forked from denyhosts/denyhosts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGELOG.txt
720 lines (472 loc) · 23.4 KB
/
CHANGELOG.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
DENYHOSTS CHANGELOG
3.1
======================
Fixed a type check in DenyHosts/report.py which was causing
problems when moving between Python2 and Python3.
Added checks to see if an IP address is valid. This
pulls in the requirement for the ipaddr Python module.
Added check to see if there is a break-in attempt against
the Dovecot imap service. This is an option which can be
enabled/disabled in the configuration file. It is turned off
by default.
3.0
======================
Initial translation of code from Python 2 to Python 3.
DenyHosts can now be run as either a Python 2 or a Python 3
program.
Added patch from Fedora to fix initial sync issue and
insure info logging stream is active.
(Provided by Jason Tibbitts.)
Added "import logging" to denyhosts.py to avoid errors
when setting up logging. (See above change.)
Added option PF_TABLE_FILE to the configuration file.
When this option is enabled it causes DenyHosts to write
blocked IP addresses to a text file. The default location
is /etc/blacklist. This text file should correspond to a
PF firewall table.
At start-up, try to create the file specified by
HOSTS_DENY. That way we avoid errors later if the
file does not exists. Can be a problem on operating systems
where /etc/hosts.deny does not exist in the default
configuration.
Added regex pattern to detect invalid user accounts. This blocks
connections from remote hosts who are attempting to login
with accounts not found on the local system.
While these connections to non-existent accounts are relatively harmless,
they are usually used as part of a brute force attack and filtering them
before they reach OpenSSH is a good idea.
2.10
======================
- Updated example rule for PF in configuration file
to make black listing attacking IPs more effective.
- Added debugging info in case we cannot create a new
PF table entry.
- Fixed syntax for comparing suspecious logins. Avoids
always testing true/false depending on Python version.
- No longer require ETC_DIR in the configuration file.
Use a default value "/etc" if ETC_DIR is not manually
specified.
- Make sure DenyHosts logs when running in foreground mode.
When in foreground, warnings are logged to a file rather
than outputted to terminal. Keeps things clean.
- Add --unlock command line arguement to remove old
lock files.
- Updated README, version and Makefile with new
version/maintainer information.
- Added check for PAM failures on FreeBSD. This should block both
failed user logins that are reported by PAM and also block
repteated attempts at accessing the root account when root
logins are disabled by OpenSSH. The latter does not really add
more practical protection, but can prevent the connection \
attempts at the firewall level before the OpenSSH service
is contacted.
- Add systemd unit file, denyhosts.service
2.9 (November 3, 2014)
======================
- DenyHost now supports working with the PF
packet filter, a popular firewall for FreeBSD,
OpenBSD, TrueOS, PC-BSD and NetBSD.
To enable PF support in DenyHost, comment
out the IPTABLES option in the denyhosts.conf file
and enable the PFCTL_PATH and PF_TABLE options.
DenyHost will add misbehaving IP addresses to the
PF table specified by "PF_TABLE". This table
should be blocked using the pf.conf file. Please
see the denyhosts.conf file for more information
and example PF rules for blocking incoming traffic.
Please note that even if /etc/hosts.deny is not used
to block incoming connectins, the file should still exists
or DenyHosts may throw an error. (This should be fixed
in the next release.)
2.8 (June 12, 2014)
===================
- Use standard errno instead of hardcoded errno value.
Patch provided by Pino Toscano.
- Make sure PLUGIN_DENY is called for each host we receive from
the sync server.
Patch provided by Sean M. Collins.
- Made sure only new hosts in hosts.deny are reported as new, not
all hosts. This prevents the PLUGIN_DENY plugin from getting
old entries repeatedly.
Patch provided by Chris Erdle.
- We now check user defined regular expression filters, even
if we already found a match with an existing filter. This
allows the user to filter more services without using
a plugin.
Patch provided by Ben.
- Added --purge-all command line flag to allow us to remove all
old entries from the deny file without waiting.
Patch provided by 9MediaCenterGUI on SourceForge.
- Updated copyright information and some documentation.
- Added manual page from Debian and fixed typo. Added
additional command line options to man page.
- Added --purgeip option to allow us to remove specific
IP addresses from the blocked list at start time.
Patch provided by Nelson Howell.
Should close Debian bug 529089.
- Updated FAILED_ENTRY_REGEX7 to be more flexible.
- Added ability to use Linux iptables to block incoming
connections. See IPTABLES option in the configuration file.
