Mercurial > syslog2iptables
comparison syslog2iptables.conf.top @ 81:cc01f2caff37 stable-1-0-19
add error_log to the httpd files
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Sun, 11 Feb 2024 12:04:13 -0800 |
parents | ae5e6bcc5017 |
children |
comparison
equal
deleted
inserted
replaced
80:858aec84fe13 | 81:cc01f2caff37 |
---|---|
1 context monitor2 { | |
2 threshold 150; | |
3 add_command "echo 'rate limit exceeded' | mail -s 'rate limit exceeded' carl@five-ten-sg.com"; | |
4 remove_command "true"; | |
5 file "/var/log/maillog" { | |
6 pattern "milter=dnsbl, .* reject=550 (.*) (unique|recipient) .* limit exceeded" { | |
7 index 1; // zero based | |
8 bucket 100; | |
9 message "rate limit exceeded"; | |
10 }; | |
11 }; | |
12 }; | |
13 | |
1 context general { | 14 context general { |
2 threshold 550; | 15 threshold 550; |
3 | 16 |
4 add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; | 17 add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; |
5 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; | 18 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; |
6 | 19 |
7 ignore { | 20 ignore { |
8 127.0.0.0/8; // localhost | 21 127.0.0.0/8; // localhost |
22 192.168.0.0/16; // internal networks | |
23 172.102.240.82/30; // 510sg data center | |
24 172.102.240.42/30; // 510sg data center | |
25 216.86.213.0/24; // mbmg | |
26 104.53.80.243/32; // davd att | |
27 75.140.46.51/32; // davd spectrum | |
28 67.227.199.34/32; // routerdog | |
29 67.227.199.43/32; // routerdog | |
30 69.167.152.113/32; // routerdog | |
31 69.167.152.152/32; // routerdog | |
32 209.59.129.6/32; // routerdog | |
33 205.139.110.0/24; // mimecast probing smtp banners | |
34 207.211.31.0/24; // mimecast probing smtp banners | |
35 216.205.24.0/24; // mimecast probing smtp banners | |
36 63.128.21.0/24; // mimecast probing smtp banners | |
37 146.101.78.0/24; // mimecast probing smtp banners | |
38 207.82.80.0/24; // mimecast probing smtp banners | |
9 }; | 39 }; |
10 | 40 |
11 file "/var/log/secure" { | 41 file "/var/log/secure" { |
12 pattern "manual unblock (.*)" { | 42 pattern "manual unblock (.*)" { |
13 index 1; // zero based | 43 index 1; // zero based |
65 pattern "kernel.*outside-net-from.*SRC=(.*) DST=.*DPT=" { | 95 pattern "kernel.*outside-net-from.*SRC=(.*) DST=.*DPT=" { |
66 index 1; // zero based | 96 index 1; // zero based |
67 bucket 400; | 97 bucket 400; |
68 message "kernel firewall blocked packet"; | 98 message "kernel firewall blocked packet"; |
69 }; | 99 }; |
100 pattern "named.* (.*)#.*denied$" { | |
101 index 1; // zero based | |
102 bucket 100; | |
103 message "dns query denied"; | |
104 }; | |
70 }; | 105 }; |
71 | 106 |
72 file "/var/log/maillog" { | 107 file "/var/log/maillog" { |
73 pattern "lost input channel from.* \[(.*)\] .* after (mail|rcpt|auth)" { | 108 pattern "lost input channel from.* \[(.*)\] .* after (mail|rcpt|auth)" { |
74 index 1; // zero based | 109 index 1; // zero based |