Reflect last reflections 🔄

2023-03-23 14:24:26 +01:00 · 2023-03-23 14:24:26 +01:00 · a26014399b
commit a26014399b
parent e87c09283d
1 changed files with 19 additions and 10 deletions
--- a/cdc.md
+++ b/cdc.md
@ -5,19 +5,28 @@
 Avec un défaut à `/etc/reaction/reactiond.conf`

 ```yaml
-actions:
-  iptables:
-    
+definitions:
+  - &iptablesban iptables -I reaction 1 -s <ip> -j block
+  - &iptablesunban iptables -D reaction 1 -s <ip> -j block
+
 regexes:
-  IP: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})'
+  ip: '(([0-9]{1,3}\.){3}[0-9]{1,3})|([0-9a-fA-F:]{2,90})'

 streams:
- nextcloud:
-   cmd: journalctl -fu phpfpm-nextcloud.service
-   actions:
-     - regex: '"message":"Login failed: .\+ (Remote IP: \(?<IP>[0-9a-fA-F.:]\+\))"'
-       # Can also be a list
-       cmd: iptables -I f2b-nextcloud 1 -s <ip> -j <blocktype>
+  nextcloud:
+    cmd: journalctl -fu phpfpm-nextcloud.service
+    filters:
+      failed-login:
+        regex:
+          - '"message":"Login failed: .\+ (Remote IP: <ip>)"'
+        retry: 3
+        retry-period: 1h
+        actions:
+          ban:
+            cmd: *iptablesban
+          unban:
+            cmd: *iptablesunban 
+            after: 1h
 ```

 reactionc: le client