Mercurial > syslog2iptables
view syslog2iptables.conf.httpd @ 75:ae5e6bcc5017
sendmail auth failure detection for both login and plain methods
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Mon, 24 Dec 2018 08:31:27 -0800 |
parents | d80641be405b |
children | cc01f2caff37 |
line wrap: on
line source
pattern "(.*) - - .* /cgi-bin" { index 1; // zero based bucket 400; message "apache cgi-bin reference"; }; pattern "(.*) - - .*/index2.php" { index 1; // zero based bucket 400; message "apache index2.php reference"; }; pattern "(.*) - - .*/main.php" { index 1; // zero based bucket 400; message "apache main.php reference"; }; pattern "(.*) - - .*/awstats.pl" { index 1; // zero based bucket 400; message "apache awstats.pl reference"; }; pattern "(.*) - - .*/xmlrpc" { index 1; // zero based bucket 400; message "apache xmlrpc reference"; }; pattern "(.*) - - .*/adxmlrpc" { index 1; // zero based bucket 400; message "apache adxmlrpc reference"; }; pattern "(.*) - - .*/includes/general.js" { index 1; // zero based bucket 400; message "apache general.js reference"; }; pattern "(.*) - - .*/Admin/" { index 1; // zero based bucket 400; message "apache phpMyAdmin reference"; }; pattern "(.*) - - .*/MyAdmin/" { index 1; // zero based bucket 400; message "apache phpMyAdmin reference"; }; pattern "(.*) - - .*/phpMyAdmin/" { index 1; // zero based bucket 400; message "apache phpMyAdmin reference"; }; pattern "(.*) - - .*/user/soapCaller" { index 1; // zero based bucket 400; message "apache soapCaller reference"; }; pattern "(.*) - - .*POST /contact.php" { index 1; // zero based bucket 400; message "apache contact.php post"; }; pattern "(.*) - - .*/crossdomain.xml" { index 1; // zero based bucket 400; message "apache crossdomain.xml reference"; }; pattern "(.*) - - .*/cart/" { index 1; // zero based bucket 400; message "apache cart reference"; }; pattern "(.*) - - .*/zen/" { index 1; // zero based bucket 400; message "apache zen reference"; }; pattern "(.*) - - .*/zencart/" { index 1; // zero based bucket 400; message "apache zencart reference"; }; pattern "(.*) - - .*\(\) *\{'" { index 1; // zero based bucket 400; message "apache shellshocked attempt"; };