Mercurial > syslog2iptables

diff syslog2iptables.conf.httpd @ 61:d80641be405b stable-1-0-15

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
add script to build syslog2iptables.conf
author Carl Byington <carl@five-ten-sg.com>
date Sat, 04 Oct 2014 10:01:32 -0700
parents
children cc01f2caff37
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/syslog2iptables.conf.httpd	Sat Oct 04 10:01:32 2014 -0700
@@ -0,0 +1,85 @@
+        pattern "(.*) - - .* /cgi-bin" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache cgi-bin reference";
+        };
+        pattern "(.*) - - .*/index2.php" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache index2.php reference";
+        };
+        pattern "(.*) - - .*/main.php" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache main.php reference";
+        };
+        pattern "(.*) - - .*/awstats.pl" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache awstats.pl reference";
+        };
+        pattern "(.*) - - .*/xmlrpc" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache xmlrpc reference";
+        };
+        pattern "(.*) - - .*/adxmlrpc" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache adxmlrpc reference";
+        };
+        pattern "(.*) - - .*/includes/general.js" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache general.js reference";
+        };
+        pattern "(.*) - - .*/Admin/" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache phpMyAdmin reference";
+        };
+        pattern "(.*) - - .*/MyAdmin/" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache phpMyAdmin reference";
+        };
+        pattern "(.*) - - .*/phpMyAdmin/" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache phpMyAdmin reference";
+        };
+        pattern "(.*) - - .*/user/soapCaller" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache soapCaller reference";
+        };
+        pattern "(.*) - - .*POST /contact.php" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache contact.php post";
+        };
+        pattern "(.*) - - .*/crossdomain.xml" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache crossdomain.xml reference";
+        };
+        pattern "(.*) - - .*/cart/" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache cart reference";
+        };
+        pattern "(.*) - - .*/zen/" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache zen reference";
+        };
+        pattern "(.*) - - .*/zencart/" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache zencart reference";
+        };
+        pattern "(.*) - - .*\(\) *\{'" {
+            index 1;    // zero based
+            bucket 400;
+            message "apache shellshocked attempt";
+        };
\ No newline at end of file