Mercurial > syslog2iptables

comparison syslog2iptables.conf.top @ 75:ae5e6bcc5017

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sendmail auth failure detection for both login and plain methods
author Carl Byington <carl@five-ten-sg.com>
date Mon, 24 Dec 2018 08:31:27 -0800
parents 0e736950a117
children cc01f2caff37
comparison
equal deleted inserted replaced
74:5ae085b398f4 75:ae5e6bcc5017
83 #pattern "rejecting commands from.* \[(.*)\] due to pre-greeting traffic" { 83 #pattern "rejecting commands from.* \[(.*)\] due to pre-greeting traffic" {
84 # index 1; // zero based 84 # index 1; // zero based
85 # bucket 0; // disable - iphone setup trips this; bucket 1800; 85 # bucket 0; // disable - iphone setup trips this; bucket 1800;
86 # message "sendmail pre-greeting"; 86 # message "sendmail pre-greeting";
87 #}; 87 #};
88 pattern "authentication failure: checkpass failed, .*\[(.*)\]" { 88 pattern "authentication failure: .* failed, .*\[(.*)\]" {
89 index 1; // zero based 89 index 1; // zero based
90 bucket 100; 90 bucket 100;
91 message "sendmail authentication failed"; 91 message "sendmail authentication failed";
92 }; 92 };
93 pattern "dovecot.*Aborted login .* rip=(.*), lip=" { 93 pattern "dovecot.*Aborted login .* rip=(.*), lip=" {
94 index 1; // zero based 94 index 1; // zero based
95 bucket 100; 95 bucket 100;
96 message "dovecot failed password"; 96 message "dovecot failed password";
97 }; 97 };
98 pattern "dovecot.*Disconnected: Inactivity .auth failed.* rip=(.*), lip=" { 98 pattern "dovecot.*Disconnected.*auth failed.* rip=(.*), lip=" {
99 index 1; // zero based 99 index 1; // zero based
100 bucket 100; 100 bucket 100;
101 message "dovecot failed password"; 101 message "dovecot failed password";
102 }; 102 };
103 pattern "dovecot.*Login: user=.* rip=(.*), lip=" { 103 pattern "dovecot.*Login: user=.* rip=(.*), lip=" {