vilain.git - Gitblit

			@@ -1,7 +1,6 @@
			[DEFAULT]
			# 24h + 5min
			# Time to keep banned a bad ip
			watch_while = 86700
			# Duration (in sec) to keep banned a bad ip, reduce value if too much memory consumption
			watch_while = 3602
			# Max tries before being banned
			maxtries = 3
			# pf table to keep bad IP.
			@@ -17,8 +16,7 @@

			### Ip ignored ###
			[ignoreip]
			ip1 = 92.150.160.157
			ip2 = 92.150.160.156
			ip1 = 127.0.0.1

			### Guardians
			#[name of the guardian]
			@@ -26,13 +24,28 @@
			#regex = regex that return the bad guy IP
			#maxtries = 2 #facultative

			[ssh]
			[sshfail]
			logfile = /var/log/authlog
			regex = .* Failed .* from ([\S]+) .*

			[ssh2]
			[sshrootauth]
			logfile = /var/log/authlog
			regex = .* Connection closed by ([\S]+) .*
			regex = .* Disconnected from authenticating user root ([\S]+) .*
			maxtries = 1

			[sshinvaliduser]
			logfile = /var/log/authlog
			regex = .* Invalid user \w+ from ([\S]+) .*
			maxtries = 1

			[sshroot]
			logfile = /var/log/authlog
			regex = .* Failed .* for root from ([\S]+) .*
			maxtries = 1

			[sshbadprotocol]
			logfile = /var/log/authlog
			regex = .Bad protocol version identification . from ([\S]+) .*

			#[http404]
			#logfile = /var/www/logs/access.log
			@@ -48,16 +61,19 @@

			[smtp]
			logfile = /var/log/maillog
			regex = .* event=failed-command address=([\S]+) .*
			regex = .* failed-command address=([\S]+) .* result=\"535 Authentication failed\"
			maxtries = 2

			[dovecot]
			logfile = /var/log/maillog
			regex = .auth failed.rip=([\S]+),.*
			maxtries = 2

			[wordpress]
			# don't use if you have wordpress
			logfile = /var/www/logs/access.log
			regex = (?:\S+\s){1}(\S+).wp-login.php.
			maxtries = 1

			# Nextcloud: login page
			# Nextcloud 12 brings protection against brute-force attacks