From 72c7d8214e6a7b4cfc9068554bed33151eb7b7c3 Mon Sep 17 00:00:00 2001
From: Thuban <thuban@yeuxdelibad.net>
Date: Mon, 26 Feb 2018 08:47:25 +0000
Subject: [PATCH] last updt

---
 vilain.conf |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/vilain.conf b/vilain.conf
index b3d67e2..907460e 100644
--- a/vilain.conf
+++ b/vilain.conf
@@ -58,3 +58,20 @@
 # don't use if you have wordpress
 logfile = /var/www/logs/access.log
 regex = (?:\S+\s){1}(\S+).*wp-login.php.*
+
+# Nextcloud: login page
+# Nextcloud 12 brings protection against brute-force attacks
+# but 1/ not yet tested so far 2/ system protection is probably more efficient
+[nextcloud]
+logfile = /var/www/htdocs/datacloud/nextcloud.log
+regex = .*Bruteforce attempt from \\"(.*)\\" detected
+
+# Nextcloud: public shares protected by password
+# regex is compliant with NginX log format:
+#     /etc/nginx/nginx.conf:
+#        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+#                        '$status $body_bytes_sent "$http_referer" '
+#                        '"$http_user_agent" "$http_x_forwarded_for"';
+[nextcloud-share]
+logfile = /var/www/logs/access-nextcloud.log
+regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200

--
Gitblit v1.9.3