[people/stevee/guardian.git] / guardian.conf.example

# Example configuration file for Guardian 2.0.

## Log settings.

# The LogFacility configures the target where log messages should be sent.
# Available are console, file and syslog.
LogFacility = syslog

# If guardian has been configured to sent it's log messages to a file, those
# logfile has to be specified by using the LogFile option.
#LogFile = /var/log/guardian.log

# The LogLevel setting describes the amount of the logged messages and can be
# increased when debugging guardian. Available log level are off, error, info, debug.
LogLevel = info

## Block settings.

# The BlockCount setting allow to configure the amount of events until an attacker's
# address will be blocked. This value has to be a natural number.
BlockCount = 3

# BlockTime allows to configure the time (seconds) until the block of an address automatically
# will released.
BlockTime = 86400

# The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the
# system where guardian should be used. Currently only "IPtables" as firewall engine is supported.
FirewallEngine = IPtables

# The optional FirewallAction option allows to configure weather the created firewall rule to block
# the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured.
#FirewallAction = DROP

# The IgnoreFile contains a list of addresses (one address per line) which are white-listed and
# therefore will not be blocked by guardian at any time. Inside the ignore file additional files
# can be specified to get included by using "Include_File = /path/to/file.name" .
# IgnoreFile = /etc/guardian/guardian.ignore

## Parser/File monitoring configuration.

# Configuring which files should be monitored and which parser should be used for parsing any
# recently added lines is a quite easy task. Each monitoring direction has to be started with
# "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored
# needs to be specified.
#
# A proper configured monitor instruction should look like this:
# Monitor_PARSER = /file/wich/should/be/monitored
#
# Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH

## Optional settings

# Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client
# application and maybe other control instances. The SocketOwner option allows to configure the
# ownership of this socket to a different user:group.
#SocketOwner = user:group
Commit	Line	Data
ab3cf263 SS	1	# Example configuration file for Guardian 2.0.
	2
	3	## Log settings.
	4
	5	# The LogFacility configures the target where log messages should be sent.
	6	# Available are console, file and syslog.
	7	LogFacility = syslog
	8
	9	# If guardian has been configured to sent it's log messages to a file, those
	10	# logfile has to be specified by using the LogFile option.
	11	#LogFile = /var/log/guardian.log
	12
	13	# The LogLevel setting describes the amount of the logged messages and can be
	14	# increased when debugging guardian. Available log level are off, error, info, debug.
	15	LogLevel = info
	16
	17	## Block settings.
	18
	19	# The BlockCount setting allow to configure the amount of events until an attacker's
	20	# address will be blocked. This value has to be a natural number.
	21	BlockCount = 3
	22
	23	# BlockTime allows to configure the time (seconds) until the block of an address automatically
	24	# will released.
	25	BlockTime = 86400
	26
	27	# The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the
	28	# system where guardian should be used. Currently only "IPtables" as firewall engine is supported.
	29	FirewallEngine = IPtables
	30
	31	# The optional FirewallAction option allows to configure weather the created firewall rule to block
	32	# the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured.
	33	#FirewallAction = DROP
	34
	35	# The IgnoreFile contains a list of addresses (one address per line) which are white-listed and
	36	# therefore will not be blocked by guardian at any time. Inside the ignore file additional files
	37	# can be specified to get included by using "Include_File = /path/to/file.name" .
	38	# IgnoreFile = /etc/guardian/guardian.ignore
	39
	40	## Parser/File monitoring configuration.
	41
	42	# Configuring which files should be monitored and which parser should be used for parsing any
	43	# recently added lines is a quite easy task. Each monitoring direction has to be started with
	44	# "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored
	45	# needs to be specified.
	46	#
	47	# A proper configured monitor instruction should look like this:
	48	# Monitor_PARSER = /file/wich/should/be/monitored
	49	#
	50	# Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH
	51
	52	## Optional settings
	53
	54	# Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client
	55	# application and maybe other control instances. The SocketOwner option allows to configure the
	56	# ownership of this socket to a different user:group.
	57	#SocketOwner = user:group