| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
The information sent to the logs was unstructured and less ideal.
This unifies the log events to be similar and provide more useful
details and less static text.
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <dazo@eurephia.org>
|
| |
|
|
|
|
|
|
| |
This change is based on the API changes of the message strings
being changed to Python lists. Currently we expect only one regex
match group, where the first element is the IP address.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The message sent to the Reporter modules contained a string of
each regex match group values separated by a pipe (|). This was
not flexible enough, so this change will send all the regex match
groups as a Python list to the Reporter.
The existing Reporter modules have currently just been modified
to stitch together the message list as a string identical to the
old behaviour now, to ensure backwards compatibility for now.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
| |
- Use the proper FSF address
- Use the new contact address for David Sommerseth
- Use a better wording for the GPLv2 only license
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It may happen on some systems that the iptables command line
have completed removing ipset rules, but things aren't quite yet
ready. This adds a 5 seconds delay before ipset tries to remove
the ipset list.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
| |
By setting the ipset-save Reporter option to point at a file name,
the state will be automatically loaded upon start and saved before
LogActio stops running.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
| |
This is needed to avoid LogActio believing an IP address has been registered
but have been removed from ipset - either manually or by a timeout.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
| |
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This requires currently logactio to run as root. On matches, instead
of reporting the match it will use the IP address extrated via the regex
and add it to an ipset(8) set (hash:ip). This set can then be used
in other iptables rules to f.ex block failing attempts.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
|
| |
|
|
|
|
|
| |
This allows alerts to be sent to a Qpid based AMQP broker. A
simple alert consumer has been added as well.
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
| |
This reporter module will send e-mails with the gathered information
Signed-off-by: David Sommerseth <davids@redhat.com>
|
| |
|
|
|
|
| |
This will send alerts to a web server via HTTP GET/POST requests
Signed-off-by: David Sommerseth <davids@redhat.com>
|
|
|
This is the first step of the logactio framework
Signed-off-by: David Sommerseth <davids@redhat.com>
|
