Mercurial > hg > maltfilter
comparison README @ 89:56b854932103 maltfilter-0.19.1
Update documentation.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Sun, 30 Aug 2009 21:48:56 +0300 |
parents | edba50b28190 |
children | 6e47a5c97538 |
comparison
equal
deleted
inserted
replaced
88:3bcc17b754bf | 89:56b854932103 |
---|---|
1 Malicious Attack Livid Termination Filter daemon (maltfilter) v0.19.0 | 1 Malicious Attack Livid Termination Filter daemon (maltfilter) v0.19.1 |
2 ===================================================================== | 2 ===================================================================== |
3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> | 3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> |
4 (C) Copyright 2009 Tecnic Software productions (TNSP) | 4 (C) Copyright 2009 Tecnic Software productions (TNSP) |
5 | 5 |
6 Distributed under the modified ("3-clause") BSD license. Please see | 6 Distributed under the modified ("3-clause") BSD license. Please see |
7 included file COPYING for more information. | 7 included file COPYING for more information. |
8 | 8 |
9 About | 9 About |
10 ===== | 10 ===== |
11 Maltfilter daemon script continuously scans various system logfiles | 11 Maltfilter is daemon script written in Perl, which continuously scans various |
12 including auth.log, httpd logs, etc. for signs of malicious connections, | 12 system logfiles including auth.log, Apache style common logformat and error |
13 break-in and exploitation attempts. The originating IP addresses of | 13 logs, etc. for signs of malicious connections, break-in (login bruteforcing, |
14 these connections can be then acted upon in following ways, each | 14 etc.) and exploitation attempts. The originating IP addresses of these |
15 being optional: | 15 connections can be then acted upon in following ways, each being optional: |
16 | 16 |
17 * Insertion (and eventual deletion or "weeding") of Netfilter rules. | 17 * Insertion (and eventual deletion or "weeding") of Netfilter rules. |
18 * Submitting entry to DroneBL DNSBL service. | 18 * Submitting entry to DroneBL DNSBL service. |
19 * Gather "evidence" about certain PHP XSS exploit attempts into | 19 * Gather "evidence" about certain PHP XSS exploit attempts into |
20 specified directory. These evidence files include the attempted | 20 specified directory. These evidence files include the attempted |