Mercurial > hg > maltfilter
view example.conf @ 17:fe220b5a975a
Cleanups, add configuration for WHOIS linking.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sat, 15 Aug 2009 20:42:16 +0300 |
| parents | 3d18fdeabf90 |
| children | 61b6d742c49c |
line wrap: on
line source
############################################################################# ### Maltfilter configuration file. ### PLEASE READ THROUGH THIS FILE VERY CAREFULLY! ############################################################################# ### General settings ############################################################################# # Verbosity level (0 = quiet, bigger values add noise. valid range 0 - 4) VERBOSITY = 4 # Dry-run: 1 = disables daemonization/forking to background, disables # modification of netfilter/iptables, printing the iptables commands to # stdout instead. # NOTICE! IF YOU DON'T CHANGE THIS TO 0, MALTFILTER WILL NOT DAEMONIZE! DRY_RUN = 1 # Maltfilter logfile path and name (set empty "" if you don't want logging) LOGFILE = "/var/log/maltfilter" # Full path to iptables binary IPTABLES = "/sbin/iptables" ############################################################################# ### Actions, etc. settings ############################################################################# ## Weeding treshold in hours. Entries older than this will be "weeded" ## off from current netfilter settings. #WEEDPERIOD = 150 ## How many "hits" the IP needs until it is eligible to be blocked. ## (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.) #TRESHOLD = 3 ## Target iptables action for added entries, default is DROP, but you ## can use whatever rule chain name you want to here. #ACTION = "DROP" ## IP addresses that should NOT be blocked under any circumstances. You should ## set this if you wish to have a surefire open channel from some host, even in ## the case someone tries to spoof IPs for denial of service. ## ## NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. ## You can have any number of NOBLOCK_IPS settings. #NOBLOCK_IPS = "192.121.86.15" #NOBLOCK_IPS = "74.125.45.100" ############################################################################# ### Logfiles ############################################################################# ## Define system log files to scan. Only auth.log and Apache errorlog / ## common log format files are supported for now. You can have as many ## of SCANFILE settings as you wish. SCANFILE = "/var/log/auth.log" SCANFILE = "/var/log/httpd/error.log" SCANFILE = "/var/log/httpd/access.log" ############################################################################# ### Checks / tests ############################################################################# ## Enabled checks (1 = enabled, 0 = disabled). Please read the test ## descriptions from "check_log_line" function in the maltfilter script. CHK_SSHD = 1 CHK_KNOWN_CGI = 1 CHK_PHP_XSS = 1 CHK_PROXY_SCAN = 1 #CHK_GOOD_HOSTS = "example.org|google.com|74.125.45.100" ## Notice! ONLY enable this setting, if you have disabled password root ## logins from sshd_config (e.g. you have "PermitRootLogin without-password") ## or that alternatively you have defined "safe" hosts in NOBLOCK_IPS. CHK_ROOT_SSH_PWD = 0 ############################################################################# ### Reports ############################################################################# ## Define files for periodically updated status reports (refreshed once ## every few minutes.) Leave empty ("") or commented if you do not want ## status reports. ## Plain ASCII text file rerpot #STATUS_FILE_PLAIN = "/var/www/maltstatus.txt" ## HTML file and optional CSS stylesheet URL for the HTML ## (if left empty, CSS is not used.) #STATUS_FILE_HTML = "/var/www/maltstatus.html" #STATUS_FILE_CSS = "cool.css" ## URL for a web-based WHOIS service. This URL will be used for creating ## href links of the IP addresses. Default is whois.domaintools.com. Set ## empty if you don't want links. #WHOIS_URL = "http://whois.domaintools.com/"