example config file installed

Thuban

2018-02-26 6bbbca9bb98c8a3c37bfc8795048995c673b795a

 vilain.conf

@@ -17,8 +17,7 @@

### Ip ignored ###
[ignoreip]
ip1 = 92.150.160.157
ip2 = 92.150.160.156
ip1 = 127.0.0.1

### Guardians
#[name of the guardian]
@@ -49,22 +48,25 @@
[smtp]
logfile = /var/log/maillog
regex = .* event=failed-command address=([\S]+) .*
maxtries = 2

[dovecot]
logfile = /var/log/maillog
regex = .*auth failed.*rip=([\S]+),.*
maxtries = 2

[wordpress]
# don't use if you have wordpress
logfile = /var/www/logs/access.log
regex = (?:\S+\s){1}(\S+).*wp-login.php.*
maxtries = 1

# Nextcloud: login page
# Nextcloud 12 brings protection against brute-force attacks
# but 1/ not yet tested so far 2/ system protection is probably more efficient
[nextcloud]
logfile = /var/www/htdocs/datacloud/nextcloud.log
regex = .*Bruteforce attempt from \\"(.*)\\" detected
#[nextcloud]
#logfile = /var/www/htdocs/datacloud/nextcloud.log
#regex = .*Bruteforce attempt from \\"(.*)\\" detected

# Nextcloud: public shares protected by password
# regex is compliant with NginX log format:
@@ -72,6 +74,6 @@
#        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
#                        '$status $body_bytes_sent "$http_referer" '
#                        '"$http_user_agent" "$http_x_forwarded_for"';
[nextcloud-share]
logfile = /var/www/logs/access-nextcloud.log
regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200
#[nextcloud-share]
#logfile = /var/www/logs/access-nextcloud.log
#regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200