Mercurial > hg > maltfilter

view example.conf @ 10:a05ada86fbe0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Foo.
author Matti Hamalainen <ccr@tnsp.org>
date Thu, 13 Aug 2009 19:21:15 +0300
parents d869f924f97e
children 26c2cc5077aa
line wrap: on
line source

## Maltfilter configuration file.
## PLEASE READ THROUGH THIS FILE VERY CAREFULLY!

# Verbosity level (0 = quiet, bigger values add noise. valid range 0 - 4)
VERBOSITY = 4

# Dry-run: 1 = disables daemonization/forking to background, disables
# modification of netfilter/iptables, printing the iptables commands to
# stdout instead.
# NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE!
DRY_RUN = 1

# Define system log files to scan. Only auth.log and Apache errorlog /
# common log format files are supported for now. You can have as many
# of SCANFILE settings as you wish.
SCANFILE = "/var/log/auth.log"
SCANFILE = "/var/log/httpd/error.log"
SCANFILE = "/var/log/httpd/access.log"


# Weeding treshold in hours. Entries older than this will be "weeded"
# off from current netfilter settings.
WEEDPERIOD = 72

# How many "hits" the IP needs until it is eligible to be blocked.
# (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.)
TRESHOLD = 3

# Target iptables action for added entries, default is DROP, but you
# can use whatever rule chain name you want to here.
ACTION = "DROP"

# Enabled checks (1 = enabled, 0 = disabled). Please read the test
# descriptions from "check_log_line" function in the maltfilter script.
CHK_SSHD            = 1
CHK_KNOWN_CGI       = 1
CHK_PHP_XSS         = 1
CHK_PROXY_SCAN      = 1
CHK_GOOD_HOSTS      = "example.org|google.com|74.125.45.100"

# Notice! ONLY enable this setting, if you have disabled password root
# logins from sshd_config (e.g. you have "PermitRootLogin without-password")
# or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below.
CHK_ROOT_SSH_PWD    = 0

# Maltfilter logfile path and name (set empty "" if you don't want logging)
LOGFILE = "/var/log/maltfilter"
  
# Full path to iptables binary
IPTABLES = "/sbin/iptables"
  
# IP addresses that should NOT be blocked under any circumstances. You should
# set this if you wish to have a surefire open channel from some host, even in
# the case someone tries to spoof IPs for denial of service.
#
# NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names.
# You can have any number of NOBLOCK_IPS settings.
NOBLOCK_IPS = "192.121.86.15"
NOBLOCK_IPS = "74.125.45.100"