vilain.git - Gitblit

			@@ -1,18 +1,30 @@
			[DEFAULT]
			# 24h + 5min
			# Time to keep banned a bad ip
			watch_while = 86700
			# Max tries before being bannes
			watch_while = 86700
			# Max tries before being banned
			maxtries = 3
			# pf table to keep bad IP.
			# remember to clean the table with this command in a cron job :
			# pfctl -t vilain_bruteforce -T expire 86400
			# /sbin/pfctl -t vilain_bruteforce -T expire 86400
			vilain_table = vilain_bruteforce

			# vilain log file
			vilain_log = /var/log/daemon

			# duration before each checks on the different log files
			sleeptime = 3.0

			### Ip ignored ###
			[ignoreip]
			ip1 = 92.150.160.157
			ip2 = 92.150.160.156

			### Guardians
			#[name of the guardian]
			#logfile = /file/to/watch
			#regex = regex that return the bad guy IP
			#maxtries = 2 #facultative

			[ssh]
			logfile = /var/log/authlog
			@@ -22,3 +34,27 @@
			logfile = /var/log/authlog
			regex = .* Connection closed by ([\S]+) .*

			#[http404]
			#logfile = /var/www/logs/access.log
			#regex = (?:\S+\s){1}(\S+).\s404\s.

			[http401]
			logfile = /var/www/logs/access.log
			regex = (?:\S+\s){1}(\S+).\s401\s.

			[http403]
			logfile = /var/www/logs/access.log
			regex = (?:\S+\s){1}(\S+).\s403\s.

			[smtp]
			logfile = /var/log/maillog
			regex = .* event=failed-command address=([\S]+) .*

			[dovecot]
			logfile = /var/log/maillog
			regex = .auth failed.rip=([\S]+),.*

			[wordpress]
			# don't use if you have wordpress
			logfile = /var/www/logs/access.log
			regex = (?:\S+\s){1}(\S+).wp-login.php.