Mercurial > syslog2iptables
view syslog2iptables.conf @ 30:718e94b6b049 stable-1-3
make add/remove commands configureable
author | carl |
---|---|
date | Sun, 12 Feb 2006 11:34:37 -0800 |
parents | 28fec0c67646 |
children | d2ceebcf6595 |
line wrap: on
line source
threshold 550; add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; ignore { 127.0.0.0/8; // localhost }; // file "/var/log/cisco.log" { // pattern "Internet_Firewall denied (tcp|udp) ([^(]*)" { // index 2; // zero based // bucket 200; // }; // }; file "/var/log/secure" { pattern "sshd.*Failed password .* from ::ffff:(.*) port" { index 1; // zero based bucket 400; }; pattern "sshd.*Failed password .* from (.*) port" { index 1; // zero based bucket 400; }; }; file "/var/log/httpd/access_log" { pattern "(.*) - - .* /cgi-bin" { index 1; // zero based bucket 400; }; pattern "(.*) - - .*/index2.php" { index 1; // zero based bucket 400; }; pattern "(.*) - - .*/main.php" { index 1; // zero based bucket 400; }; }; // file "/var/log/messages" { // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*) user=" { // index 1; // zero based // bucket 300; // }; // pattern "sshd.pam_unix.*authentication failure.*rhost=(.*)$" { // index 1; // zero based // bucket 300; // }; // };