commit | author | age
|
77f371
|
1 |
[DEFAULT] |
T |
2 |
# 24h + 5min |
|
3 |
# Time to keep banned a bad ip |
|
4 |
watch_while = 86700 |
3a37e6
|
5 |
# Max tries before being banned |
77f371
|
6 |
maxtries = 3 |
T |
7 |
# pf table to keep bad IP. |
|
8 |
# remember to clean the table with this command in a cron job : |
3a37e6
|
9 |
# /sbin/pfctl -t vilain_bruteforce -T expire 86400 |
77f371
|
10 |
vilain_table = vilain_bruteforce |
3a37e6
|
11 |
|
90bc70
|
12 |
# duration before each checks on the different log files |
T |
13 |
sleeptime = 3.0 |
|
14 |
|
3a37e6
|
15 |
### Ip ignored ### |
T |
16 |
[ignoreip] |
|
17 |
ip1 = 92.150.160.157 |
|
18 |
ip2 = 92.150.160.156 |
40cb2e
|
19 |
|
77f371
|
20 |
### Guardians |
T |
21 |
#[name of the guardian] |
|
22 |
#logfile = /file/to/watch |
|
23 |
#regex = regex that return the bad guy IP |
40cb2e
|
24 |
#maxtries = 2 #facultative |
77f371
|
25 |
|
T |
26 |
[ssh] |
|
27 |
logfile = /var/log/authlog |
|
28 |
regex = .* Failed .* from ([\S]+) .* |
|
29 |
|
|
30 |
[ssh2] |
|
31 |
logfile = /var/log/authlog |
|
32 |
regex = .* Connection closed by ([\S]+) .* |
|
33 |
|
3a37e6
|
34 |
#[http404] |
T |
35 |
#logfile = /var/www/logs/access.log |
|
36 |
#regex = (?:\S+\s){1}(\S+).*\s404\s.* |
|
37 |
|
|
38 |
[http401] |
|
39 |
logfile = /var/www/logs/access.log |
|
40 |
regex = (?:\S+\s){1}(\S+).*\s401\s.* |
|
41 |
|
|
42 |
[http403] |
|
43 |
logfile = /var/www/logs/access.log |
|
44 |
regex = (?:\S+\s){1}(\S+).*\s403\s.* |
|
45 |
|
|
46 |
[smtp] |
|
47 |
logfile = /var/log/maillog |
|
48 |
regex = .* event=failed-command address=([\S]+) .* |
|
49 |
|
|
50 |
[dovecot] |
|
51 |
logfile = /var/log/maillog |
|
52 |
regex = .*auth failed.*rip=([\S]+),.* |
|
53 |
|
|
54 |
[wordpress] |
|
55 |
# don't use if you have wordpress |
|
56 |
logfile = /var/www/logs/access.log |
|
57 |
regex = (?:\S+\s){1}(\S+).*wp-login.php.* |
|
58 |
|