guardian.conf.example

   1 # Example configuration file for Guardian 2.0.
   2
   3 ## Log settings.
   4
   5 # The LogFacility configures the target where log messages should be sent.
   6 # Available are console, file and syslog.
   7 LogFacility = syslog
   8
   9 # If guardian has been configured to sent it's log messages to a file, those
  10 # logfile has to be specified by using the LogFile option.
  11 #LogFile = /var/log/guardian.log
  12
  13 # The LogLevel setting describes the amount of the logged messages and can be
  14 # increased when debugging guardian. Available log level are off, error, info, debug.
  15 LogLevel = info
  16
  17 ## Block settings.
  18
  19 # The BlockCount setting allow to configure the amount of events until an attacker's
  20 # address will be blocked. This value has to be a natural number.
  21 BlockCount = 3
  22
  23 # BlockTime allows to configure the time (seconds) until the block of an address automatically
  24 # will released.
  25 BlockTime = 86400
  26
  27 # The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the
  28 # system where guardian should be used. Currently only "IPtables" as firewall engine is supported.
  29 FirewallEngine = IPtables
  30
  31 # The optional FirewallAction option allows to configure weather the created firewall rule to block
  32 # the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured.
  33 #FirewallAction = DROP
  34
  35 # The IgnoreFile contains a list of addresses (one address per line) which are white-listed and
  36 # therefore will not be blocked by guardian at any time. Inside the ignore file additional files
  37 # can be specified to get included by using "Include_File = /path/to/file.name" .
  38 # IgnoreFile = /etc/guardian/guardian.ignore
  39
  40 ## Parser/File monitoring configuration.
  41
  42 # Configuring which files should be monitored and which parser should be used for parsing any
  43 # recently added lines is a quite easy task. Each monitoring direction has to be started with
  44 # "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored
  45 # needs to be specified.
  46 #
  47 # A proper configured monitor instruction should look like this:
  48 # Monitor_PARSER = /file/wich/should/be/monitored
  49 #
  50 # Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH
  51
  52 ## Optional settings
  53
  54 # Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client
  55 # application and maybe other control instances. The SocketOwner option allows to configure the
  56 # ownership of this socket to a different user:group.
  57 #SocketOwner = user:group