A couple more things to watch for

author Richard Kettlewell <rjk@greenend.org.uk>

Sat, 5 Mar 2011 12:41:19 +0000 (12:41 +0000)

committer Richard Kettlewell <rjk@greenend.org.uk>

Sat, 5 Mar 2011 12:41:19 +0000 (12:41 +0000)
author Richard Kettlewell <rjk@greenend.org.uk>
Sat, 5 Mar 2011 12:41:19 +0000 (12:41 +0000)
committer Richard Kettlewell <rjk@greenend.org.uk>
Sat, 5 Mar 2011 12:41:19 +0000 (12:41 +0000)
diff --git a/examples/blockad.conf b/examples/blockad.conf

index b288576..191a4a9 100644 (file)
--- a/examples/blockad.conf
+++ b/examples/blockad.conf
@@ -4,11 +4,13 @@
 
 # File(s) to watch
 watch /var/log/auth.log
+watch /var/log/secure.log
 
 # Logfile patterns look out for
 address 'Invalid user [^[:space:]]+ from ([^[:space:]]+)' 1
 address 'Failed password for [^[:space:]]+ from ([^[:space:]]+)' 1
 address 'Failed password for invalid user [^[:space:]]+ from ([^[:space:]]+)' 1
+address 'Failed keyboard-interactive/pam for invalid user [^[:space:]]+ from ([^[:space:]]+)' 1
 
 # Address patterns to exempt
 exempt 127.0.0.1
author	Richard Kettlewell <rjk@greenend.org.uk>
	Sat, 5 Mar 2011 12:41:19 +0000 (12:41 +0000)
committer	Richard Kettlewell <rjk@greenend.org.uk>
	Sat, 5 Mar 2011 12:41:19 +0000 (12:41 +0000)