- Made it possible to block specific ports, allowing remote
hosts to conenct to some services while being blocked on
others by the iptables firewall.
See the BLOCKPORT option in the configuration file.
2.7 (May 18, 2014)
==================
- Forked code from DenyHosts (denyhosts.sf.net)
New project now maintained at denyhost.sf.net
- Added private moduls patch from Marco Bertorello. Loads
modules from /usr/share/denyhosts
- Place config, lock and executable file in more
standard locations. Patch provided by Marco Bertorello.
- Fixed configuration (denyhosts.cfg-dist) to better support
Debian and Ubuntu. Patch supplied by Marco Nenciarini.
- Added warning to migrate switch. Patch provided by
Marco Bertorello.
- Avoid installing unwanted files (extra scripts and changelog).
Patch provided by Marco Nenciarini.
- Fix bug which would not recognize an attack on the root
user account. Patch provided by Kyle Willmon.
- Fix pattern matching bug (CVE-2007-4323).
Patch provided by Nico Golde.
- Added foreground mode for debugging.
Patch supplied by Marco Bertorello.
- Applied patch to fix plugin execution.
Patched provided by Marco Bertorello.
- Added patch to prevent DenyHosts from running with
a double --config switch.
Patch provided by Maro Bertorello.
- Convert path of "env" from /bin/env to /usr/bin/env
Patch provided by Kyle Willmon.
- Added patch to perform missing bounds check in Purge action.
Provided by Kyle Willmon.
- Added patch to include SYNC_PROXY_SERVER configuration option.
Provided by Kyle Willmon.
- Change HOSTNAME_LOOKUP to default to "NO". Will save time.
Also brings us into closer alignment with FreeBSD patches.
- Added /usr/sbin/nologin to restricted_from_passwd script.
Requirement from FreeBSD patch set.
- Added variable "ETC_DIR" which dictates the location of
configuration files. This should usually be set to
/etc or /usr/local/etc
- The restricted-usernames file is now loaded from the "ETC_DIR"
directory, rather than from "WORK_DIR" to avoid this
human-made configuration file from being over-writeen.
Closes Ubuntu bug #675034
- Confirm setting timestamp over-writes old tiemstamp file.
Closes Ubuntu bug #564476
- Applied advanced pattern check for authentication file which
takes into account alternative port numbers. Patch provided by
Helmut Grohne.
- Updated license and readme files.
- Updated help output from DenyHost script to include --config tip.
2.6 (Dec 7, 2006)
==================
- security fix: malicious users can cause a DoS of ssh.
for more info: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6301
- fixed bug in regex.py: 2 failed entry regexes weren't included properly in the hash
- fixed bug in denyhosts.py: attribute error: self.__sync_download
2.5 (June 21, 2006)
====================
- ADMIN_EMAIL pref can now contain multiple email addresses delimited by a comma (white space
- fixed bug in denyfileutil: 'timestamp' is now initialized properly
- daemon-control-dist: modified to work w/ non-default python versions. You must change
the PYTHON_BIN and #!/bin/env/python references if appropriate.
- added a debug message when loading allowed-hosts fails.
- fixed bug when reporting suspicious login activity.
2.4b (April 9, 2006)
===================
- fixed missing "self." in loginattempt.py
2.4 (April 9, 2006)
===================
- added: PURGE_THRESHOLD setting (defaults to 0, or "none")
defines the maximum times a host will be purged. Once this amount
has been exceeded then this host will not be purged.
- added: SYSLOG_REPORT option which, if enabled, will send the
denied hosts report to syslog (in addition to -or- instead of
email, depending on your other settings). Based on patch
submission by Michael Still.
- fix: restricted usernames were being added to wrong file
2.3 (April 4, 2006)
===================
- fix: denied hosts weren't being re-added after purge unless daemon was restarted
after the purge. Thanks to Steven Finnegan for recognizing the problem.
- fix: daemon-control-dist should now behave correctly on FreeBSD systems
2.2 (March 13, 2006)
====================
- added environment variable substitution of preference values. Each value
that contains $[SOME_NAME] will have $[SOME_NAME] substituted with the
value of the environment variable SOME_NAME. eg.
SMTP_SUBJECT = DenyHosts Report - $[HOSTNAME]
will result in the following expansion:
SMTP_SUBJECT = DenyHosts Report - foo
on a host that is named "foo"
- added configuaration option SMTP_DATE_FORMAT which allows you to override
the DenyHosts "Date:" field when sending reports via email
- fixed bug in prefs.py: AGE_RESET_RESTRICTED was not being converted to seconds
- fixed bug in util.py: exceptions raised by smtp.quit() are now handled
- fixed bug in denyhosts.py: missing import of "sync" line
2.1 (February 9, 2006)
=======================
- added command line flag --sync which runs DenyHosts (command line/cron version) in
synchronization mode.
