vilain.git - Gitblit

			@@ -1,7 +1,7 @@
			[DEFAULT]
			# 24h + 5min
			# Time to keep banned a bad ip
			watch_while = 86700
			watch_while = 86700
			# Max tries before being banned
			maxtries = 3
			# pf table to keep bad IP.
			@@ -9,13 +9,15 @@
			# /sbin/pfctl -t vilain_bruteforce -T expire 86400
			vilain_table = vilain_bruteforce

			# vilain log file
			vilain_log = /var/log/daemon

			# duration before each checks on the different log files
			sleeptime = 3.0

			### Ip ignored ###
			[ignoreip]
			ip1 = 92.150.160.157
			ip2 = 92.150.160.156
			ip1 = 127.0.0.1

			### Guardians
			#[name of the guardian]
			@@ -46,13 +48,32 @@
			[smtp]
			logfile = /var/log/maillog
			regex = .* event=failed-command address=([\S]+) .*
			maxtries = 2

			[dovecot]
			logfile = /var/log/maillog
			regex = .auth failed.rip=([\S]+),.*
			maxtries = 2

			[wordpress]
			# don't use if you have wordpress
			logfile = /var/www/logs/access.log
			regex = (?:\S+\s){1}(\S+).wp-login.php.
			maxtries = 1

			# Nextcloud: login page
			# Nextcloud 12 brings protection against brute-force attacks
			# but 1/ not yet tested so far 2/ system protection is probably more efficient
			#[nextcloud]
			#logfile = /var/www/htdocs/datacloud/nextcloud.log
			#regex = .Bruteforce attempt from \\"(.)\\" detected

			# Nextcloud: public shares protected by password
			# regex is compliant with NginX log format:
			# /etc/nginx/nginx.conf:
			# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
			# '$status $body_bytes_sent "$http_referer" '
			# '"$http_user_agent" "$http_x_forwarded_for"';
			#[nextcloud-share]
			#logfile = /var/www/logs/access-nextcloud.log
			#regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200