]>
Commit | Line | Data |
---|---|---|
ab3cf263 SS |
1 | # Example configuration file for Guardian 2.0. |
2 | ||
3 | ## Log settings. | |
4 | ||
5 | # The LogFacility configures the target where log messages should be sent. | |
6 | # Available are console, file and syslog. | |
7 | LogFacility = syslog | |
8 | ||
9 | # If guardian has been configured to sent it's log messages to a file, those | |
10 | # logfile has to be specified by using the LogFile option. | |
11 | #LogFile = /var/log/guardian.log | |
12 | ||
13 | # The LogLevel setting describes the amount of the logged messages and can be | |
14 | # increased when debugging guardian. Available log level are off, error, info, debug. | |
15 | LogLevel = info | |
16 | ||
17 | ## Block settings. | |
18 | ||
19 | # The BlockCount setting allow to configure the amount of events until an attacker's | |
20 | # address will be blocked. This value has to be a natural number. | |
21 | BlockCount = 3 | |
22 | ||
23 | # BlockTime allows to configure the time (seconds) until the block of an address automatically | |
24 | # will released. | |
25 | BlockTime = 86400 | |
26 | ||
27 | # The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the | |
28 | # system where guardian should be used. Currently only "IPtables" as firewall engine is supported. | |
29 | FirewallEngine = IPtables | |
30 | ||
31 | # The optional FirewallAction option allows to configure weather the created firewall rule to block | |
32 | # the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured. | |
33 | #FirewallAction = DROP | |
34 | ||
35 | # The IgnoreFile contains a list of addresses (one address per line) which are white-listed and | |
36 | # therefore will not be blocked by guardian at any time. Inside the ignore file additional files | |
37 | # can be specified to get included by using "Include_File = /path/to/file.name" . | |
38 | # IgnoreFile = /etc/guardian/guardian.ignore | |
39 | ||
40 | ## Parser/File monitoring configuration. | |
41 | ||
42 | # Configuring which files should be monitored and which parser should be used for parsing any | |
43 | # recently added lines is a quite easy task. Each monitoring direction has to be started with | |
44 | # "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored | |
45 | # needs to be specified. | |
46 | # | |
47 | # A proper configured monitor instruction should look like this: | |
48 | # Monitor_PARSER = /file/wich/should/be/monitored | |
49 | # | |
50 | # Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH | |
df8eb305 SS |
51 | # |
52 | # The snort parser allows to configure an optional priority level filter, which means, alerts | |
53 | # which are lower that this priority could be skipped. Valid levels are 1-4, with 1 being the highest | |
54 | # (omg, omg, omg) and 4 being the lowest (a packet has passed). | |
55 | # SnortPriorityLevel = "3" | |
ab3cf263 SS |
56 | |
57 | ## Optional settings | |
58 | ||
59 | # Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client | |
60 | # application and maybe other control instances. The SocketOwner option allows to configure the | |
61 | # ownership of this socket to a different user:group. | |
62 | #SocketOwner = user:group |