Mercurial > syslog2iptables
changeset 50:75361069c6ef
changes for fedora 10
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Wed, 24 Dec 2008 18:40:54 -0800 |
| parents | 546fe911f7a6 |
| children | 206448c00b55 |
| files | Makefile.am html/Makefile.am syslog2iptables.conf xml/syslog2iptables.in |
| diffstat | 4 files changed, 49 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/Makefile.am Thu May 29 11:44:36 2008 -0700 +++ b/Makefile.am Wed Dec 24 18:40:54 2008 -0800 @@ -7,7 +7,7 @@ htmldir = ${datadir}/doc/@PACKAGE@-@VERSION@ html_DATA = AUTHORS COPYING ChangeLog NEWS README CLEANFILES = syslog2iptables xml/syslog2iptables xml/Makefile -EXTRA_DIST = syslog2iptables.conf syslog2iptables.spec $(wildcard xml/h*) $(wildcard xml/M*) $(wildcard xml/s*) +EXTRA_DIST = syslog2iptables.conf syslog2iptables.spec xml/header.sgml xml/header.xml xml/Makefile.am xml/Makefile.in xml/syslog2iptables.in syslog2iptables: syslog2iptables.rc cat syslog2iptables.rc | \
--- a/html/Makefile.am Thu May 29 11:44:36 2008 -0700 +++ b/html/Makefile.am Wed Dec 24 18:40:54 2008 -0800 @@ -1,3 +1,3 @@ htmldir = ${datadir}/doc/@PACKAGE@-@VERSION@ -html_DATA = $(wildcard *.html) $(wildcard *.pdf) +html_DATA = index.html rn01re01.html rn01re02.html syslog2iptables.pdf EXTRA_DIST = $(html_DATA)
--- a/syslog2iptables.conf Thu May 29 11:44:36 2008 -0700 +++ b/syslog2iptables.conf Wed Dec 24 18:40:54 2008 -0800 @@ -26,6 +26,19 @@ bucket 400; message "ssh failed password"; }; + pattern "proftpd.*no such user found from (.*) \[" { + index 1; // zero based + bucket 400; + message "ftp failed password"; + }; +}; + +file "/var/log/messages" { + pattern "ipop3d.* Login failed .* \[(.*)\]" { + index 1; // zero based + bucket 400; + message "pop3 failed password"; + }; }; file "/var/log/httpd/access_log" { @@ -47,14 +60,44 @@ bucket 400; message "apache main.php reference"; }; + pattern "(.*) - - .*/awstats.pl" { + index 1; // zero based + bucket 400; + message "apache awstats.pl reference"; + }; + pattern "(.*) - - .*/adxmlrpc" { + index 1; // zero based + bucket 400; + message "apache adxmlrpc reference"; + }; }; file "/var/log/maillog" { - pattern "lost input channel from .* \[(.*)\] .* after mail" { + pattern "lost input channel from .* \[(.*)\] .* after (mail|rcpt|auth)" { index 1; // zero based bucket 200; message "sendmail spammer dropping connection"; }; + pattern " \[(.*)\]: possible SMTP attack" { + index 1; // zero based + bucket 600; + message "sendmail authentication attack"; + }; + pattern "rejecting commands from .* \[(.*)\] due to pre-greeting traffic" { + index 1; // zero based + bucket 200; + message "sendmail pre-greeting"; + }; + pattern "dovecot.*Aborted login.*rip=(.*)," { + index 1; // zero based + bucket 100; + message "dovecot failed password"; + }; + pattern "dovecot: pop3-login: Disconnected: Shutting down.*rip=(.*)," { + index 1; // zero based + bucket 100; + message "dovecot failed password"; + }; // make sure your upstream MX servers are listed in the // ignore block above, otherwise you will kill them off
--- a/xml/syslog2iptables.in Thu May 29 11:44:36 2008 -0700 +++ b/xml/syslog2iptables.in Wed Dec 24 18:40:54 2008 -0800 @@ -1,5 +1,5 @@ <reference> - <title>@PACKAGE@</title> + <title>@PACKAGE@ - Version @VERSION@</title> <partintro> <title>Packages</title> @@ -19,7 +19,7 @@ <refentry id="@PACKAGE@.1"> <refentryinfo> - <date>2008-03-21</date> + <date>2008-05-29</date> </refentryinfo> <refmeta> @@ -159,7 +159,7 @@ <refentry id="@PACKAGE@.conf.5"> <refentryinfo> - <date>2008-03-21</date> + <date>2008-05-29</date> </refentryinfo> <refmeta>