From 9139472a675a61e7f00c93bb9f888da095ea854e Mon Sep 17 00:00:00 2001
From: Yax <kianby@madyanne.fr>
Date: Sat, 16 Sep 2017 10:36:30 +0000
Subject: [PATCH] add nextcloud probes

---
 vilain.conf |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/vilain.conf b/vilain.conf
index b3d67e2..907460e 100644
--- a/vilain.conf
+++ b/vilain.conf
@@ -58,3 +58,20 @@
 # don't use if you have wordpress
 logfile = /var/www/logs/access.log
 regex = (?:\S+\s){1}(\S+).*wp-login.php.*
+
+# Nextcloud: login page
+# Nextcloud 12 brings protection against brute-force attacks
+# but 1/ not yet tested so far 2/ system protection is probably more efficient
+[nextcloud]
+logfile = /var/www/htdocs/datacloud/nextcloud.log
+regex = .*Bruteforce attempt from \\"(.*)\\" detected
+
+# Nextcloud: public shares protected by password
+# regex is compliant with NginX log format:
+#     /etc/nginx/nginx.conf:
+#        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+#                        '$status $body_bytes_sent "$http_referer" '
+#                        '"$http_user_agent" "$http_x_forwarded_for"';
+[nextcloud-share]
+logfile = /var/www/logs/access-nextcloud.log
+regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200

--
Gitblit v1.9.3