Mercurial > hg > maltfilter
comparison README @ 89:56b854932103 maltfilter-0.19.1
Update documentation.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sun, 30 Aug 2009 21:48:56 +0300 |
| parents | edba50b28190 |
| children | 6e47a5c97538 |
comparison
equal
deleted
inserted
replaced
| 88:3bcc17b754bf | 89:56b854932103 |
|---|---|
| 1 Malicious Attack Livid Termination Filter daemon (maltfilter) v0.19.0 | 1 Malicious Attack Livid Termination Filter daemon (maltfilter) v0.19.1 |
| 2 ===================================================================== | 2 ===================================================================== |
| 3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> | 3 Programmed by Matti 'ccr' Hämäläinen <ccr@tnsp.org> |
| 4 (C) Copyright 2009 Tecnic Software productions (TNSP) | 4 (C) Copyright 2009 Tecnic Software productions (TNSP) |
| 5 | 5 |
| 6 Distributed under the modified ("3-clause") BSD license. Please see | 6 Distributed under the modified ("3-clause") BSD license. Please see |
| 7 included file COPYING for more information. | 7 included file COPYING for more information. |
| 8 | 8 |
| 9 About | 9 About |
| 10 ===== | 10 ===== |
| 11 Maltfilter daemon script continuously scans various system logfiles | 11 Maltfilter is daemon script written in Perl, which continuously scans various |
| 12 including auth.log, httpd logs, etc. for signs of malicious connections, | 12 system logfiles including auth.log, Apache style common logformat and error |
| 13 break-in and exploitation attempts. The originating IP addresses of | 13 logs, etc. for signs of malicious connections, break-in (login bruteforcing, |
| 14 these connections can be then acted upon in following ways, each | 14 etc.) and exploitation attempts. The originating IP addresses of these |
| 15 being optional: | 15 connections can be then acted upon in following ways, each being optional: |
| 16 | 16 |
| 17 * Insertion (and eventual deletion or "weeding") of Netfilter rules. | 17 * Insertion (and eventual deletion or "weeding") of Netfilter rules. |
| 18 * Submitting entry to DroneBL DNSBL service. | 18 * Submitting entry to DroneBL DNSBL service. |
| 19 * Gather "evidence" about certain PHP XSS exploit attempts into | 19 * Gather "evidence" about certain PHP XSS exploit attempts into |
| 20 specified directory. These evidence files include the attempted | 20 specified directory. These evidence files include the attempted |