From 6bbbca9bb98c8a3c37bfc8795048995c673b795a Mon Sep 17 00:00:00 2001
From: Thuban <thuban@yeuxdelibad.net>
Date: Mon, 26 Feb 2018 16:38:51 +0000
Subject: [PATCH] example config file installed

---
 vilain.conf |   18 ++++++++++--------
 Makefile    |    4 ++++
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index 92f620b..94258e0 100644
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,9 @@
 	@chmod 755 ${DESTDIR}${PREFIX}/bin/vilainreport
 	@chmod 644 ${DESTDIR}${PREFIX}/sbin/vilain.py
 	@chmod 644 ${DESTDIR}${PREFIX}/sbin/vilainreport.py
+	@echo installing sample config file
+	@cp -f vilain.conf /etc/vilain.conf
+	@chmod 644 /etc/vilain.conf
 	@echo installing init script in /etc/rc.d
 	@cp -f vilain.rc /etc/rc.d/vilain
 	@chmod 755 /etc/rc.d/vilain
@@ -38,5 +41,6 @@
 	@rm -f ${DESTDIR}${PREFIX}/sbin/vilainreport.py
 	@echo removing manual page to ${DESTDIR}${MANPREFIX}/
 	@rm -f ${DESTDIR}${MANPREFIX}/vilain.1
+	@echo Remove configuration file manually if you want, located at /etc/vilain.conf
 
 .PHONY: install uninstall
diff --git a/vilain.conf b/vilain.conf
index 907460e..c12a92e 100644
--- a/vilain.conf
+++ b/vilain.conf
@@ -17,8 +17,7 @@
 
 ### Ip ignored ###
 [ignoreip]
-ip1 = 92.150.160.157
-ip2 = 92.150.160.156
+ip1 = 127.0.0.1
 
 ### Guardians
 #[name of the guardian]
@@ -49,22 +48,25 @@
 [smtp]
 logfile = /var/log/maillog
 regex = .* event=failed-command address=([\S]+) .*
+maxtries = 2
 
 [dovecot]
 logfile = /var/log/maillog
 regex = .*auth failed.*rip=([\S]+),.*
+maxtries = 2
 
 [wordpress]
 # don't use if you have wordpress
 logfile = /var/www/logs/access.log
 regex = (?:\S+\s){1}(\S+).*wp-login.php.*
+maxtries = 1
 
 # Nextcloud: login page
 # Nextcloud 12 brings protection against brute-force attacks
 # but 1/ not yet tested so far 2/ system protection is probably more efficient
-[nextcloud]
-logfile = /var/www/htdocs/datacloud/nextcloud.log
-regex = .*Bruteforce attempt from \\"(.*)\\" detected
+#[nextcloud]
+#logfile = /var/www/htdocs/datacloud/nextcloud.log
+#regex = .*Bruteforce attempt from \\"(.*)\\" detected
 
 # Nextcloud: public shares protected by password
 # regex is compliant with NginX log format:
@@ -72,6 +74,6 @@
 #        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
 #                        '$status $body_bytes_sent "$http_referer" '
 #                        '"$http_user_agent" "$http_x_forwarded_for"';
-[nextcloud-share]
-logfile = /var/www/logs/access-nextcloud.log
-regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200
+#[nextcloud-share]
+#logfile = /var/www/logs/access-nextcloud.log
+#regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200

--
Gitblit v1.9.3