Mercurial > syslog2iptables
changeset 81:cc01f2caff37 stable-1-0-19
add error_log to the httpd files
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sun, 11 Feb 2024 12:04:13 -0800 |
| parents | 858aec84fe13 |
| children | 384532d596c0 |
| files | ChangeLog NEWS configure.ac syslog2iptables.conf.httpd syslog2iptables.conf.make syslog2iptables.conf.top syslog2iptables.spec.in |
| diffstat | 7 files changed, 51 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jul 15 14:29:47 2020 -0700 +++ b/ChangeLog Sun Feb 11 12:04:13 2024 -0800 @@ -1,3 +1,6 @@ +1.19 2024-02-11 + add error_log to the httpd files + 1.18 2020-07-15 add more logging when blocked addresses move to higher scale values
--- a/NEWS Wed Jul 15 14:29:47 2020 -0700 +++ b/NEWS Sun Feb 11 12:04:13 2024 -0800 @@ -1,3 +1,4 @@ +1.19 2024-02-11 add error_log to the httpd files 1.18 2020-07-15 add more logging when blocked addresses move to higher scale values 1.17 2017-02-09 RHEL7 systemd and /var/run on tmpfs 1.16 2015-12-19 good authentication prevents ip blocking for awhile
--- a/configure.ac Wed Jul 15 14:29:47 2020 -0700 +++ b/configure.ac Sun Feb 11 12:04:13 2024 -0800 @@ -1,6 +1,6 @@ AC_PREREQ(2.59) -AC_INIT(syslog2iptables,1.18,carl@five-ten-sg.com) +AC_INIT(syslog2iptables,1.19,carl@five-ten-sg.com) AC_CONFIG_SRCDIR([config.h.in]) AC_CONFIG_HEADER([config.h]) AC_CONFIG_MACRO_DIRS([m4])
--- a/syslog2iptables.conf.httpd Wed Jul 15 14:29:47 2020 -0700 +++ b/syslog2iptables.conf.httpd Sun Feb 11 12:04:13 2024 -0800 @@ -82,4 +82,10 @@ index 1; // zero based bucket 400; message "apache shellshocked attempt"; - }; \ No newline at end of file + }; + pattern ":error.*client (.*):.*\.php' not found" { + index 1; // zero based + bucket 400; + message "apache domainrenter php attempts"; + }; +
--- a/syslog2iptables.conf.make Wed Jul 15 14:29:47 2020 -0700 +++ b/syslog2iptables.conf.make Sun Feb 11 12:04:13 2024 -0800 @@ -5,7 +5,7 @@ echo '' cat syslog2iptables.conf.top - for fn in /var/log/httpd/access*log; do + for fn in /var/log/httpd/error_log /var/log/httpd/access*log; do if [ -f "$fn" ]; then echo " file \"$fn\" {" cat syslog2iptables.conf.httpd
--- a/syslog2iptables.conf.top Wed Jul 15 14:29:47 2020 -0700 +++ b/syslog2iptables.conf.top Sun Feb 11 12:04:13 2024 -0800 @@ -1,3 +1,16 @@ +context monitor2 { + threshold 150; + add_command "echo 'rate limit exceeded' | mail -s 'rate limit exceeded' carl@five-ten-sg.com"; + remove_command "true"; + file "/var/log/maillog" { + pattern "milter=dnsbl, .* reject=550 (.*) (unique|recipient) .* limit exceeded" { + index 1; // zero based + bucket 100; + message "rate limit exceeded"; + }; + }; +}; + context general { threshold 550; @@ -6,6 +19,23 @@ ignore { 127.0.0.0/8; // localhost + 192.168.0.0/16; // internal networks + 172.102.240.82/30; // 510sg data center + 172.102.240.42/30; // 510sg data center + 216.86.213.0/24; // mbmg + 104.53.80.243/32; // davd att + 75.140.46.51/32; // davd spectrum + 67.227.199.34/32; // routerdog + 67.227.199.43/32; // routerdog + 69.167.152.113/32; // routerdog + 69.167.152.152/32; // routerdog + 209.59.129.6/32; // routerdog + 205.139.110.0/24; // mimecast probing smtp banners + 207.211.31.0/24; // mimecast probing smtp banners + 216.205.24.0/24; // mimecast probing smtp banners + 63.128.21.0/24; // mimecast probing smtp banners + 146.101.78.0/24; // mimecast probing smtp banners + 207.82.80.0/24; // mimecast probing smtp banners }; file "/var/log/secure" { @@ -67,6 +97,11 @@ bucket 400; message "kernel firewall blocked packet"; }; + pattern "named.* (.*)#.*denied$" { + index 1; // zero based + bucket 100; + message "dns query denied"; + }; }; file "/var/log/maillog" {
--- a/syslog2iptables.spec.in Wed Jul 15 14:29:47 2020 -0700 +++ b/syslog2iptables.spec.in Sun Feb 11 12:04:13 2024 -0800 @@ -84,6 +84,9 @@ %changelog +* Sun Feb 11 2024 Carl Byington <carl@five-ten-sg.com> - 1.19-1 +- add error_log to the httpd files + * Wed Jul 15 2020 Carl Byington <carl@five-ten-sg.com> - 1.18-1 - add more logging when blocked addresses move to higher scale values