- added SYNC_DOWNLOAD_RESILIENCY setting to limit download synchronization data to
attacks that have lasted longer than this value. That is, if the centralized
denyhosts.net server records an attack at 2 PM and then again at 5 PM,
specifying a SYNC_DOWNLOAD_RESILIENCY = 4h will not download this ip address.
However, if the attacker is recorded again at 6:15 PM then the ip address
will be downloaded by your DenyHosts instance. This value is used in
conjunction with the SYNC_DOWNLOAD_THRESHOLD and only hosts that
satisfy both values will be downloaded. This value has no effect if
SYNC_DOWNLOAD_THRESHOLD = 1 and refers to the timespan between the
attackers first known attack and their most recent attack.
Refer to http://www.denyhosts.net/faq.html#sync_download_resiliency
- added RESET_ON_SUCCESS option which, when set to "yes" will automatically reset
the counter for the connecting ip address to 0 if the login was successful. The
default is "no". This may be helpful in the event that a user occassionally mistypes
their password. See also the AGE_RESET_* options.
Refer to http://www.denyhosts.net/faq.html#reset_on_success
- bug fix: if synchronization mode is disabled (default) then denied hosts will not be
added to the SYNC_HOSTS staging file.
- modified daemon-control-dist to use the 'ps' command (in the event
that the /proc directory does not exist) to determine whether
the DenyHosts process is still running.
- modified daemon-control-dist to infer 'start' and 'stop' from
symbolically linked programs in the event that the script
is launched w/o arguments. The linked filenames must begin
with either an "S" (start) or a "K" (kill).
- added "restricted" user concept and functionality such that usernames defined
as restricted (such as "mysql", "lpd", etc...) which are not intended for
login purposes will be denied after DENY_THRESHOLD_RESTRICTED failed attempts.
This option is based on ideas & suggestions from Ken Key and Dave Ingram.
Refer to http://www.denyhosts.net/faq.html#restricted
- added DENY_THRESHOLD_RESTRICTED (for users such as apache, mysql, etc...). Defaults
to DENY_THRESHOLD_ROOT setting.
- added AGE_RESET_RESTRICTED parameter
- added scripts/restricted_from_passwd.py which is suitable for generating a list
of restricted users based on /etc/passwd's login shells (such as /sbin/nologin).
- added scripts/restricted_from_invalid.py which is suitable for generating a list
of restricted users based on WORK_DIR/users-invalid contents.
- if synchronization fails, a stacktrace will be printed to the log file (or console)
which may be useful for isolating the problem.
2.0 (February 5, 2006)
=======================
- DenyHosts has a new address: http://www.denyhosts.net
- Added synchronization mode capability which allows all DenyHosts daemons the
ability to seemlessly share denied host data.
See this faq entry for more information:
http://www.denyhosts.net/faq.html#sync
- Added the configuration option USERDEF_FAILED_ENTRY_REGEX which allows the DenyHost
user the ability to add custom regular expressions in order to block potential hackers.
See this faq entry for more information:
http://www.denyhosts.net/faq.html#userdef_regex
- FAILED_ENTRY_REGEX5 now handles more login failures such as AllowGroups and AllowUsers.
previously applied only to AllowGroups.
- Added FAILED_ENTRY_REGEX6 to handle "Did not receive identification string from ..."
messages.
- Fixed issue when a purged host was re-added.
http://sourceforge.net/tracker/index.php?func=detail&aid=1345437&group_id=131204&atid=720419
- fixed file permissions issue when creating some temp files
- Log format message can be customized using the new DAEMON_LOG_MESSAGE_FORMAT in addition to
the existing DAEMON_LOG_TIME_FORMAT option.
- added 1 second sleep between stop & start in daemon-control-dist for "restart" command.
- Added ShoreWall plugins (thanks to Stéphane LeDauphin for the contribution).
- Fixed licensing ambiguity (DenyHosts is GPL v2).
- Removed test.py~ from plugins.
1.1.4 (January 9, 2006)
=======================
- Added AllowedGroups patch from Marlon Paulse. DenyHosts will now:
"detect login attempts to user accounts that are not members of
groups listed as 'AllowedGroups' in the sshd configuration file."
