From c8affe7502d5f8851205547874ca09a7421a081d Mon Sep 17 00:00:00 2001 From: Thuban <thuban@yeuxdelibad.net> Date: Sat, 08 Dec 2018 16:32:31 +0000 Subject: [PATCH] update example --- vilain.conf | 20 ++++++++++++++------ 1 files changed, 14 insertions(+), 6 deletions(-) diff --git a/vilain.conf b/vilain.conf index c12a92e..14ece6a 100644 --- a/vilain.conf +++ b/vilain.conf @@ -33,6 +33,14 @@ logfile = /var/log/authlog regex = .* Connection closed by ([\S]+) .* +#[ssh3] +#logfile = /var/log/authlog +#regex = .* Invalid user \w+ from ([\S]+) .* + +[ssh4] +logfile = /var/log/authlog +regex = .* Disconnected from authenticating user root ([\S]+) .* + #[http404] #logfile = /var/www/logs/access.log #regex = (?:\S+\s){1}(\S+).*\s404\s.* @@ -64,9 +72,9 @@ # Nextcloud: login page # Nextcloud 12 brings protection against brute-force attacks # but 1/ not yet tested so far 2/ system protection is probably more efficient -#[nextcloud] -#logfile = /var/www/htdocs/datacloud/nextcloud.log -#regex = .*Bruteforce attempt from \\"(.*)\\" detected +[nextcloud] +logfile = /var/www/htdocs/datacloud/nextcloud.log +regex = .*Bruteforce attempt from \\"(.*)\\" detected # Nextcloud: public shares protected by password # regex is compliant with NginX log format: @@ -74,6 +82,6 @@ # log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; -#[nextcloud-share] -#logfile = /var/www/logs/access-nextcloud.log -#regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200 +[nextcloud-share] +logfile = /var/www/logs/access-nextcloud.log +regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200 -- Gitblit v1.9.3