nano /etc/csf/regex.custom.pm
# if (($lgfile eq $config{POP3D_LOG}) and ($line =~ /,(\S+),\S+\): Password mismatch/)) { return ("Failed POP3 login from",$1,"POP3_fail","5","110,143,993,995","600"); }
# if (($lgfile eq $config{FTPD_LOG}) and ($line =~ /FAIL LOGIN: Client \"(\S+)\"/)) { return ("Failed FTP login from",$1,"vsftpd_fail","5","3327","1"); }
# if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+) failed to login/)) { return ("Login attempt to VestaCP from",$1,"VESTAlogin_fail","2","7419","1"); }
if ($lgfile eq $config{SMTPAUTH_LOG}) {
if ($line =~ /\[(\S+)\]: 535 Incorrect/) { return ("Failed SMTP login from",$1,"SMTP_fail_login","2","25,465,587","36000"); }
if ($line =~ /^\S+ \S+ smtp: User (\S*) doesn\'t exist\. Attempt from IP address (\S+)\s*$/) { return ("Failed SMTP login from",$1,"SMTP_user_not_exist","2","25,465,587","36000"); }
if ($line =~ /\[(\S+)\] F=<\S+> rejected RCPT/) { return ("Unrouteable address from",$1,"SMTP_no_email_1","2","25,465,587","36000"); }
if ($line =~ /\[(\S+)\] \S+ \S+ F=<\S+> rejected RCPT/) { return ("Unrouteable address from",$1,"SMTP_no_email_2","2","25,465,587","36000"); }
}
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /Login failed for \S+ against localhost from (\S+)\(/)) { return ("Failed Roundcube login from",$1,"roundcube_fail","5","80,443","600"); }
nano /etc/csf/csf.conf
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/vsftpd.log"
SMTPAUTH_LOG = "/var/log/exim/reject.log"
POP3D_LOG = "/var/log/dovecot.log"
IMAPD_LOG = "/var/log/dovecot.log"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/secure"
VESTA_LOG = "/var/log/vesta/auth.log"
CUSTOM1_LOG = "/var/log/roundcubemail/errors.log"
sdf
27 ส.ค. 62