Mercurial > syslog2iptables
diff syslog2iptables.conf @ 56:73dd2daeaf8e stable-1-0-13-2
switch to auto requires
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Wed, 17 Aug 2011 10:12:16 -0700 |
| parents | d237bc6331ad |
| children | b45dddebe8fc |
line wrap: on
line diff
--- a/syslog2iptables.conf Sat Feb 07 11:31:43 2009 -0800 +++ b/syslog2iptables.conf Wed Aug 17 10:12:16 2011 -0700 @@ -44,9 +44,29 @@ bucket 400; message "ftp failed password"; }; + pattern "vsftpd.* authentication failure; .* rhost=(.*) " { + index 1; // zero based + bucket 400; + message "ftp failed password"; + }; + pattern "dovecot.* authentication failure; .* rhost=::ffff:(.*) " { + index 1; // zero based + bucket 400; + message "dovecot failed password"; + }; + pattern "dovecot.* authentication failure; .* rhost=(.*) " { + index 1; // zero based + bucket 400; + message "dovecot failed password"; + }; }; file "/var/log/messages" { + pattern "dovecot.* authentication failure; .* rhost=(.*) " { + index 1; // zero based + bucket 400; + message "dovecot failed password"; + }; pattern "ipop3d.* Login failed .* \[(.*)\]" { index 1; // zero based bucket 400; @@ -83,6 +103,31 @@ bucket 400; message "apache adxmlrpc reference"; }; + pattern "(.*) - - .*/includes/general.js" { + index 1; // zero based + bucket 400; + message "apache general.js reference"; + }; + pattern "(.*) - - .*/phpMyAdmin/" { + index 1; // zero based + bucket 400; + message "apache phpMyAdmin reference"; + }; + pattern "(.*) - - .*/cart/" { + index 1; // zero based + bucket 400; + message "apache cart reference"; + }; + pattern "(.*) - - .*/zen/" { + index 1; // zero based + bucket 400; + message "apache zen reference"; + }; + pattern "(.*) - - .*/zencart/" { + index 1; // zero based + bucket 400; + message "apache zencart reference"; + }; }; file "/var/log/maillog" {