DENYHOSTS CHANGELOG

1.1.1
=====

- Daemon mode now closed standard file descriptors and detaches from tty based on
  patch from James Abbatiello.

- lock file is now created with 0644 permissions based on patch from James 
  Abbatiello.

- added optional SMTP_USERNAME and SMTP_PASSWORD parameters and support for authenticating
  SMTP connections (when these parameters are defined).

- fixed bug when checking for required configuration parameters.


1.1.0
=====

- configuration parameter DENY_THRESHOLD has been renamed DENY_THRESHOLD_INVALID
  
- added configuration parameters AGE_RESET_ROOT, AGE_RESET_INVALID and AGE_RESET_VALID

- added the ability to automatically reset host login attempts after a given 
  time period (age_reset) has elapsed.  See the FAQ entry:
  http://denyhosts.sourceforge.net/faq.html#age_reset

- most WORK_DIR data files will be automatically migrated to the new
  data format to support the above functionality.  A timestamp field
  has been appended to each line, such that the new format is:
  key:# of attempts:timestamp

- added chkconfig compatibility to the daemon-control-dist script.  Thanks to
  Simon Amor for the contribution.

- added optional configuration parameters PLUGIN_DENY and PLUGIN_PURGE  

- added plugin support.  See the FAQ entry:
  http://denyhosts.sourceforge.net/faq.html#plugin  


1.0.3
=====

- hostnames can now be specified in allowed-hosts file based 
  on a contribution from Mathias Wagner.

- hostnames specified in allowed-hosts are looked 
  up to determine ip addresses

- added optional pref: ALLOWED_HOSTS_HOSTNAME_LOOKUP

- if ALLOWED_HOSTS_HOSTNAME_LOOKUP is true, then each
  ip address in allowed-hosts is looked up to determine
  it's hostname

1.0.2
=====

- fixed issue where multiple instances of the same host were added
  to /etc/hosts.deny (due to exceeding multiple DENY_THRESHOLD* settings
  simultaneously).

- bz2 support is disabled if "import bz2" fails

- displays more useful error message if Python version
  is incompatible with DenyHosts.

- changed format of timestamp in email messages sent by DenyHosts
  based on patch submitted by Rick Holbert 
  (now uses %z instead of %Z)


1.0.1
=====

- fixed bug relating to empty hosts-root file

- added optional configuration parameter: DAEMON_LOG_TIME_FORMAT
  for specifying the timestamp in the DAEMON_LOG file

- now uses SIGTERM to stop daemon (rather than SIHGUP) based on
  the suggestion of Xavier Le Vourch

- daemon-control-dist has been updated to send SIGTERM on stop()

1.0.0
=====

- added new configuration option, DENY_THRESHOLD_VALID 

- added new configuration option, DENY_THRESHOLD_ROOT 

- added "hosts-valid" output file (relative to WORK_DIR)

- added "hosts-root" output file (relative to WORK_DIR)

- modified loginattempt.py to handle valid/invalid login hosts
  independently.

- added 'condrestart' option to daemon-control-dist as per patch from Jason L Tibbitts III

- fixed double usage() method from being displayed by daemon-control-dist

0.9.9
=====

- if upgrading DenyHosts to this version and PURGE_DENY is set then you must invoke with
  the --upgrade099 flag before using. eg.  $ denyhosts.py --upgrade099
  For further details, refer to:
  http://denyhosts.sourceforge.net/faq.html#upgrade099    

- fixed bug: missing "import socket" in report.py

- fixed bug: invalid comment format in /etc/hosts.deny for timestamping entries

- /etc/hosts.deny entries are timestamped immediately before the entry now (rather than inline, in 
  earlier versions).  The timestamped lines also contain the entry data for verification.  If 
  DenyHosts determines that a purge is necessary than the verification info is compared to 
  the actual entry line (ie. the next line).  If the two entries match, the lines are purged.  
  Otherwise a warning is output.  The verification algorithm was based on a suggestion from Jim 
  Cheetham.

