Mercurial > syslog2iptables

comparison syslog2iptables.conf.top @ 66:d179292293eb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix default config dovecot regular expressions; add manual blocking expression
author Carl Byington <carl@five-ten-sg.com>
date Sat, 19 Dec 2015 12:45:31 -0800
parents f17e6599b82c
children 0e736950a117
comparison
equal deleted inserted replaced
65:f17e6599b82c 66:d179292293eb
11 file "/var/log/secure" { 11 file "/var/log/secure" {
12 pattern "manual unblock (.*)" { 12 pattern "manual unblock (.*)" {
13 index 1; // zero based 13 index 1; // zero based
14 bucket -5000; 14 bucket -5000;
15 message "manual unblock"; 15 message "manual unblock";
16 };
17 pattern "manual block (.*)" {
18 index 1; // zero based
19 bucket 5000;
20 message "manual block";
16 }; 21 };
17 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { 22 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
18 index 1; // zero based 23 index 1; // zero based
19 bucket 400; 24 bucket 400;
20 message "ssh failed password"; 25 message "ssh failed password";
88 pattern "dovecot.*Aborted login .* rip=(.*), lip=" { 93 pattern "dovecot.*Aborted login .* rip=(.*), lip=" {
89 index 1; // zero based 94 index 1; // zero based
90 bucket 100; 95 bucket 100;
91 message "dovecot failed password"; 96 message "dovecot failed password";
92 }; 97 };
93 pattern "dovecot.*Login: .* rip=(.*), lip=" { 98 pattern "dovecot.*Disconnected: Inactivity .auth failed.* rip=(.*), lip=" {
99 index 1; // zero based
100 bucket 100;
101 message "dovecot failed password";
102 };
103 pattern "dovecot.*Login: user=.* rip=(.*), lip=" {
94 index 1; // zero based 104 index 1; // zero based
95 bucket -5000; 105 bucket -5000;
96 message "dovecot good authentication"; 106 message "dovecot good authentication";
97 }; 107 };
98 pattern "sendmail.*AUTH=server, .*\[(.*)\]," { 108 pattern "sendmail.*AUTH=server, .*\[(.*)\]," {