

Fail2ban 0.10.3.1 – Fixes

• filter.d/asterisk.conf`: fixed failregex prefix by log over remote syslog server (gh-2060);
• filter.d/exim.conf`: failregex extended – SMTP call dropped: too many syntax or protocol errors (gh-2048);
• filter.d/recidive.conf`: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069;
• filter.d/sendmail-auth.conf`, `filter.d/sendmail-reject.conf` :
  – fixed failregex, sendmail uses prefix ‘IPv6:’ logging of IPv6 addresses (gh-2064);
• filter.d/sshd.conf`:
  – failregex got an optional space in order to match new log-format (see gh-2061);
  – fixed ddos-mode regex to match refactored message (some versions can contain port now, see gh-2062);
  – fixed root login refused regex (optional port before preauth, gh-2080);
  – avoid banning of legitimate users when pam_unix used in combination with other password method, so bypass pam_unix failures if accepted available for this user gh-2070;
  – amend to gh-1263 with better handling of multiple attempts (failures for different user-names recognized immediatelly);
  – mode `ddos` (and `aggressive`) extended to catch `Connection closed by … [preauth]`, so in DDOS mode it counts failure on closing connection within preauth-stage (gh-2085);*
• action.d/abuseipdb.conf`: fixed curl cypher errors and comment quote-issue (gh-2044, gh-2101);
• action.d/badips.py`: implicit convert IPAddr to str, solves an issue “expected string, IPAddr found” (gh-2059);
• action.d/hostsdeny.conf`: fixed IPv6 syntax (enclosed in square brackets, gh-2066);
• (Free)BSD ipfw actionban fixed to allow same rule added several times (gh-2054);

New Features

• several stability and performance optimizations, more effective filter parsing, etc;
• stable runnable within python versions 3.6 (as well as within 3.7-dev);

Enhancements

• filter.d/apache-auth.conf`: detection of Apache SNI errors resp. misredirect attempts (gh-2017, gh-2097);
• filter.d/apache-noscript.conf`: extend failregex to match “Primary script unknown”, e. g. from php-fpm (gh-2073);
• date-detector extended with long epoch (`LEPOCH`) to parse milliseconds/microseconds posix-dates (gh-2029);
• possibility to specify own regex-pattern to match epoch date-time, e. g. `^\[{EPOCH}\]` or `^\[{LEPOCH}\]` (gh-2038); the epoch-pattern similar to `{DATE}` patterns does the capture and cuts out the match of whole pattern from the log-line, e. g. date-pattern `^\[{LEPOCH}\]\s+:` will match and cut out `[1516469849551000] :` from begin of the log-line.
• badips.py now uses https instead of plain http when requesting badips.com (gh-2057);
• add support for “any” badips.py bancategory, to be able to retrieve IPs from all categories with a desired score (gh-2056);
• Introduced new parameter `padding` for logging within fail2ban-server (default on, excepting SYSLOG):
• Usage `logtarget = target[padding=on|off]`