vilain.git - Gitblit

			@@ -17,8 +17,7 @@

			### Ip ignored ###
			[ignoreip]
			ip1 = 92.150.160.157
			ip2 = 92.150.160.156
			ip1 = 127.0.0.1

			### Guardians
			#[name of the guardian]
			@@ -33,6 +32,14 @@
			[ssh2]
			logfile = /var/log/authlog
			regex = .* Connection closed by ([\S]+) .*

			#[ssh3]
			#logfile = /var/log/authlog
			#regex = .* Invalid user \w+ from ([\S]+) .*

			[ssh4]
			logfile = /var/log/authlog
			regex = .* Disconnected from authenticating user root ([\S]+) .*

			#[http404]
			#logfile = /var/www/logs/access.log
			@@ -49,12 +56,32 @@
			[smtp]
			logfile = /var/log/maillog
			regex = .* event=failed-command address=([\S]+) .*
			maxtries = 2

			[dovecot]
			logfile = /var/log/maillog
			regex = .auth failed.rip=([\S]+),.*
			maxtries = 2

			[wordpress]
			# don't use if you have wordpress
			logfile = /var/www/logs/access.log
			regex = (?:\S+\s){1}(\S+).wp-login.php.
			maxtries = 1

			# Nextcloud: login page
			# Nextcloud 12 brings protection against brute-force attacks
			# but 1/ not yet tested so far 2/ system protection is probably more efficient
			[nextcloud]
			logfile = /var/www/htdocs/datacloud/nextcloud.log
			regex = .Bruteforce attempt from \\"(.)\\" detected

			# Nextcloud: public shares protected by password
			# regex is compliant with NginX log format:
			# /etc/nginx/nginx.conf:
			# log_format main '$remote_addr - $remote_user [$time_local] "$request" '
			# '$status $body_bytes_sent "$http_referer" '
			# '"$http_user_agent" "$http_x_forwarded_for"';
			[nextcloud-share]
			logfile = /var/www/logs/access-nextcloud.log
			regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200