Mercurial > hg > maltfilter
diff example.conf @ 11:26c2cc5077aa
Added reporting functionality.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 14 Aug 2009 01:19:58 +0300 |
parents | a05ada86fbe0 |
children | d6da1a6567f8 |
line wrap: on
line diff
--- a/example.conf Thu Aug 13 19:21:15 2009 +0300 +++ b/example.conf Fri Aug 14 01:19:58 2009 +0300 @@ -1,6 +1,10 @@ -## Maltfilter configuration file. -## PLEASE READ THROUGH THIS FILE VERY CAREFULLY! +############################################################################# +### Maltfilter configuration file. +### PLEASE READ THROUGH THIS FILE VERY CAREFULLY! +############################################################################# +### General settings +############################################################################# # Verbosity level (0 = quiet, bigger values add noise. valid range 0 - 4) VERBOSITY = 4 @@ -10,14 +14,16 @@ # NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE! DRY_RUN = 1 -# Define system log files to scan. Only auth.log and Apache errorlog / -# common log format files are supported for now. You can have as many -# of SCANFILE settings as you wish. -SCANFILE = "/var/log/auth.log" -SCANFILE = "/var/log/httpd/error.log" -SCANFILE = "/var/log/httpd/access.log" +# Maltfilter logfile path and name (set empty "" if you don't want logging) +LOGFILE = "/var/log/maltfilter" + +# Full path to iptables binary +IPTABLES = "/sbin/iptables" +############################################################################# +### Actions, etc. settings +############################################################################# # Weeding treshold in hours. Entries older than this will be "weeded" # off from current netfilter settings. WEEDPERIOD = 72 @@ -30,6 +36,30 @@ # can use whatever rule chain name you want to here. ACTION = "DROP" +# IP addresses that should NOT be blocked under any circumstances. You should +# set this if you wish to have a surefire open channel from some host, even in +# the case someone tries to spoof IPs for denial of service. +# +# NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. +# You can have any number of NOBLOCK_IPS settings. +NOBLOCK_IPS = "192.121.86.15" +NOBLOCK_IPS = "74.125.45.100" + + +############################################################################# +### Logfiles +############################################################################# +# Define system log files to scan. Only auth.log and Apache errorlog / +# common log format files are supported for now. You can have as many +# of SCANFILE settings as you wish. +SCANFILE = "/var/log/auth.log" +SCANFILE = "/var/log/httpd/error.log" +SCANFILE = "/var/log/httpd/access.log" + + +############################################################################# +### Checks / tests +############################################################################# # Enabled checks (1 = enabled, 0 = disabled). Please read the test # descriptions from "check_log_line" function in the maltfilter script. CHK_SSHD = 1 @@ -43,17 +73,17 @@ # or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below. CHK_ROOT_SSH_PWD = 0 -# Maltfilter logfile path and name (set empty "" if you don't want logging) -LOGFILE = "/var/log/maltfilter" -# Full path to iptables binary -IPTABLES = "/sbin/iptables" - -# IP addresses that should NOT be blocked under any circumstances. You should -# set this if you wish to have a surefire open channel from some host, even in -# the case someone tries to spoof IPs for denial of service. -# -# NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. -# You can have any number of NOBLOCK_IPS settings. -NOBLOCK_IPS = "192.121.86.15" -NOBLOCK_IPS = "74.125.45.100" +############################################################################# +### Reports +############################################################################# +# Define files for periodically updated status reports (refreshed once +# every few minutes.) Leave empty ("") if you do not want status reports. + +# Plain ASCII text file rerpot +STATUS_FILE_PLAIN = "" + +# HTML file and optional CSS stylesheet URL for the HTML +# (if left empty, no CSS is used) +STATUS_FILE_HTML = "" +STATUS_FILE_CSS = ""