Improve Makefile.
[people/stevee/guardian.git] / guardian.conf.example
CommitLineData
ab3cf263
SS
1# Example configuration file for Guardian 2.0.
2
3## Log settings.
4
5# The LogFacility configures the target where log messages should be sent.
6# Available are console, file and syslog.
7LogFacility = syslog
8
9# If guardian has been configured to sent it's log messages to a file, those
10# logfile has to be specified by using the LogFile option.
11#LogFile = /var/log/guardian.log
12
13# The LogLevel setting describes the amount of the logged messages and can be
14# increased when debugging guardian. Available log level are off, error, info, debug.
15LogLevel = info
16
17## Block settings.
18
19# The BlockCount setting allow to configure the amount of events until an attacker's
20# address will be blocked. This value has to be a natural number.
21BlockCount = 3
22
23# BlockTime allows to configure the time (seconds) until the block of an address automatically
24# will released.
25BlockTime = 86400
26
27# The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the
28# system where guardian should be used. Currently only "IPtables" as firewall engine is supported.
29FirewallEngine = IPtables
30
31# The optional FirewallAction option allows to configure weather the created firewall rule to block
32# the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured.
33#FirewallAction = DROP
34
35# The IgnoreFile contains a list of addresses (one address per line) which are white-listed and
36# therefore will not be blocked by guardian at any time. Inside the ignore file additional files
37# can be specified to get included by using "Include_File = /path/to/file.name" .
38# IgnoreFile = /etc/guardian/guardian.ignore
39
40## Parser/File monitoring configuration.
41
42# Configuring which files should be monitored and which parser should be used for parsing any
43# recently added lines is a quite easy task. Each monitoring direction has to be started with
44# "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored
45# needs to be specified.
46#
47# A proper configured monitor instruction should look like this:
48# Monitor_PARSER = /file/wich/should/be/monitored
49#
50# Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH
51
52## Optional settings
53
54# Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client
55# application and maybe other control instances. The SocketOwner option allows to configure the
56# ownership of this socket to a different user:group.
57#SocketOwner = user:group