Has anyone managed to get BFD 1.2 to run on CentOS 5.2?
It seems to run fine but when I ran it manually it didn't seem to go through any of the rules to check.
Here are some of my rules:
The paths are correct, I assume. Anyone see anything wrong?
Thanks
It seems to run fine but when I ran it manually it didn't seem to go through any of the rules to check.
Here are some of my rules:
Code:
# failed logins from a single address before ban
# uncomment to override conf.bfd trig value
# TRIG="10"
# file must exist for rule to be active
REQ="/usr/sbin/proftpd"
if [ -f "$REQ" ]; then
LP="$AUTH_LOG_PATH"
TLOG_TF="proftpd"
## PROFTPD
ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | sed -e 's/::ffff://' | grep -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | tr -d ':' | sed -n -e '/proftpd/s/.*USER \(.*\) no such user found from \([^ ]*\).*/\2:\1/p'`
fi
Code:
# failed logins from a single address before ban
# uncomment to override conf.bfd trig value
TRIG="5"
# file must exist for rule to be active
REQ="/usr/sbin/exim"
if [ -f "$REQ" ]; then
LP="/var/log/exim/mainlog"
TLOG_TF="exim"
## EXIM dictionary attacks
ARG_VAL=`$TLOG_PATH $LP $TLOG_TF | grep -iwE "no such address here|No such person at this address" | grep -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | tr -d '<>:' | sed -n -e '/rejected RCPT/s/.*\[\(.*\)] F=\(.*\) rejected RCPT \([^ ]*\).*/\1:\3/p'`
fiThe paths are correct, I assume. Anyone see anything wrong?
Thanks