ssh.txr


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

@(include "txrban")
@(set *short-period* 15)
@(set *short-limit* 15)
@(set *short-ban* @(* 24 3600))
@(set *long-period* 300)
@(set *long-limit* 10)
@(set *long-ban* @(* 24 3600))
@(next @(open-tail "/var/log/auth.log" "r" nil))
@(repeat)
@  (all)
@(m month) @(n day) @(n year) @(n hour):@(n min):@(n sec) @(skip)
@    (bind time @(make-time year month day hour min sec :auto))
@  (and)
@    (cases)
@nil @nil @nil @nil localhost sshd[@nil]: Failed password for @user from @ip port @(skip)
@      (do
         (let ((users (get-info ip))
               (level 1))
           (if (> (length users) 3)
             (set level 9))
           (report ip time level user)))
@    (or)
@      (do (do-expiry time))
@    (end)
@  (end)
@(end)