reaction/reaction.yml

35 lines
837 B
YAML
Raw Normal View History

2023-03-23 21:14:53 +01:00
---
definitions:
- &iptablesban iptables -I reaction 1 -s <ip> -j block
- &iptablesunban iptables -D reaction 1 -s <ip> -j block
# regexes:
# ip: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})'
streams:
2023-03-24 00:27:51 +01:00
tailDown:
cmd: [ "tail", "-f", "/home/ao/DOWN" ]
2023-03-23 21:14:53 +01:00
filters:
2023-03-24 00:27:51 +01:00
lookForProuts:
regex:
- prout
retry: 1
retry-period: 1s
2023-03-23 21:14:53 +01:00
actions:
2023-03-24 00:27:51 +01:00
damn:
cmd: [ "echo", "DAMN" ]
sleepdamn:
cmd: [ "echo", "sleepDAMN" ]
after: 2s
# - cmd: journalctl -fu phpfpm-nextcloud.service
# filters:
# - regex:
# - '"message":"Login failed: .\+ (Remote IP: <ip>)"'
# retry: 3
# retry-period: 1h
# actions:
# - cmd: *iptablesban
# - cmd: *iptablesunban
# after: 1h