Mercurial > syslog2iptables
annotate syslog2iptables.conf @ 46:4eaee1fcffa7 stable-1-10
more fixes for Solaris
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Sat, 22 Mar 2008 11:32:28 -0700 |
parents | d9ae11033b4b |
children | 75361069c6ef |
rev | line source |
---|---|
9 | 1 threshold 550; |
3 | 2 |
27 | 3 add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; |
4 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; | |
5 | |
3 | 6 ignore { |
7 127.0.0.0/8; // localhost | |
1 | 8 }; |
9 | |
20 | 10 // file "/var/log/cisco.log" { |
11 // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { | |
12 // index 2; // zero based | |
13 // bucket 200; | |
35 | 14 // message "cisco firewall blocked packet"; |
20 | 15 // }; |
16 // }; | |
3 | 17 |
5 | 18 file "/var/log/secure" { |
19 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { | |
20 index 1; // zero based | |
9 | 21 bucket 400; |
35 | 22 message "ssh failed password"; |
5 | 23 }; |
24 pattern "sshd.*Failed password .* from (.*) port" { | |
25 index 1; // zero based | |
9 | 26 bucket 400; |
35 | 27 message "ssh failed password"; |
5 | 28 }; |
29 }; | |
30 | |
20 | 31 file "/var/log/httpd/access_log" { |
42
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
32 // of course you cannot use this if you actually use cgi-bin directories |
20 | 33 pattern "(.*) - - .* /cgi-bin" { |
34 index 1; // zero based | |
35 bucket 400; | |
35 | 36 message "apache cgi-bin reference"; |
20 | 37 }; |
42
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
38 // or if you actually have an index2.php script |
20 | 39 pattern "(.*) - - .*/index2.php" { |
40 index 1; // zero based | |
41 bucket 400; | |
35 | 42 message "apache index2.php reference"; |
20 | 43 }; |
42
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
44 // or if you have a main.php script |
20 | 45 pattern "(.*) - - .*/main.php" { |
46 index 1; // zero based | |
47 bucket 400; | |
35 | 48 message "apache main.php reference"; |
49 }; | |
50 }; | |
51 | |
52 file "/var/log/maillog" { | |
53 pattern "lost input channel from .* \[(.*)\] .* after mail" { | |
54 index 1; // zero based | |
55 bucket 200; | |
56 message "sendmail spammer dropping connection"; | |
20 | 57 }; |
42
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
58 |
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
59 // make sure your upstream MX servers are listed in the |
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
60 // ignore block above, otherwise you will kill them off |
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
61 // when they try to forward such mail to you. |
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
62 pattern "sendmail.*from=<>,.*nrcpts=0,.*\[(.*)\]" { |
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
63 index 1; // zero based |
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
64 bucket 200; |
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
65 message "sendmail rejected bounce"; |
d9ae11033b4b
Add default config to firewall systems that send bounces to non-existant accounts.
Carl Byington <carl@five-ten-sg.com>
parents:
35
diff
changeset
|
66 }; |
20 | 67 }; |
68 | |
9 | 69 // file "/var/log/messages" { |
70 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { | |
71 // index 1; // zero based | |
72 // bucket 300; | |
35 | 73 // message "ssh failed password"; |
9 | 74 // }; |
75 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { | |
76 // index 1; // zero based | |
77 // bucket 300; | |
35 | 78 // message "ssh failed password"; |
9 | 79 // }; |
80 // }; |