Mercurial > syslog2iptables
comparison syslog2iptables.conf.top @ 81:cc01f2caff37 stable-1-0-19
add error_log to the httpd files
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sun, 11 Feb 2024 12:04:13 -0800 |
| parents | ae5e6bcc5017 |
| children |
comparison
equal
deleted
inserted
replaced
| 80:858aec84fe13 | 81:cc01f2caff37 |
|---|---|
| 1 context monitor2 { | |
| 2 threshold 150; | |
| 3 add_command "echo 'rate limit exceeded' | mail -s 'rate limit exceeded' carl@five-ten-sg.com"; | |
| 4 remove_command "true"; | |
| 5 file "/var/log/maillog" { | |
| 6 pattern "milter=dnsbl, .* reject=550 (.*) (unique|recipient) .* limit exceeded" { | |
| 7 index 1; // zero based | |
| 8 bucket 100; | |
| 9 message "rate limit exceeded"; | |
| 10 }; | |
| 11 }; | |
| 12 }; | |
| 13 | |
| 1 context general { | 14 context general { |
| 2 threshold 550; | 15 threshold 550; |
| 3 | 16 |
| 4 add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; | 17 add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; |
| 5 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; | 18 remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; |
| 6 | 19 |
| 7 ignore { | 20 ignore { |
| 8 127.0.0.0/8; // localhost | 21 127.0.0.0/8; // localhost |
| 22 192.168.0.0/16; // internal networks | |
| 23 172.102.240.82/30; // 510sg data center | |
| 24 172.102.240.42/30; // 510sg data center | |
| 25 216.86.213.0/24; // mbmg | |
| 26 104.53.80.243/32; // davd att | |
| 27 75.140.46.51/32; // davd spectrum | |
| 28 67.227.199.34/32; // routerdog | |
| 29 67.227.199.43/32; // routerdog | |
| 30 69.167.152.113/32; // routerdog | |
| 31 69.167.152.152/32; // routerdog | |
| 32 209.59.129.6/32; // routerdog | |
| 33 205.139.110.0/24; // mimecast probing smtp banners | |
| 34 207.211.31.0/24; // mimecast probing smtp banners | |
| 35 216.205.24.0/24; // mimecast probing smtp banners | |
| 36 63.128.21.0/24; // mimecast probing smtp banners | |
| 37 146.101.78.0/24; // mimecast probing smtp banners | |
| 38 207.82.80.0/24; // mimecast probing smtp banners | |
| 9 }; | 39 }; |
| 10 | 40 |
| 11 file "/var/log/secure" { | 41 file "/var/log/secure" { |
| 12 pattern "manual unblock (.*)" { | 42 pattern "manual unblock (.*)" { |
| 13 index 1; // zero based | 43 index 1; // zero based |
| 65 pattern "kernel.*outside-net-from.*SRC=(.*) DST=.*DPT=" { | 95 pattern "kernel.*outside-net-from.*SRC=(.*) DST=.*DPT=" { |
| 66 index 1; // zero based | 96 index 1; // zero based |
| 67 bucket 400; | 97 bucket 400; |
| 68 message "kernel firewall blocked packet"; | 98 message "kernel firewall blocked packet"; |
| 69 }; | 99 }; |
| 100 pattern "named.* (.*)#.*denied$" { | |
| 101 index 1; // zero based | |
| 102 bucket 100; | |
| 103 message "dns query denied"; | |
| 104 }; | |
| 70 }; | 105 }; |
| 71 | 106 |
| 72 file "/var/log/maillog" { | 107 file "/var/log/maillog" { |
| 73 pattern "lost input channel from.* \[(.*)\] .* after (mail|rcpt|auth)" { | 108 pattern "lost input channel from.* \[(.*)\] .* after (mail|rcpt|auth)" { |
| 74 index 1; // zero based | 109 index 1; // zero based |