Mercurial > syslog2iptables
comparison syslog2iptables.conf @ 42:d9ae11033b4b stable-1-9
Add default config to firewall systems that send bounces to non-existant accounts.
Switch to Mercurial source control. Update spec file for fedora packaging.
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Fri, 21 Mar 2008 14:02:32 -0700 |
parents | d2ceebcf6595 |
children | 75361069c6ef |
comparison
equal
deleted
inserted
replaced
41:738d1f059183 | 42:d9ae11033b4b |
---|---|
27 message "ssh failed password"; | 27 message "ssh failed password"; |
28 }; | 28 }; |
29 }; | 29 }; |
30 | 30 |
31 file "/var/log/httpd/access_log" { | 31 file "/var/log/httpd/access_log" { |
32 // of course you cannot use this if you actually use cgi-bin directories | |
32 pattern "(.*) - - .* /cgi-bin" { | 33 pattern "(.*) - - .* /cgi-bin" { |
33 index 1; // zero based | 34 index 1; // zero based |
34 bucket 400; | 35 bucket 400; |
35 message "apache cgi-bin reference"; | 36 message "apache cgi-bin reference"; |
36 }; | 37 }; |
38 // or if you actually have an index2.php script | |
37 pattern "(.*) - - .*/index2.php" { | 39 pattern "(.*) - - .*/index2.php" { |
38 index 1; // zero based | 40 index 1; // zero based |
39 bucket 400; | 41 bucket 400; |
40 message "apache index2.php reference"; | 42 message "apache index2.php reference"; |
41 }; | 43 }; |
44 // or if you have a main.php script | |
42 pattern "(.*) - - .*/main.php" { | 45 pattern "(.*) - - .*/main.php" { |
43 index 1; // zero based | 46 index 1; // zero based |
44 bucket 400; | 47 bucket 400; |
45 message "apache main.php reference"; | 48 message "apache main.php reference"; |
46 }; | 49 }; |
49 file "/var/log/maillog" { | 52 file "/var/log/maillog" { |
50 pattern "lost input channel from .* \[(.*)\] .* after mail" { | 53 pattern "lost input channel from .* \[(.*)\] .* after mail" { |
51 index 1; // zero based | 54 index 1; // zero based |
52 bucket 200; | 55 bucket 200; |
53 message "sendmail spammer dropping connection"; | 56 message "sendmail spammer dropping connection"; |
57 }; | |
58 | |
59 // make sure your upstream MX servers are listed in the | |
60 // ignore block above, otherwise you will kill them off | |
61 // when they try to forward such mail to you. | |
62 pattern "sendmail.*from=<>,.*nrcpts=0,.*\[(.*)\]" { | |
63 index 1; // zero based | |
64 bucket 200; | |
65 message "sendmail rejected bounce"; | |
54 }; | 66 }; |
55 }; | 67 }; |
56 | 68 |
57 // file "/var/log/messages" { | 69 // file "/var/log/messages" { |
58 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { | 70 // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { |