1 # Example configuration file for Guardian 2.0.
5 # The LogFacility configures the target where log messages should be sent.
6 # Available are console, file and syslog.
9 # If guardian has been configured to sent it's log messages to a file, those
10 # logfile has to be specified by using the LogFile option.
11 #LogFile = /var/log/guardian.log
13 # The LogLevel setting describes the amount of the logged messages and can be
14 # increased when debugging guardian. Available log level are off, error, info, debug.
19 # The BlockCount setting allow to configure the amount of events until an attacker's
20 # address will be blocked. This value has to be a natural number.
23 # BlockTime allows to configure the time (seconds) until the block of an address automatically
27 # The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the
28 # system where guardian should be used. Currently only "IPtables" as firewall engine is supported.
29 FirewallEngine = IPtables
31 # The optional FirewallAction option allows to configure weather the created firewall rule to block
32 # the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured.
33 #FirewallAction = DROP
35 # The IgnoreFile contains a list of addresses (one address per line) which are white-listed and
36 # therefore will not be blocked by guardian at any time. Inside the ignore file additional files
37 # can be specified to get included by using "Include_File = /path/to/file.name" .
38 # IgnoreFile = /etc/guardian/guardian.ignore
40 ## Parser/File monitoring configuration.
42 # Configuring which files should be monitored and which parser should be used for parsing any
43 # recently added lines is a quite easy task. Each monitoring direction has to be started with
44 # "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored
45 # needs to be specified.
47 # A proper configured monitor instruction should look like this:
48 # Monitor_PARSER = /file/wich/should/be/monitored
50 # Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH
54 # Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client
55 # application and maybe other control instances. The SocketOwner option allows to configure the
56 # ownership of this socket to a different user:group.
57 #SocketOwner = user:group