Mercurial > syslog2iptables
diff syslog2iptables.conf.top @ 65:f17e6599b82c
fix default config regular expressions for geedy matching
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Sat, 19 Dec 2015 11:12:08 -0800 |
parents | 60f59936fabb |
children | d179292293eb |
line wrap: on
line diff
--- a/syslog2iptables.conf.top Sat Dec 19 10:25:11 2015 -0800 +++ b/syslog2iptables.conf.top Sat Dec 19 11:12:08 2015 -0800 @@ -49,24 +49,9 @@ bucket 400; message "ftp failed password"; }; - pattern "dovecot.* authentication failure; .* rhost=::ffff:(.*) " { - index 1; // zero based - bucket 100; - message "dovecot failed password"; - }; - pattern "dovecot.* authentication failure; .* rhost=(.*) " { - index 1; // zero based - bucket 100; - message "dovecot failed password"; - }; }; file "/var/log/messages" { - pattern "dovecot.* authentication failure; .* rhost=(.*) " { - index 1; // zero based - bucket 100; - message "dovecot failed password"; - }; pattern "kernel.*local-net-to.*SRC=(.*) DST=.*DPT=" { index 1; // zero based bucket 400; @@ -92,7 +77,7 @@ }; pattern "rejecting commands from.* \[(.*)\] due to pre-greeting traffic" { index 1; // zero based - bucket 1800; + bucket 0; // disable - iphone setup trips this; bucket 1800; message "sendmail pre-greeting"; }; pattern "authentication failure: checkpass failed, .*\[(.*)\]" { @@ -100,12 +85,12 @@ bucket 100; message "sendmail authentication failed"; }; - pattern "dovecot.*Aborted login .* rip=(.*)," { + pattern "dovecot.*Aborted login .* rip=(.*), lip=" { index 1; // zero based bucket 100; message "dovecot failed password"; }; - pattern "dovecot.*Login: .* rip=(.*)," { + pattern "dovecot.*Login: .* rip=(.*), lip=" { index 1; // zero based bucket -5000; message "dovecot good authentication";