yo/reaction
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Reflect last reflections 🔄

Browse Source
This commit is contained in:
ppom 2023-03-23 14:24:26 +01:00
parent e87c09283d
commit a26014399b
1 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
cdc.md
View File

@ -5,19 +5,28 @@
Avec un défaut à `/etc/reaction/reactiond.conf` Avec un défaut à `/etc/reaction/reactiond.conf`
```yaml ```yaml
actions: definitions:
iptables: - &iptablesban iptables -I reaction 1 -s <ip> -j block
- &iptablesunban iptables -D reaction 1 -s <ip> -j block
regexes: regexes:
IP: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})' ip: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})'
streams: streams:
nextcloud: nextcloud:
cmd: journalctl -fu phpfpm-nextcloud.service cmd: journalctl -fu phpfpm-nextcloud.service
filters:
failed-login:
regex:
- '"message":"Login failed: .\+ (Remote IP: <ip>)"'
retry: 3
retry-period: 1h
actions: actions:
- regex: '"message":"Login failed: .\+ (Remote IP: \(?<IP>[0-9a-fA-F.:]\+\))"' ban:
# Can also be a list cmd: *iptablesban
cmd: iptables -I f2b-nextcloud 1 -s <ip> -j <blocktype> unban:
cmd: *iptablesunban
after: 1h
``` ```
reactionc: le client reactionc: le client