Mercurial > syslog2iptables
diff syslog2iptables.conf @ 35:d2ceebcf6595 stable-1-7
add message description in patterns
| author | carl |
|---|---|
| date | Tue, 18 Sep 2007 09:54:22 -0700 |
| parents | 28fec0c67646 |
| children | d9ae11033b4b |
line wrap: on
line diff
--- a/syslog2iptables.conf Sun Sep 09 15:46:03 2007 -0700 +++ b/syslog2iptables.conf Tue Sep 18 09:54:22 2007 -0700 @@ -11,6 +11,7 @@ // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { // index 2; // zero based // bucket 200; +// message "cisco firewall blocked packet"; // }; // }; @@ -18,10 +19,12 @@ pattern "sshd.*Failed password .* from ::ffff:(.*) port" { index 1; // zero based bucket 400; + message "ssh failed password"; }; pattern "sshd.*Failed password .* from (.*) port" { index 1; // zero based bucket 400; + message "ssh failed password"; }; }; @@ -29,14 +32,25 @@ pattern "(.*) - - .* /cgi-bin" { index 1; // zero based bucket 400; + message "apache cgi-bin reference"; }; pattern "(.*) - - .*/index2.php" { index 1; // zero based bucket 400; + message "apache index2.php reference"; }; pattern "(.*) - - .*/main.php" { index 1; // zero based bucket 400; + message "apache main.php reference"; + }; +}; + +file "/var/log/maillog" { + pattern "lost input channel from .* \[(.*)\] .* after mail" { + index 1; // zero based + bucket 200; + message "sendmail spammer dropping connection"; }; }; @@ -44,9 +58,11 @@ // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { // index 1; // zero based // bucket 300; +// message "ssh failed password"; // }; // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { // index 1; // zero based // bucket 300; +// message "ssh failed password"; // }; // };