- Updated denyhosts.cfg-sample such that WORK_DIR parameter points to an
absolute pathname rather than a relative one.
- Fixed email bug: failure to connect to smtp server is now handled properly.
- Fixed plugin bug: PLUGIN_DENY is now only invoked when new hosts are denied.
1.1.3
=====
- Bug fix: duplicate entries were being added to allowed-warned-hosts file as well as
sending out duplicate email messages.
- If the prefs parameter DENY_THRESHOLD_INVALID isn't found but the deprecated DENY_THRESHOLD is
found then the user is alerted of this. Additionally, the latter value will be used for
the missing DENY_THRESHOLD_INVALID parameter such that DenyHosts will continue to run
without intervention.
1.1.2
=====
- Fixed offset issue when running in daemon mode, the first pass of data discovered was
processed twice.
- All values that are converted to seconds in the prefs.py module when the denyhosts.cfg
file is processed. Previously, these values were inefficiently converted each time
that they were used.
- Migrated some internal prefs.py data structures to sets rather than tuples for performance
benefit.
- Better handling of illegal values in denyhosts.cfg.
- Fixed a bug in non-daemon mode when --purge flag was used.
1.1.1
=====
- Daemon mode now closed standard file descriptors and detaches from tty based on
patch from James Abbatiello.
- lock file is now created with 0644 permissions based on patch from James
Abbatiello.
- added optional SMTP_USERNAME and SMTP_PASSWORD parameters and support for authenticating
SMTP connections (when these parameters are defined).
- fixed bug when checking for required configuration parameters.
1.1.0
=====
- configuration parameter DENY_THRESHOLD has been renamed DENY_THRESHOLD_INVALID
- added configuration parameters AGE_RESET_ROOT, AGE_RESET_INVALID and AGE_RESET_VALID
- added the ability to automatically reset host login attempts after a given
time period (age_reset) has elapsed. See the FAQ entry:
http://denyhosts.sourceforge.net/faq.html#age_reset
- most WORK_DIR data files will be automatically migrated to the new
data format to support the above functionality. A timestamp field
has been appended to each line, such that the new format is:
key:# of attempts:timestamp
- added chkconfig compatibility to the daemon-control-dist script. Thanks to
Simon Amor for the contribution.
- added optional configuration parameters PLUGIN_DENY and PLUGIN_PURGE
- added plugin support. See the FAQ entry:
http://denyhosts.sourceforge.net/faq.html#plugin
1.0.3
=====
- hostnames can now be specified in allowed-hosts file based
on a contribution from Mathias Wagner.
- hostnames specified in allowed-hosts are looked
up to determine ip addresses
- added optional pref: ALLOWED_HOSTS_HOSTNAME_LOOKUP
- if ALLOWED_HOSTS_HOSTNAME_LOOKUP is true, then each
ip address in allowed-hosts is looked up to determine
it's hostname
1.0.2
=====
- fixed issue where multiple instances of the same host were added
to /etc/hosts.deny (due to exceeding multiple DENY_THRESHOLD* settings
simultaneously).
- bz2 support is disabled if "import bz2" fails
- displays more useful error message if Python version
is incompatible with DenyHosts.
- changed format of timestamp in email messages sent by DenyHosts
based on patch submitted by Rick Holbert
(now uses %z instead of %Z)
1.0.1
=====
- fixed bug relating to empty hosts-root file
- added optional configuration parameter: DAEMON_LOG_TIME_FORMAT
for specifying the timestamp in the DAEMON_LOG file
- now uses SIGTERM to stop daemon (rather than SIHGUP) based on
the suggestion of Xavier Le Vourch
- daemon-control-dist has been updated to send SIGTERM on stop()
1.0.0
=====
- added new configuration option, DENY_THRESHOLD_VALID
- added new configuration option, DENY_THRESHOLD_ROOT
- added "hosts-valid" output file (relative to WORK_DIR)
- added "hosts-root" output file (relative to WORK_DIR)
- modified loginattempt.py to handle valid/invalid login hosts
independently.
- added 'condrestart' option to daemon-control-dist as per patch from Jason L Tibbitts III
- fixed double usage() method from being displayed by daemon-control-dist
0.9.9
=====
- if upgrading DenyHosts to this version and PURGE_DENY is set then you must invoke with
the --upgrade099 flag before using. eg. $ denyhosts.py --upgrade099
For further details, refer to:
http://denyhosts.sourceforge.net/faq.html#upgrade099
- fixed bug: missing "import socket" in report.py
- fixed bug: invalid comment format in /etc/hosts.deny for timestamping entries
- /etc/hosts.deny entries are timestamped immediately before the entry now (rather than inline, in
earlier versions). The timestamped lines also contain the entry data for verification. If
DenyHosts determines that a purge is necessary than the verification info is compared to
the actual entry line (ie. the next line). If the two entries match, the lines are purged.
