atmos/ban2fail
1
1
Fork 0
mirror of https://github.com/jrbrtsn/ban2fail synced 2024-06-16 03:48:03 +00:00
Code Issues Releases Wiki Activity

Cosmetic edits

Browse Source
This commit is contained in:
john 2019-12-05 11:06:11 -05:00
parent 11ea247964
commit 57553e4a3c
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -35,24 +35,24 @@ default that IP will be blocked.
``` ```
LOGTYPE auth { LOGTYPE auth {
# Where to find the log files # Where to find the log files
DIR= /var/log DIR= /var/log
PREFIX= auth.log PREFIX= auth.log
# How to read the timestamp # How to read the timestamp
TIMESTAMP auth_ts { TIMESTAMP auth_ts {
# isolates the timestamp from a line matched by a TARGET # isolates the timestamp from a line matched by a TARGET
REGEX= ^(.*) srv REGEX= ^(.*) srv
# Passed to strptime() to intrepret the timestamp string # Passed to strptime() to intrepret the timestamp string
STRPTIME= %b %d %T STRPTIME= %b %d %T
# These stamps do not include the year, so it is implied. # These stamps do not include the year, so it is implied.
FLAGS= GUESS_YEAR FLAGS= GUESS_YEAR
} }
TARGET imap { TARGET imap {
# Pattern to search for, isolates the IP address # Pattern to search for, isolates the IP address
REGEX= imapd.*Login failed.*\[([0-9.a-f:]+)\]$ REGEX= imapd.*Login failed.*\[([0-9.a-f:]+)\]$
# Assign this as the severity of the offense. # Assign this as the severity of the offense.
SEVERITY= 3 SEVERITY= 3
} }
@ -69,9 +69,8 @@ LOGTYPE auth {
TARGET dovecot { TARGET dovecot {
SEVERITY= 3 SEVERITY= 3
REGEX= dovecot.*authentication failure.*rhost=([0-9.]+) REGEX= dovecot.*authentication failure.*rhost=([0-9.a-f:]+)
} }
} }
``` ```