- sshd related regex patterns can now be configured within the DenyHosts configuration file in the event
  that the default (eg. DenyHosts/regex.py) patterns do not successfully parse the end user's tcp_wrappers, 
  operating system and/or logging implementation.  For details refer to:  
  http://denyhosts.sourceforge.net/faq.html#custom_regex

0.9.8
=====

- fixed purge bug in daemon mode (using the wrong purge value to determine which records should be 
purged.)  

0.9.7
=====

- fixed bug wrt handling of rotated files.  DenyHosts now compares the inodes to determine if a file 
  was rotated.  If detected, the previous file is closed and the new file opened. 

- restructred daemon code block (added additional methods)

0.9.6
=====

- Command line that invoked --daemon is now recorded in the output log (useful for debugging)

- The daemon-control-dist script now optionally accepts command line args to be passed to the start and restart
  functions.  eg.  daemon-control start --config=test.cfg --debug
  

0.9.5
=====

- If no denied hosts or suspicious logins are found, then there is no output in normal mode (only in debug mode).  
This limits the amount of data added to the log when in --daemon mode.  See:
http://sourceforge.net/tracker/index.php?func=detail&aid=1243689&group_id=131204&atid=720422

0.9.4
=====

- Fixed duplicate email report bug in --daemon mode.

0.9.3
=====

- Fixed --daemon mode bug which occurred during purging entries

- Added more useful exception reporting for daemon mode


0.9.2
=====

- Daemon configuration params DAEMON_SLEEP and DAEMON_PURGE can now be given in the same format accepted by 
PURGE_DENY (eg. 1d, 5h, 1y, etc...).  If no unit qualifier (eg. s, m, d, h, w, y) is given then 's' (seconds) is 
assumed.


0.9.1
=====

- Running in daemon mode now dumps preferences to log file

- Added AbusiveHosts class

- Added additional parameter to Purge constructor

- Purged entries from HOSTS_DENY are also removed from WORK_DIR/hosts
  SF bug: http://sourceforge.net/tracker/index.php?func=detail&aid=1243093&group_id=131204&atid=720419

0.9.0
=====

- Added daemon mode 

- Added several optional parameters to the configuration file for daemon mode use

0.8.2
=====

- Maintenance release

- Moved most classes to new modules

- Now uses the python logging package for some output

0.8.1
=====

- Revised LockFile class to do perform exclusive locking -- deprecated the --unlock flag since it is no longer 
necessary

0.8.0
=====

- Added LOCK_FILE configuration parameter and support such that only one instance of DenyHosts can be running at any 
given time

- Added PURGE_DENY configuration parameter and support for purging entries from the HOSTS_DENY file that have
exceeded the PURGE_DENY value

-- Added the ability to migrate HOSTS_DENY file such that all entries are suitable for purging.

-- Added --purge, --migrate and --unlock command line arguments


0.7.3
=====

- Prefs change (reqd fields can be blank)


0.7.2
=====

- Added support for using an alternate deny file with FreeBSD based on feed back from Alesha Oparin

0.7.1
=====

- fixed blank BLOCK_SERVICE bug

0.7.0
=====

- Added support for the metalog logger based on a patch contributed by Mike Kelly.

- Added support for FreeBSD based on input from Francesca Smith

- Added support for catching hostname entries (in addition to IP addresses) based on a patch from Christian Smyth

- Added support for using an alternative hosts deny file where only the offending ip address is listed.  This feature
is based on a patch contributed by John Meinel Jr.

- Added support for processing gzip'ed logfiles based on feature request by Brian McGraw.

0.6.0
=====

- Modified email message date/time format to be RFC-2822 compliant.  Incorporated patch contributed by Rick 
Holbert.

- Added reverse dns lookups and the HOSTNAME_LOOKUP for enabling/disabling them.  Incorporated feature 
request of Ron Joffe.

- Added additional config option (SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS) for reporting (or not) 
suspicious login activity.  This feature is based on feedback from Ron Joffe.  

- Updated regex for matching non-existent user break-ins.  Previously, "invalid" was matched against.  
Now, both "invalid" and "illegal" should match.  This fix is based on email from Scott Hunziker.