Otherwise a warning is output. The verification algorithm was based on a suggestion from Jim
Cheetham.
- sshd related regex patterns can now be configured within the DenyHosts configuration file in the event
that the default (eg. DenyHosts/regex.py) patterns do not successfully parse the end user's tcp_wrappers,
operating system and/or logging implementation. For details refer to:
http://denyhosts.sourceforge.net/faq.html#custom_regex
0.9.8
=====
- fixed purge bug in daemon mode (using the wrong purge value to determine which records should be
purged.)
0.9.7
=====
- fixed bug wrt handling of rotated files. DenyHosts now compares the inodes to determine if a file
was rotated. If detected, the previous file is closed and the new file opened.
- restructred daemon code block (added additional methods)
0.9.6
=====
- Command line that invoked --daemon is now recorded in the output log (useful for debugging)
- The daemon-control-dist script now optionally accepts command line args to be passed to the start and restart
functions. eg. daemon-control start --config=test.cfg --debug
0.9.5
=====
- If no denied hosts or suspicious logins are found, then there is no output in normal mode (only in debug mode).
This limits the amount of data added to the log when in --daemon mode. See:
http://sourceforge.net/tracker/index.php?func=detail&aid=1243689&group_id=131204&atid=720422
0.9.4
=====
- Fixed duplicate email report bug in --daemon mode.
0.9.3
=====
- Fixed --daemon mode bug which occurred during purging entries
- Added more useful exception reporting for daemon mode
0.9.2
=====
- Daemon configuration params DAEMON_SLEEP and DAEMON_PURGE can now be given in the same format accepted by
PURGE_DENY (eg. 1d, 5h, 1y, etc...). If no unit qualifier (eg. s, m, d, h, w, y) is given then 's' (seconds) is
assumed.
0.9.1
=====
- Running in daemon mode now dumps preferences to log file
- Added AbusiveHosts class
- Added additional parameter to Purge constructor
- Purged entries from HOSTS_DENY are also removed from WORK_DIR/hosts
SF bug: http://sourceforge.net/tracker/index.php?func=detail&aid=1243093&group_id=131204&atid=720419
0.9.0
=====
- Added daemon mode
- Added several optional parameters to the configuration file for daemon mode use
0.8.2
=====
- Maintenance release
- Moved most classes to new modules
- Now uses the python logging package for some output
0.8.1
=====
- Revised LockFile class to do perform exclusive locking -- deprecated the --unlock flag since it is no longer
necessary
0.8.0
=====
- Added LOCK_FILE configuration parameter and support such that only one instance of DenyHosts can be running at any
given time
- Added PURGE_DENY configuration parameter and support for purging entries from the HOSTS_DENY file that have
exceeded the PURGE_DENY value
-- Added the ability to migrate HOSTS_DENY file such that all entries are suitable for purging.
-- Added --purge, --migrate and --unlock command line arguments
0.7.3
=====
- Prefs change (reqd fields can be blank)
0.7.2
=====
- Added support for using an alternate deny file with FreeBSD based on feed back from Alesha Oparin
0.7.1
=====
- fixed blank BLOCK_SERVICE bug
0.7.0
=====
- Added support for the metalog logger based on a patch contributed by Mike Kelly.
- Added support for FreeBSD based on input from Francesca Smith
- Added support for catching hostname entries (in addition to IP addresses) based on a patch from Christian Smyth
- Added support for using an alternative hosts deny file where only the offending ip address is listed. This feature
is based on a patch contributed by John Meinel Jr.
- Added support for processing gzip'ed logfiles based on feature request by Brian McGraw.
0.6.0
=====
- Modified email message date/time format to be RFC-2822 compliant. Incorporated patch contributed by Rick
Holbert.
- Added reverse dns lookups and the HOSTNAME_LOOKUP for enabling/disabling them. Incorporated feature
request of Ron Joffe.
- Added additional config option (SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS) for reporting (or not)
suspicious login activity. This feature is based on feedback from Ron Joffe.
- Updated regex for matching non-existent user break-ins. Previously, "invalid" was matched against.
Now, both "invalid" and "illegal" should match. This fix is based on email from Scott Hunziker.