2013-10-30 13:02:59 +00:00
|
|
|
# Fail2Ban filter for suhosian PHP hardening
|
2009-08-30 14:17:29 +00:00
|
|
|
#
|
2013-10-30 13:02:59 +00:00
|
|
|
# This occurs with lighttpd or directly from the plugin
|
2009-08-30 14:17:29 +00:00
|
|
|
#
|
|
|
|
|
2013-10-05 09:39:39 +00:00
|
|
|
[INCLUDES]
|
|
|
|
|
|
|
|
# Read common prefixes. If any customizations available -- read them from
|
|
|
|
# common.local
|
|
|
|
before = common.conf
|
|
|
|
|
|
|
|
|
2009-08-30 14:17:29 +00:00
|
|
|
[Definition]
|
|
|
|
|
2013-10-05 09:39:39 +00:00
|
|
|
_daemon = (?:lighttpd|suhosin)
|
|
|
|
|
|
|
|
|
|
|
|
_lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s)
|
|
|
|
|
|
|
|
failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .* \(attacker '<HOST>', file '.*'(?:, line \d+)?\)$
|
2009-08-30 14:17:29 +00:00
|
|
|
|
|
|
|
ignoreregex =
|
2013-10-30 13:02:59 +00:00
|
|
|
|
|
|
|
# DEV Notes:
|
|
|
|
#
|
|
|
|
# https://github.com/stefanesser/suhosin/blob/1fba865ab73cc98a3109f88d85eb82c1bfc29b37/log.c#L161
|
|
|
|
#
|
|
|
|
# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
|