2023-11-28 20:29:25 +01:00
|
|
|
# Copyright Tom Hubrecht, (2023)
|
|
|
|
#
|
|
|
|
# Tom Hubrecht <tom@hubrecht.ovh>
|
|
|
|
#
|
|
|
|
# This software is a computer program whose purpose is to configure
|
|
|
|
# machines and servers with NixOS.
|
|
|
|
#
|
|
|
|
# This software is governed by the CeCILL license under French law and
|
|
|
|
# abiding by the rules of distribution of free software. You can use,
|
|
|
|
# modify and/ or redistribute the software under the terms of the CeCILL
|
|
|
|
# license as circulated by CEA, CNRS and INRIA at the following URL
|
|
|
|
# "http://www.cecill.info".
|
|
|
|
#
|
|
|
|
# As a counterpart to the access to the source code and rights to copy,
|
|
|
|
# modify and redistribute granted by the license, users are provided only
|
|
|
|
# with a limited warranty and the software's author, the holder of the
|
|
|
|
# economic rights, and the successive licensors have only limited
|
|
|
|
# liability.
|
|
|
|
#
|
|
|
|
# In this respect, the user's attention is drawn to the risks associated
|
|
|
|
# with loading, using, modifying and/or developing or reproducing the
|
|
|
|
# software by the user in light of its specific status of free software,
|
|
|
|
# that may mean that it is complicated to manipulate, and that also
|
|
|
|
# therefore means that it is reserved for developers and experienced
|
|
|
|
# professionals having in-depth computer knowledge. Users are therefore
|
|
|
|
# encouraged to load and test the software's suitability as regards their
|
|
|
|
# requirements in conditions enabling the security of their systems and/or
|
|
|
|
# data to be ensured and, more generally, to use and operate it in the
|
|
|
|
# same conditions as regards security.
|
|
|
|
#
|
|
|
|
# The fact that you are presently reading this means that you have had
|
|
|
|
# knowledge of the CeCILL license and that you accept its terms.
|
|
|
|
|
|
|
|
_: {
|
|
|
|
nginx-spam = {
|
|
|
|
filter.Definition.failregex = ''
|
|
|
|
^<HOST>.*GET.*(matrix/server|\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$'';
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
logpath = "/var/log/nginx/access.log";
|
|
|
|
backend = "auto";
|
|
|
|
maxretry = 500;
|
|
|
|
findtime = 60;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
postfix-bruteforce = {
|
|
|
|
filter.Definition = {
|
|
|
|
failregex = "warning: [\\w\\.\\-]+\\[<HOST>\\]: SASL LOGIN authentication failed.*$";
|
|
|
|
journalmatch = "_SYSTEMD_UNIT=postfix.service";
|
|
|
|
};
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
findtime = 600;
|
|
|
|
maxretry = 1;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
sshd-bruteforce = {
|
|
|
|
filter.Definition = {
|
|
|
|
failregex = "pam_unix\\(sshd:auth\\): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=<ADDR>.*$";
|
|
|
|
journalmatch = "_SYSTEMD_UNIT=sshd.service";
|
|
|
|
};
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
findtime = 600;
|
|
|
|
maxretry = 1;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-01-05 16:10:06 +01:00
|
|
|
sshd-preauth = {
|
|
|
|
filter.Definition = {
|
|
|
|
failregex = "Received disconnect from <ADDR> port .* Bye Bye \\[preauth\\]$";
|
|
|
|
journalmatch = "_SYSTEMD_UNIT=sshd.service";
|
|
|
|
};
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
findtime = 600;
|
|
|
|
maxretry = 1;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-11-28 20:29:25 +01:00
|
|
|
sshd-timeout = {
|
|
|
|
filter.Definition = {
|
|
|
|
failregex = "fatal: Timeout before authentication for <ADDR>.*$";
|
|
|
|
journalmatch = "_SYSTEMD_UNIT=sshd.service";
|
|
|
|
};
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
findtime = 600;
|
|
|
|
maxretry = 1;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|