Mercurial > hg > maltfilter
view example.conf @ 9:d869f924f97e
Update example configuration.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Thu, 13 Aug 2009 19:15:36 +0300 |
parents | ee5f7b8dcdea |
children | a05ada86fbe0 |
line wrap: on
line source
## Maltfilter configuration file. ## PLEASE GO THROUGH THIS FILE VERY CAREFULLY! # Verbosity level (0 = quiet, bigger values add noise. valid range 0 - 4) VERBOSITY = 4 # Dry-run: 1 = disables daemonization/forking to background, disables # modification of netfilter/iptables, printing the iptables commands to # stdout instead. # NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE! DRY_RUN = 1 # Define system log files to scan. Only auth.log and Apache errorlog / # common log format files are supported for now. You can have as many # of SCANFILE settings as you wish. SCANFILE = "/var/log/auth.log" SCANFILE = "/var/log/httpd/error.log" SCANFILE = "/var/log/httpd/access.log" # Weeding treshold in hours. Entries older than this will be "weeded" # off from current netfilter settings. WEEDPERIOD = 72 # How many "hits" the IP needs until it is eligible to be blocked. # (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.) TRESHOLD = 3 # Target iptables action for added entries, default is DROP, but you # can use whatever rule chain name you want to here. ACTION = "DROP" # Enabled checks (1 = enabled, 0 = disabled). Please read the test # descriptions from "check_log_line" function in the maltfilter script. CHK_SSHD = 1 CHK_KNOWN_CGI = 1 CHK_PHP_XSS = 1 CHK_PROXY_SCAN = 1 CHK_GOOD_HOSTS = "example.org|google.com|74.125.45.100" # Notice! ONLY enable this setting, if you have disabled password root # logins from sshd_config (e.g. you have "PermitRootLogin without-password") # or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below. CHK_ROOT_SSH_PWD = 0 # Maltfilter logfile path and name (set empty "" if you don't want logging) LOGFILE = "/var/log/maltfilter" # Full path to iptables binary IPTABLES = "/sbin/iptables" # IP addresses that should NOT be blocked under any circumstances. You should # set this if you wish to have a surefire open channel from some host, even in # the case someone tries to spoof IPs for denial of service. # # NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. # You can have any number of NOBLOCK_IPS settings. NOBLOCK_IPS = "192.121.86.15" NOBLOCK_IPS = "74.125.45.100"