| | |
|---|
| | | #regex = regex that return the bad guy IP |
|---|
| | | #maxtries = 2 #facultative |
|---|
| | | |
|---|
| | | [ssh] |
|---|
| | | [sshfail] |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .* Failed .* from ([\S]+) .* |
|---|
| | | |
|---|
| | | [ssh2] |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .* Connection closed by ([\S]+) .* |
|---|
| | | |
|---|
| | | #[ssh3] |
|---|
| | | #logfile = /var/log/authlog |
|---|
| | | #regex = .* Invalid user \w+ from ([\S]+) .* |
|---|
| | | |
|---|
| | | [ssh4] |
|---|
| | | [sshrootauth] |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .* Disconnected from authenticating user root ([\S]+) .* |
|---|
| | | maxtries = 1 |
|---|
| | | |
|---|
| | | [sshinvaliduser] |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .* Invalid user \w+ from ([\S]+) .* |
|---|
| | | maxtries = 1 |
|---|
| | | |
|---|
| | | [sshroot] |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .* Failed .* for root from ([\S]+) .* |
|---|
| | | maxtries = 1 |
|---|
| | | |
|---|
| | | [sshbadprotocol] |
|---|
| | | logfile = /var/log/authlog |
|---|
| | | regex = .*Bad protocol version identification .* from ([\S]+) .* |
|---|
| | | |
|---|
| | | #[http404] |
|---|
| | | #logfile = /var/www/logs/access.log |
|---|
| | |
|---|
| | | |
|---|
| | | [smtp] |
|---|
| | | logfile = /var/log/maillog |
|---|
| | | regex = .* event=failed-command address=([\S]+) .* |
|---|
| | | regex = .* failed-command address=([\S]+) .* result=\"535 Authentication failed\" |
|---|
| | | maxtries = 2 |
|---|
| | | |
|---|
| | | [dovecot] |
|---|
