Mercurial > hg > maltfilter
comparison example.conf @ 11:26c2cc5077aa
Added reporting functionality.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 14 Aug 2009 01:19:58 +0300 |
parents | a05ada86fbe0 |
children | d6da1a6567f8 |
comparison
equal
deleted
inserted
replaced
10:a05ada86fbe0 | 11:26c2cc5077aa |
---|---|
1 ## Maltfilter configuration file. | 1 ############################################################################# |
2 ## PLEASE READ THROUGH THIS FILE VERY CAREFULLY! | 2 ### Maltfilter configuration file. |
3 ### PLEASE READ THROUGH THIS FILE VERY CAREFULLY! | |
3 | 4 |
5 ############################################################################# | |
6 ### General settings | |
7 ############################################################################# | |
4 # Verbosity level (0 = quiet, bigger values add noise. valid range 0 - 4) | 8 # Verbosity level (0 = quiet, bigger values add noise. valid range 0 - 4) |
5 VERBOSITY = 4 | 9 VERBOSITY = 4 |
6 | 10 |
7 # Dry-run: 1 = disables daemonization/forking to background, disables | 11 # Dry-run: 1 = disables daemonization/forking to background, disables |
8 # modification of netfilter/iptables, printing the iptables commands to | 12 # modification of netfilter/iptables, printing the iptables commands to |
9 # stdout instead. | 13 # stdout instead. |
10 # NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE! | 14 # NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE! |
11 DRY_RUN = 1 | 15 DRY_RUN = 1 |
12 | 16 |
13 # Define system log files to scan. Only auth.log and Apache errorlog / | 17 # Maltfilter logfile path and name (set empty "" if you don't want logging) |
14 # common log format files are supported for now. You can have as many | 18 LOGFILE = "/var/log/maltfilter" |
15 # of SCANFILE settings as you wish. | 19 |
16 SCANFILE = "/var/log/auth.log" | 20 # Full path to iptables binary |
17 SCANFILE = "/var/log/httpd/error.log" | 21 IPTABLES = "/sbin/iptables" |
18 SCANFILE = "/var/log/httpd/access.log" | |
19 | 22 |
20 | 23 |
24 ############################################################################# | |
25 ### Actions, etc. settings | |
26 ############################################################################# | |
21 # Weeding treshold in hours. Entries older than this will be "weeded" | 27 # Weeding treshold in hours. Entries older than this will be "weeded" |
22 # off from current netfilter settings. | 28 # off from current netfilter settings. |
23 WEEDPERIOD = 72 | 29 WEEDPERIOD = 72 |
24 | 30 |
25 # How many "hits" the IP needs until it is eligible to be blocked. | 31 # How many "hits" the IP needs until it is eligible to be blocked. |
28 | 34 |
29 # Target iptables action for added entries, default is DROP, but you | 35 # Target iptables action for added entries, default is DROP, but you |
30 # can use whatever rule chain name you want to here. | 36 # can use whatever rule chain name you want to here. |
31 ACTION = "DROP" | 37 ACTION = "DROP" |
32 | 38 |
39 # IP addresses that should NOT be blocked under any circumstances. You should | |
40 # set this if you wish to have a surefire open channel from some host, even in | |
41 # the case someone tries to spoof IPs for denial of service. | |
42 # | |
43 # NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. | |
44 # You can have any number of NOBLOCK_IPS settings. | |
45 NOBLOCK_IPS = "192.121.86.15" | |
46 NOBLOCK_IPS = "74.125.45.100" | |
47 | |
48 | |
49 ############################################################################# | |
50 ### Logfiles | |
51 ############################################################################# | |
52 # Define system log files to scan. Only auth.log and Apache errorlog / | |
53 # common log format files are supported for now. You can have as many | |
54 # of SCANFILE settings as you wish. | |
55 SCANFILE = "/var/log/auth.log" | |
56 SCANFILE = "/var/log/httpd/error.log" | |
57 SCANFILE = "/var/log/httpd/access.log" | |
58 | |
59 | |
60 ############################################################################# | |
61 ### Checks / tests | |
62 ############################################################################# | |
33 # Enabled checks (1 = enabled, 0 = disabled). Please read the test | 63 # Enabled checks (1 = enabled, 0 = disabled). Please read the test |
34 # descriptions from "check_log_line" function in the maltfilter script. | 64 # descriptions from "check_log_line" function in the maltfilter script. |
35 CHK_SSHD = 1 | 65 CHK_SSHD = 1 |
36 CHK_KNOWN_CGI = 1 | 66 CHK_KNOWN_CGI = 1 |
37 CHK_PHP_XSS = 1 | 67 CHK_PHP_XSS = 1 |
41 # Notice! ONLY enable this setting, if you have disabled password root | 71 # Notice! ONLY enable this setting, if you have disabled password root |
42 # logins from sshd_config (e.g. you have "PermitRootLogin without-password") | 72 # logins from sshd_config (e.g. you have "PermitRootLogin without-password") |
43 # or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below. | 73 # or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below. |
44 CHK_ROOT_SSH_PWD = 0 | 74 CHK_ROOT_SSH_PWD = 0 |
45 | 75 |
46 # Maltfilter logfile path and name (set empty "" if you don't want logging) | |
47 LOGFILE = "/var/log/maltfilter" | |
48 | 76 |
49 # Full path to iptables binary | 77 ############################################################################# |
50 IPTABLES = "/sbin/iptables" | 78 ### Reports |
51 | 79 ############################################################################# |
52 # IP addresses that should NOT be blocked under any circumstances. You should | 80 # Define files for periodically updated status reports (refreshed once |
53 # set this if you wish to have a surefire open channel from some host, even in | 81 # every few minutes.) Leave empty ("") if you do not want status reports. |
54 # the case someone tries to spoof IPs for denial of service. | 82 |
55 # | 83 # Plain ASCII text file rerpot |
56 # NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. | 84 STATUS_FILE_PLAIN = "" |
57 # You can have any number of NOBLOCK_IPS settings. | 85 |
58 NOBLOCK_IPS = "192.121.86.15" | 86 # HTML file and optional CSS stylesheet URL for the HTML |
59 NOBLOCK_IPS = "74.125.45.100" | 87 # (if left empty, no CSS is used) |
88 STATUS_FILE_HTML = "" | |
89 STATUS_FILE_CSS = "" |