# HG changeset patch # User Matti Hamalainen # Date 1250202389 -10800 # Node ID d6da1a6567f8520e72f208735c6688389d198338 # Parent 26c2cc5077aa3eb3f7ebca4f556732f7f7acc736 Update example configuration. diff -r 26c2cc5077aa -r d6da1a6567f8 example.conf --- a/example.conf Fri Aug 14 01:19:58 2009 +0300 +++ b/example.conf Fri Aug 14 01:26:29 2009 +0300 @@ -24,34 +24,34 @@ ############################################################################# ### Actions, etc. settings ############################################################################# -# Weeding treshold in hours. Entries older than this will be "weeded" -# off from current netfilter settings. -WEEDPERIOD = 72 +## Weeding treshold in hours. Entries older than this will be "weeded" +## off from current netfilter settings. +#WEEDPERIOD = 150 -# How many "hits" the IP needs until it is eligible to be blocked. -# (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.) -TRESHOLD = 3 +## How many "hits" the IP needs until it is eligible to be blocked. +## (the "hits" can be from any "source", e.g. sshd crack, httpd, etc.) +#TRESHOLD = 3 -# Target iptables action for added entries, default is DROP, but you -# can use whatever rule chain name you want to here. -ACTION = "DROP" +## Target iptables action for added entries, default is DROP, but you +## can use whatever rule chain name you want to here. +#ACTION = "DROP" -# IP addresses that should NOT be blocked under any circumstances. You should -# set this if you wish to have a surefire open channel from some host, even in -# the case someone tries to spoof IPs for denial of service. -# -# NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. -# You can have any number of NOBLOCK_IPS settings. -NOBLOCK_IPS = "192.121.86.15" -NOBLOCK_IPS = "74.125.45.100" +## IP addresses that should NOT be blocked under any circumstances. You should +## set this if you wish to have a surefire open channel from some host, even in +## the case someone tries to spoof IPs for denial of service. +## +## NOTICE! This setting supports only IPv4 addresses, no IPv6 or DNS names. +## You can have any number of NOBLOCK_IPS settings. +#NOBLOCK_IPS = "192.121.86.15" +#NOBLOCK_IPS = "74.125.45.100" ############################################################################# ### Logfiles ############################################################################# -# Define system log files to scan. Only auth.log and Apache errorlog / -# common log format files are supported for now. You can have as many -# of SCANFILE settings as you wish. +## Define system log files to scan. Only auth.log and Apache errorlog / +## common log format files are supported for now. You can have as many +## of SCANFILE settings as you wish. SCANFILE = "/var/log/auth.log" SCANFILE = "/var/log/httpd/error.log" SCANFILE = "/var/log/httpd/access.log" @@ -60,30 +60,31 @@ ############################################################################# ### Checks / tests ############################################################################# -# Enabled checks (1 = enabled, 0 = disabled). Please read the test -# descriptions from "check_log_line" function in the maltfilter script. +## Enabled checks (1 = enabled, 0 = disabled). Please read the test +## descriptions from "check_log_line" function in the maltfilter script. CHK_SSHD = 1 CHK_KNOWN_CGI = 1 CHK_PHP_XSS = 1 CHK_PROXY_SCAN = 1 -CHK_GOOD_HOSTS = "example.org|google.com|74.125.45.100" +#CHK_GOOD_HOSTS = "example.org|google.com|74.125.45.100" -# Notice! ONLY enable this setting, if you have disabled password root -# logins from sshd_config (e.g. you have "PermitRootLogin without-password") -# or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below. +## Notice! ONLY enable this setting, if you have disabled password root +## logins from sshd_config (e.g. you have "PermitRootLogin without-password") +## or that alternatively you have defined "safe" hosts in NOBLOCK_HOSTS below. CHK_ROOT_SSH_PWD = 0 ############################################################################# ### Reports ############################################################################# -# Define files for periodically updated status reports (refreshed once -# every few minutes.) Leave empty ("") if you do not want status reports. +## Define files for periodically updated status reports (refreshed once +## every few minutes.) Leave empty ("") or commented if you do not want +## status reports. -# Plain ASCII text file rerpot -STATUS_FILE_PLAIN = "" +## Plain ASCII text file rerpot +#STATUS_FILE_PLAIN = "/var/www/maltstatus.txt" -# HTML file and optional CSS stylesheet URL for the HTML -# (if left empty, no CSS is used) -STATUS_FILE_HTML = "" -STATUS_FILE_CSS = "" +## HTML file and optional CSS stylesheet URL for the HTML +## (if left empty, CSS is not used.) +#STATUS_FILE_HTML = "/var/www/maltstatus.html" +#STATUS_FILE_CSS = "cool.css"