Reflect last reflections 🔄
This commit is contained in:
ppom
29
cdc.md
29
cdc.md
@ -5,19 +5,28 @@
|
||||
Avec un défaut à `/etc/reaction/reactiond.conf`
|
||||
|
||||
```yaml
|
||||
actions:
|
||||
iptables:
|
||||
|
||||
definitions:
|
||||
- &iptablesban iptables -I reaction 1 -s <ip> -j block
|
||||
- &iptablesunban iptables -D reaction 1 -s <ip> -j block
|
||||
|
||||
regexes:
|
||||
IP: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})'
|
||||
ip: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})'
|
||||
|
||||
streams:
|
||||
nextcloud:
|
||||
cmd: journalctl -fu phpfpm-nextcloud.service
|
||||
actions:
|
||||
- regex: '"message":"Login failed: .\+ (Remote IP: \(?<IP>[0-9a-fA-F.:]\+\))"'
|
||||
# Can also be a list
|
||||
cmd: iptables -I f2b-nextcloud 1 -s <ip> -j <blocktype>
|
||||
nextcloud:
|
||||
cmd: journalctl -fu phpfpm-nextcloud.service
|
||||
filters:
|
||||
failed-login:
|
||||
regex:
|
||||
- '"message":"Login failed: .\+ (Remote IP: <ip>)"'
|
||||
retry: 3
|
||||
retry-period: 1h
|
||||
actions:
|
||||
ban:
|
||||
cmd: *iptablesban
|
||||
unban:
|
||||
cmd: *iptablesunban
|
||||
after: 1h
|
||||
```
|
||||
|
||||
reactionc: le client
|
||||
|
||||
Reference in New Issue
Block a user