From 7c496c045ad95c2426b9231565165c17dd538918 Mon Sep 17 00:00:00 2001
From: Thuban <thuban@yeuxdelibad.net>
Date: Sat, 01 Dec 2018 09:24:25 +0000
Subject: [PATCH] merge

---
 vilain.conf |   31 +++++++++++++++++++++++++++++--
 1 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/vilain.conf b/vilain.conf
index b3d67e2..ee687be 100644
--- a/vilain.conf
+++ b/vilain.conf
@@ -17,8 +17,7 @@
 
 ### Ip ignored ###
 [ignoreip]
-ip1 = 92.150.160.157
-ip2 = 92.150.160.156
+ip1 = 127.0.0.1
 
 ### Guardians
 #[name of the guardian]
@@ -33,6 +32,14 @@
 [ssh2]
 logfile = /var/log/authlog
 regex = .* Connection closed by ([\S]+) .*
+
+[ssh3]
+logfile = /var/log/authlog
+regex = .* Invalid user \w+ ([\S]+) .*
+
+[ssh4]
+logfile = /var/log/authlog
+regex = .* Disconnected from authenticating user root ([\S]+) .*
 
 #[http404]
 #logfile = /var/www/logs/access.log
@@ -49,12 +56,32 @@
 [smtp]
 logfile = /var/log/maillog
 regex = .* event=failed-command address=([\S]+) .*
+maxtries = 2
 
 [dovecot]
 logfile = /var/log/maillog
 regex = .*auth failed.*rip=([\S]+),.*
+maxtries = 2
 
 [wordpress]
 # don't use if you have wordpress
 logfile = /var/www/logs/access.log
 regex = (?:\S+\s){1}(\S+).*wp-login.php.*
+maxtries = 1
+
+# Nextcloud: login page
+# Nextcloud 12 brings protection against brute-force attacks
+# but 1/ not yet tested so far 2/ system protection is probably more efficient
+[nextcloud]
+logfile = /var/www/htdocs/datacloud/nextcloud.log
+regex = .*Bruteforce attempt from \\"(.*)\\" detected
+
+# Nextcloud: public shares protected by password
+# regex is compliant with NginX log format:
+#     /etc/nginx/nginx.conf:
+#        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+#                        '$status $body_bytes_sent "$http_referer" '
+#                        '"$http_user_agent" "$http_x_forwarded_for"';
+[nextcloud-share]
+logfile = /var/www/logs/access-nextcloud.log
+regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200

--
Gitblit v1.9.3