Mercurial > syslog2iptables

annotate syslog2iptables.conf @ 39:a9101672c0e9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
shutdown removes iptables entries that we added
author carl
date Thu, 08 Nov 2007 11:46:54 -0800
parents d2ceebcf6595
children d9ae11033b4b
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
1 threshold 550;
3
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
2
27
28fec0c67646 make add/remove commands configureable
carl
parents: 21
diff changeset
3 add_command "/sbin/iptables -I INPUT --src %s --jump DROP";
28fec0c67646 make add/remove commands configureable
carl
parents: 21
diff changeset
4 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP";
28fec0c67646 make add/remove commands configureable
carl
parents: 21
diff changeset
5
3
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
6 ignore {
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
7 127.0.0.0/8; // localhost
1
551433a01cab initial coding
carl
parents:
diff changeset
8 };
551433a01cab initial coding
carl
parents:
diff changeset
9
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
10 // file "/var/log/cisco.log" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
11 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
12 // index 2; // zero based
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
13 // bucket 200;
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
14 // message "cisco firewall blocked packet";
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
15 // };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
16 // };
3
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
17
5
276c4edc8521 initial coding
carl
parents: 4
diff changeset
18 file "/var/log/secure" {
276c4edc8521 initial coding
carl
parents: 4
diff changeset
19 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
276c4edc8521 initial coding
carl
parents: 4
diff changeset
20 index 1; // zero based
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
21 bucket 400;
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
22 message "ssh failed password";
5
276c4edc8521 initial coding
carl
parents: 4
diff changeset
23 };
276c4edc8521 initial coding
carl
parents: 4
diff changeset
24 pattern "sshd.*Failed password .* from (.*) port" {
276c4edc8521 initial coding
carl
parents: 4
diff changeset
25 index 1; // zero based
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
26 bucket 400;
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
27 message "ssh failed password";
5
276c4edc8521 initial coding
carl
parents: 4
diff changeset
28 };
276c4edc8521 initial coding
carl
parents: 4
diff changeset
29 };
276c4edc8521 initial coding
carl
parents: 4
diff changeset
30
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
31 file "/var/log/httpd/access_log" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
32 pattern "(.*) - - .* /cgi-bin" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
33 index 1; // zero based
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
34 bucket 400;
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
35 message "apache cgi-bin reference";
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
36 };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
37 pattern "(.*) - - .*/index2.php" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
38 index 1; // zero based
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
39 bucket 400;
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
40 message "apache index2.php reference";
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
41 };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
42 pattern "(.*) - - .*/main.php" {
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
43 index 1; // zero based
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
44 bucket 400;
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
45 message "apache main.php reference";
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
46 };
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
47 };
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
48
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
49 file "/var/log/maillog" {
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
50 pattern "lost input channel from .* \[(.*)\] .* after mail" {
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
51 index 1; // zero based
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
52 bucket 200;
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
53 message "sendmail spammer dropping connection";
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
54 };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
55 };
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
56
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
57 // file "/var/log/messages" {
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
58 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
59 // index 1; // zero based
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
60 // bucket 300;
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
61 // message "ssh failed password";
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
62 // };
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
63 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
64 // index 1; // zero based
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
65 // bucket 300;
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
66 // message "ssh failed password";
9
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
67 // };
d76f9ff42487 initial coding
carl
parents: 5
diff changeset
68 // };