Mercurial > hg > maltfilter

comparison example.conf @ 11:26c2cc5077aa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added reporting functionality.
author Matti Hamalainen <ccr@tnsp.org>
date Fri, 14 Aug 2009 01:19:58 +0300
parents a05ada86fbe0
children d6da1a6567f8
comparison
equal deleted inserted replaced
10:a05ada86fbe0 11:26c2cc5077aa
1 ## Maltfilter configuration file. 1 #############################################################################
2 ## PLEASE READ THROUGH THIS FILE VERY CAREFULLY! 2 ### Maltfilter configuration file.
3 ### PLEASE READ THROUGH THIS FILE VERY CAREFULLY!
3 4
5 #############################################################################
6 ### General settings
7 #############################################################################
4 # Verbosity level (0 = quiet, bigger values add noise. valid range 0 - 4) 8 # Verbosity level (0 = quiet, bigger values add noise. valid range 0 - 4)
5 VERBOSITY = 4 9 VERBOSITY = 4
6 10
7 # Dry-run: 1 = disables daemonization/forking to background, disables 11 # Dry-run: 1 = disables daemonization/forking to background, disables
8 # modification of netfilter/iptables, printing the iptables commands to 12 # modification of netfilter/iptables, printing the iptables commands to
9 # stdout instead. 13 # stdout instead.
10 # NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE! 14 # NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE!
11 DRY_RUN = 1 15 DRY_RUN = 1
12 16
13 # Define system log files to scan. Only auth.log and Apache errorlog / 17 # Maltfilter logfile path and name (set empty "" if you don't want logging)
14 # common log format files are supported for now. You can have as many 18 LOGFILE = "/var/log/maltfilter"
15 # of SCANFILE settings as you wish. 19
16 SCANFILE = "/var/log/auth.log" 20 # Full path to iptables binary
17 SCANFILE = "/var/log/httpd/error.log" 21 IPTABLES = "/sbin/iptables"
18 SCANFILE = "/var/log/httpd/access.log"
19 22
20 23
24 #############################################################################
25 ### Actions, etc. settings
26 #############################################################################
21 # Weeding treshold in hours. Entries older than this will be "weeded" 27 # Weeding treshold in hours. Entries older than this will be "weeded"
22 # off from current netfilter settings. 28 # off from current netfilter settings.
23 WEEDPERIOD = 72 29 WEEDPERIOD = 72
24 30
25 # How many "hits" the IP needs until it is eligible to be blocked. 31 # How many "hits" the IP needs until it is eligible to be blocked.
28 34
29 # Target iptables action for added entries, default is DROP, but you 35 # Target iptables action for added entries, default is DROP, but you
30 # can use whatever rule chain name you want to here. 36 # can use whatever rule chain name you want to here.
31 ACTION = "DROP" 37 ACTION = "DROP"
32 38
39 # IP addresses that should NOT be blocked under any circumstances. You should
40 # set this if you wish to have a surefire open channel from some host, even in
41 # the case someone tries to spoof IPs for denial of service.
42 #
43 # NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names.
44 # You can have any number of NOBLOCK_IPS settings.
45 NOBLOCK_IPS = "192.121.86.15"
46 NOBLOCK_IPS = "74.125.45.100"
47
48
49 #############################################################################
50 ### Logfiles
51 #############################################################################
52 # Define system log files to scan. Only auth.log and Apache errorlog /
53 # common log format files are supported for now. You can have as many
54 # of SCANFILE settings as you wish.
55 SCANFILE = "/var/log/auth.log"
56 SCANFILE = "/var/log/httpd/error.log"
57 SCANFILE = "/var/log/httpd/access.log"
58
59
60 #############################################################################
61 ### Checks / tests
62 #############################################################################
33 # Enabled checks (1 = enabled, 0 = disabled). Please read the test 63 # Enabled checks (1 = enabled, 0 = disabled). Please read the test
34 # descriptions from "check_log_line" function in the maltfilter script. 64 # descriptions from "check_log_line" function in the maltfilter script.
35 CHK_SSHD = 1 65 CHK_SSHD = 1
36 CHK_KNOWN_CGI = 1 66 CHK_KNOWN_CGI = 1
37 CHK_PHP_XSS = 1 67 CHK_PHP_XSS = 1
41 # Notice! ONLY enable this setting, if you have disabled password root 71 # Notice! ONLY enable this setting, if you have disabled password root
42 # logins from sshd_config (e.g. you have "PermitRootLogin without-password") 72 # logins from sshd_config (e.g. you have "PermitRootLogin without-password")
43 # or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below. 73 # or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below.
44 CHK_ROOT_SSH_PWD = 0 74 CHK_ROOT_SSH_PWD = 0
45 75
46 # Maltfilter logfile path and name (set empty "" if you don't want logging)
47 LOGFILE = "/var/log/maltfilter"
48 76
49 # Full path to iptables binary 77 #############################################################################
50 IPTABLES = "/sbin/iptables" 78 ### Reports
51 79 #############################################################################
52 # IP addresses that should NOT be blocked under any circumstances. You should 80 # Define files for periodically updated status reports (refreshed once
53 # set this if you wish to have a surefire open channel from some host, even in 81 # every few minutes.) Leave empty ("") if you do not want status reports.
54 # the case someone tries to spoof IPs for denial of service. 82
55 # 83 # Plain ASCII text file rerpot
56 # NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. 84 STATUS_FILE_PLAIN = ""
57 # You can have any number of NOBLOCK_IPS settings. 85
58 NOBLOCK_IPS = "192.121.86.15" 86 # HTML file and optional CSS stylesheet URL for the HTML
59 NOBLOCK_IPS = "74.125.45.100" 87 # (if left empty, no CSS is used)
88 STATUS_FILE_HTML = ""
89 STATUS_FILE_CSS = ""