Mercurial > hg > maltfilter
diff example.conf @ 61:8b33436dd18b
Update example configuration and documentation.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 17 Aug 2009 08:22:38 +0300 |
parents | 19dace24ad46 |
children | d2e2b82dd2f2 |
line wrap: on
line diff
--- a/example.conf Mon Aug 17 08:22:24 2009 +0300 +++ b/example.conf Mon Aug 17 08:22:38 2009 +0300 @@ -14,11 +14,11 @@ # NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE! DRY_RUN = 1 +# Full path to iptables binary +IPTABLES = "/sbin/iptables" + # Maltfilter logfile path and name (set empty "" if you don't want logging) LOGFILE = "/var/log/maltfilter" - -# Full path to iptables binary -IPTABLES = "/sbin/iptables" # System passwd file location (default is /etc/passwd), this file # is checked to figure out system account names. See also SYSACCT_ @@ -161,3 +161,16 @@ ## If disabled (0), instead of full timestamps, first/last hit times ## will be printed as "W weeks, D days, H hours ago." etc. #FULL_TIME = 1 + + +############################################################################# +### Evidence gathering +############################################################################# +## By enabling EVIDENCE=1 and setting EVIDENCE_DIR to existing directory +## writable by the effective UID which Maltfilter runs as, it will be +## populated by *.data and *.hosts files. If succesfully retrieved, .data +## files will have contents of the attempted XSS URI. *.hosts files +## list which hosts have attempted to exploit this specific URI. + +#EVIDENCE = 0 +#EVIDENCE_DIR = "/var/run/malt-evidence"