Mercurial > syslog2iptables

annotate syslog2iptables.conf @ 52:fcbc7b7efd14

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tag stable-1-0-12 for changeset 206448c00b55
author Carl Byington <carl@five-ten-sg.com>
date Sat, 24 Jan 2009 17:42:53 -0800
parents 206448c00b55
children d6fb7fca0394
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
1 context dns {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
2 threshold 1100;
27
28fec0c67646 make add/remove commands configureable
carl
parents: 21
diff changeset
3
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
4 add_command "/sbin/iptables -I INPUT --protocol udp --destination-port 53 --src %s --jump DROP";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
5 remove_command "/sbin/iptables -D INPUT --protocol udp --destination-port 53 --src %s --jump DROP";
3
8fe310e5cd44 initial coding
carl
parents: 1
diff changeset
6
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
7 ignore {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
8 127.0.0.0/8; // localhost
5
276c4edc8521 initial coding
carl
parents: 4
diff changeset
9 };
50
75361069c6ef changes for fedora 10
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
10
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
11 file "/var/log/messages" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
12 pattern "named.*client (.*)#.*query.*cache.*denied" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
13 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
14 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
15 message "DNS attack";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
16 };
50
75361069c6ef changes for fedora 10
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
17 };
5
276c4edc8521 initial coding
carl
parents: 4
diff changeset
18 };
276c4edc8521 initial coding
carl
parents: 4
diff changeset
19
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
20
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
21 context general {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
22 threshold 550;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
23
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
24 add_command "/sbin/iptables -I INPUT --src %s --jump DROP";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
25 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
26
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
27 ignore {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
28 127.0.0.0/8; // localhost
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
29 };
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
30
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
31 // file "/var/log/cisco.log" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
32 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
33 // index 2; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
34 // bucket 200;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
35 // message "cisco firewall blocked packet";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
36 // };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
37 // };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
38
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
39 file "/var/log/secure" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
40 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
41 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
42 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
43 message "ssh failed password";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
44 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
45 pattern "sshd.*Failed password .* from (.*) port" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
46 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
47 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
48 message "ssh failed password";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
49 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
50 pattern "proftpd.*no such user found from (.*) \[" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
51 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
52 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
53 message "ftp failed password";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
54 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
55 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
56
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
57 file "/var/log/messages" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
58 pattern "ipop3d.* Login failed .* \[(.*)\]" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
59 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
60 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
61 message "pop3 failed password";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
62 };
20
0d65c3de34fd add better logging
carl
parents: 9
diff changeset
63 };
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
64
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
65 file "/var/log/httpd/access_log" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
66 // of course you cannot use this if you actually use cgi-bin directories
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
67 pattern "(.*) - - .* /cgi-bin" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
68 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
69 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
70 message "apache cgi-bin reference";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
71 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
72 // or if you actually have an index2.php script
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
73 pattern "(.*) - - .*/index2.php" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
74 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
75 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
76 message "apache index2.php reference";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
77 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
78 // or if you have a main.php script
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
79 pattern "(.*) - - .*/main.php" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
80 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
81 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
82 message "apache main.php reference";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
83 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
84 pattern "(.*) - - .*/awstats.pl" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
85 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
86 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
87 message "apache awstats.pl reference";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
88 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
89 pattern "(.*) - - .*/adxmlrpc" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
90 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
91 bucket 400;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
92 message "apache adxmlrpc reference";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
93 };
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
94 };
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
95
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
96 file "/var/log/maillog" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
97 pattern "lost input channel from .* \[(.*)\] .* after (mail|rcpt|auth)" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
98 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
99 bucket 200;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
100 message "sendmail spammer dropping connection";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
101 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
102 pattern " \[(.*)\]: possible SMTP attack" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
103 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
104 bucket 600;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
105 message "sendmail authentication attack";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
106 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
107 pattern "rejecting commands from .* \[(.*)\] due to pre-greeting traffic" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
108 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
109 bucket 200;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
110 message "sendmail pre-greeting";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
111 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
112 pattern "dovecot.*Aborted login.*rip=(.*)," {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
113 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
114 bucket 100;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
115 message "dovecot failed password";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
116 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
117 pattern "dovecot: pop3-login: Disconnected: Shutting down.*rip=(.*)," {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
118 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
119 bucket 100;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
120 message "dovecot failed password";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
121 };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
122
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
123 // make sure your upstream MX servers are listed in the
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
124 // ignore block above, otherwise you will kill them off
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
125 // when they try to forward such mail to you.
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
126 pattern "sendmail.*from=<>,.*nrcpts=0,.*\[(.*)\]" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
127 index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
128 bucket 200;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
129 message "sendmail rejected bounce";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
130 };
50
75361069c6ef changes for fedora 10
Carl Byington <carl@five-ten-sg.com>
parents: 42
diff changeset
131 };
51
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
132
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
133 // file "/var/log/messages" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
134 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
135 // index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
136 // bucket 300;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
137 // message "ssh failed password";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
138 // };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
139 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
140 // index 1; // zero based
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
141 // bucket 300;
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
142 // message "ssh failed password";
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
143 // };
206448c00b55 Allow multiple contexts with independent add/remove commands.
Carl Byington <carl@five-ten-sg.com>
parents: 50
diff changeset
144 // };
35
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
145 };
d2ceebcf6595 add message description in patterns
carl
parents: 27
diff changeset
146