From 70950c8a8d3d905e2895bb7200e6ee5b6e9599ea Mon Sep 17 00:00:00 2001 From: Thuban <thuban@yeuxdelibad.net> Date: Thu, 13 Dec 2018 18:17:10 +0000 Subject: [PATCH] better memory perf --- vilain.conf | 25 ++++++++++++++++--------- 1 files changed, 16 insertions(+), 9 deletions(-) diff --git a/vilain.conf b/vilain.conf index c12a92e..9828c21 100644 --- a/vilain.conf +++ b/vilain.conf @@ -1,7 +1,6 @@ [DEFAULT] -# 24h + 5min -# Time to keep banned a bad ip -watch_while = 86700 +# Duration (in sec) to keep banned a bad ip, reduce value if too much memory consumption +watch_while = 3602 # Max tries before being banned maxtries = 3 # pf table to keep bad IP. @@ -32,6 +31,14 @@ [ssh2] logfile = /var/log/authlog regex = .* Connection closed by ([\S]+) .* + +#[ssh3] +#logfile = /var/log/authlog +#regex = .* Invalid user \w+ from ([\S]+) .* + +[ssh4] +logfile = /var/log/authlog +regex = .* Disconnected from authenticating user root ([\S]+) .* #[http404] #logfile = /var/www/logs/access.log @@ -64,9 +71,9 @@ # Nextcloud: login page # Nextcloud 12 brings protection against brute-force attacks # but 1/ not yet tested so far 2/ system protection is probably more efficient -#[nextcloud] -#logfile = /var/www/htdocs/datacloud/nextcloud.log -#regex = .*Bruteforce attempt from \\"(.*)\\" detected +[nextcloud] +logfile = /var/www/htdocs/datacloud/nextcloud.log +regex = .*Bruteforce attempt from \\"(.*)\\" detected # Nextcloud: public shares protected by password # regex is compliant with NginX log format: @@ -74,6 +81,6 @@ # log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; -#[nextcloud-share] -#logfile = /var/www/logs/access-nextcloud.log -#regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200 +[nextcloud-share] +logfile = /var/www/logs/access-nextcloud.log +regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200 -- Gitblit v1.9.3