LMF: Log Monitoring Framework By Max Schubert a.k.a. "perldork"

                                                                                                  
###############
# Version 0.5 #
###############

Code
-----

o Updated fw script with new features
  * Will look for QUIET variable in environment, setting QUIET to 0
    makes fw script verbose for debugging
  * Integrated APF integration code; LMF will whitelist any hosts
    listed as whitelisted in the /etc/apf/allow_hosts.rules file
  * Integrated local white list functionality; LMF will white list
    any hosts listed in the LMF white list file (configured at 
    the top of the fw script) .. this allows you to just bypass
    LMF checks while still keeping APF rules in place.

Rules
-----

o Added iptables.conf rule file with basic port scanning rule that matches
  output from iptables
o Fixed message variable problem with SSH brute force, variables were
  out of order for user and IP address.

###############
# Version 0.4 #
###############

o Configuration file directives 'trigger', 'message', and 'release' can 
  now use the following additional variables (see README for details):
  * count
  * threshold
  * duration
  * within
  * name
  * file
  * time
  * pct

  'trigger' and 'release' can also use 'message' to get the fully formatted
  message generated by the match (same string used in the syslog message)
  
Rules
-----

o  proftpd rules file now included with distribution.

o  Updated ssh rules to work with ssh version 3.6.1p2 (RHEL3) and
   3.9p1 as logging output changed between the two versions.

###############
# Version 0.3 #
###############

o Can read configuration snippets from HTTP/HTTPS remote directory
  with or without HTTP AUTH password protection.

o Installer makes soft link to /usr/local/lmf so that user of script
  does not *have* to change all configurations.