commit | author | age
|
77f371
|
1 |
[DEFAULT] |
T |
2 |
# 24h + 5min |
|
3 |
# Time to keep banned a bad ip |
8f00aa
|
4 |
watch_while = 86700 |
3a37e6
|
5 |
# Max tries before being banned |
77f371
|
6 |
maxtries = 3 |
T |
7 |
# pf table to keep bad IP. |
|
8 |
# remember to clean the table with this command in a cron job : |
3a37e6
|
9 |
# /sbin/pfctl -t vilain_bruteforce -T expire 86400 |
77f371
|
10 |
vilain_table = vilain_bruteforce |
8f00aa
|
11 |
|
Y |
12 |
# vilain log file |
|
13 |
vilain_log = /var/log/daemon |
3a37e6
|
14 |
|
90bc70
|
15 |
# duration before each checks on the different log files |
T |
16 |
sleeptime = 3.0 |
|
17 |
|
3a37e6
|
18 |
### Ip ignored ### |
T |
19 |
[ignoreip] |
|
20 |
ip1 = 92.150.160.157 |
|
21 |
ip2 = 92.150.160.156 |
40cb2e
|
22 |
|
77f371
|
23 |
### Guardians |
T |
24 |
#[name of the guardian] |
|
25 |
#logfile = /file/to/watch |
|
26 |
#regex = regex that return the bad guy IP |
40cb2e
|
27 |
#maxtries = 2 #facultative |
77f371
|
28 |
|
T |
29 |
[ssh] |
|
30 |
logfile = /var/log/authlog |
|
31 |
regex = .* Failed .* from ([\S]+) .* |
|
32 |
|
|
33 |
[ssh2] |
|
34 |
logfile = /var/log/authlog |
|
35 |
regex = .* Connection closed by ([\S]+) .* |
|
36 |
|
3a37e6
|
37 |
#[http404] |
T |
38 |
#logfile = /var/www/logs/access.log |
|
39 |
#regex = (?:\S+\s){1}(\S+).*\s404\s.* |
|
40 |
|
|
41 |
[http401] |
|
42 |
logfile = /var/www/logs/access.log |
|
43 |
regex = (?:\S+\s){1}(\S+).*\s401\s.* |
|
44 |
|
|
45 |
[http403] |
|
46 |
logfile = /var/www/logs/access.log |
|
47 |
regex = (?:\S+\s){1}(\S+).*\s403\s.* |
|
48 |
|
|
49 |
[smtp] |
|
50 |
logfile = /var/log/maillog |
|
51 |
regex = .* event=failed-command address=([\S]+) .* |
|
52 |
|
|
53 |
[dovecot] |
|
54 |
logfile = /var/log/maillog |
|
55 |
regex = .*auth failed.*rip=([\S]+),.* |
|
56 |
|
|
57 |
[wordpress] |
|
58 |
# don't use if you have wordpress |
|
59 |
logfile = /var/www/logs/access.log |
|
60 |
regex = (?:\S+\s){1}(\S+).*wp-login.php.* |