Add example configuration file.

This well documented example configuration file, provides
an overview about the features of guardian and can be used
for a customized configuration.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/guardian.conf.example b/guardian.conf.example
new file mode 100644 (file)
index 0000000..2970257
--- /dev/null
+++ b/guardian.conf.example
@@ -0,0 +1,57 @@
+# Example configuration file for Guardian 2.0.
+
+## Log settings.
+
+# The LogFacility configures the target where log messages should be sent.
+# Available are console, file and syslog.
+LogFacility = syslog
+
+# If guardian has been configured to sent it's log messages to a file, those
+# logfile has to be specified by using the LogFile option.
+#LogFile = /var/log/guardian.log
+
+# The LogLevel setting describes the amount of the logged messages and can be
+# increased when debugging guardian. Available log level are off, error, info, debug.
+LogLevel = info
+
+## Block settings.
+
+# The BlockCount setting allow to configure the amount of events until an attacker's
+# address will be blocked. This value has to be a natural number.
+BlockCount = 3
+
+# BlockTime allows to configure the time (seconds) until the block of an address automatically
+# will released.
+BlockTime = 86400
+
+# The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the
+# system where guardian should be used. Currently only "IPtables" as firewall engine is supported.
+FirewallEngine = IPtables
+
+# The optional FirewallAction option allows to configure weather the created firewall rule to block
+# the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured.
+#FirewallAction = DROP
+
+# The IgnoreFile contains a list of addresses (one address per line) which are white-listed and
+# therefore will not be blocked by guardian at any time. Inside the ignore file additional files
+# can be specified to get included by using "Include_File = /path/to/file.name" .
+# IgnoreFile = /etc/guardian/guardian.ignore
+
+## Parser/File monitoring configuration.
+
+# Configuring which files should be monitored and which parser should be used for parsing any
+# recently added lines is a quite easy task. Each monitoring direction has to be started with
+# "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored
+# needs to be specified.
+#
+# A proper configured monitor instruction should look like this:
+# Monitor_PARSER = /file/wich/should/be/monitored
+#
+# Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH
+
+## Optional settings
+
+# Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client
+# application and maybe other control instances. The SocketOwner option allows to configure the
+# ownership of this socket to a different user:group.
+#SocketOwner = user:group