Mercurial > syslog2iptables
comparison syslog2iptables.conf @ 42:d9ae11033b4b stable-1-9
Add default config to firewall systems that send bounces to non-existant accounts.
Switch to Mercurial source control. Update spec file for fedora packaging.
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Fri, 21 Mar 2008 14:02:32 -0700 |
| parents | d2ceebcf6595 |
| children | 75361069c6ef |
comparison
equal
deleted
inserted
replaced
| 41:738d1f059183 | 42:d9ae11033b4b |
|---|---|
| 27 message "ssh failed password"; | 27 message "ssh failed password"; |
| 28 }; | 28 }; |
| 29 }; | 29 }; |
| 30 | 30 |
| 31 file "/var/log/httpd/access_log" { | 31 file "/var/log/httpd/access_log" { |
| 32 // of course you cannot use this if you actually use cgi-bin directories | |
| 32 pattern "(.*) - - .* /cgi-bin" { | 33 pattern "(.*) - - .* /cgi-bin" { |
| 33 index 1; // zero based | 34 index 1; // zero based |
| 34 bucket 400; | 35 bucket 400; |
| 35 message "apache cgi-bin reference"; | 36 message "apache cgi-bin reference"; |
| 36 }; | 37 }; |
| 38 // or if you actually have an index2.php script | |
| 37 pattern "(.*) - - .*/index2.php" { | 39 pattern "(.*) - - .*/index2.php" { |
| 38 index 1; // zero based | 40 index 1; // zero based |
| 39 bucket 400; | 41 bucket 400; |
| 40 message "apache index2.php reference"; | 42 message "apache index2.php reference"; |
| 41 }; | 43 }; |
| 44 // or if you have a main.php script | |
| 42 pattern "(.*) - - .*/main.php" { | 45 pattern "(.*) - - .*/main.php" { |
| 43 index 1; // zero based | 46 index 1; // zero based |
| 44 bucket 400; | 47 bucket 400; |
| 45 message "apache main.php reference"; | 48 message "apache main.php reference"; |
| 46 }; | 49 }; |
| 49 file "/var/log/maillog" { | 52 file "/var/log/maillog" { |
| 50 pattern "lost input channel from .* \[(.*)\] .* after mail" { | 53 pattern "lost input channel from .* \[(.*)\] .* after mail" { |
| 51 index 1; // zero based | 54 index 1; // zero based |
| 52 bucket 200; | 55 bucket 200; |
| 53 message "sendmail spammer dropping connection"; | 56 message "sendmail spammer dropping connection"; |
| 57 }; | |
| 58 | |
| 59 // make sure your upstream MX servers are listed in the | |
| 60 // ignore block above, otherwise you will kill them off | |
| 61 // when they try to forward such mail to you. | |
| 62 pattern "sendmail.*from=<>,.*nrcpts=0,.*\[(.*)\]" { | |
| 63 index 1; // zero based | |
| 64 bucket 200; | |
| 65 message "sendmail rejected bounce"; | |
| 54 }; | 66 }; |
| 55 }; | 67 }; |
| 56 | 68 |
| 57 // file "/var/log/messages" { | 69 // file "/var/log/messages" { |
| 58 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { | 70 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { |