comparison syslog2iptables.conf @ 9:d76f9ff42487

initial coding
author carl
date Sat, 03 Dec 2005 13:54:47 -0800
parents 276c4edc8521
children 0d65c3de34fd
comparison
equal deleted inserted replaced
8:5f4549fc60b9 9:d76f9ff42487
1 threshold 600; 1 threshold 550;
2 2
3 ignore { 3 ignore {
4 127.0.0.0/8; // localhost 4 127.0.0.0/8; // localhost
5 205.147.40.32/26; // 510sg 5 205.147.40.32/26; // 510sg
6 205.147.0.100/24; // digilink 6 205.147.0.100/24; // digilink
15 }; 15 };
16 16
17 file "/var/log/secure" { 17 file "/var/log/secure" {
18 pattern "sshd.*Failed password .* from ::ffff:(.*) port" { 18 pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
19 index 1; // zero based 19 index 1; // zero based
20 bucket 300; 20 bucket 400;
21 }; 21 };
22 pattern "sshd.*Failed password .* from (.*) port" { 22 pattern "sshd.*Failed password .* from (.*) port" {
23 index 1; // zero based 23 index 1; // zero based
24 bucket 300; 24 bucket 400;
25 }; 25 };
26 }; 26 };
27 27
28 file "/var/log/messages" { 28 // file "/var/log/messages" {
29 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { 29 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" {
30 index 1; // zero based 30 // index 1; // zero based
31 bucket 300; 31 // bucket 300;
32 }; 32 // };
33 pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { 33 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" {
34 index 1; // zero based 34 // index 1; // zero based
35 bucket 300; 35 // bucket 300;
36 }; 36 // };
37 }; 37 // };