From: Stefan Schantl Date: Mon, 27 Jun 2016 10:17:36 +0000 (+0200) Subject: Add example configuration file. X-Git-Tag: 2.0~16 X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fguardian.git;a=commitdiff_plain;h=ab3cf263908c6cb2d38585d848ebca3d4629ca21 Add example configuration file. This well documented example configuration file, provides an overview about the features of guardian and can be used for a customized configuration. Signed-off-by: Stefan Schantl --- diff --git a/guardian.conf.example b/guardian.conf.example new file mode 100644 index 0000000..2970257 --- /dev/null +++ b/guardian.conf.example @@ -0,0 +1,57 @@ +# Example configuration file for Guardian 2.0. + +## Log settings. + +# The LogFacility configures the target where log messages should be sent. +# Available are console, file and syslog. +LogFacility = syslog + +# If guardian has been configured to sent it's log messages to a file, those +# logfile has to be specified by using the LogFile option. +#LogFile = /var/log/guardian.log + +# The LogLevel setting describes the amount of the logged messages and can be +# increased when debugging guardian. Available log level are off, error, info, debug. +LogLevel = info + +## Block settings. + +# The BlockCount setting allow to configure the amount of events until an attacker's +# address will be blocked. This value has to be a natural number. +BlockCount = 3 + +# BlockTime allows to configure the time (seconds) until the block of an address automatically +# will released. +BlockTime = 86400 + +# The FirewallEngine which should be used for doing all the block/unblock stuff. Depends on the +# system where guardian should be used. Currently only "IPtables" as firewall engine is supported. +FirewallEngine = IPtables + +# The optional FirewallAction option allows to configure weather the created firewall rule to block +# the atackers IP-address should be a "DROP" or "REJECT" one. Defaults to "DROP" if not configured. +#FirewallAction = DROP + +# The IgnoreFile contains a list of addresses (one address per line) which are white-listed and +# therefore will not be blocked by guardian at any time. Inside the ignore file additional files +# can be specified to get included by using "Include_File = /path/to/file.name" . +# IgnoreFile = /etc/guardian/guardian.ignore + +## Parser/File monitoring configuration. + +# Configuring which files should be monitored and which parser should be used for parsing any +# recently added lines is a quite easy task. Each monitoring direction has to be started with +# "Monitor_" followed by the parser which should be used. Finaly the file which should be monitored +# needs to be specified. +# +# A proper configured monitor instruction should look like this: +# Monitor_PARSER = /file/wich/should/be/monitored +# +# Currently supported parser modules are: HTTPD, OWNCLOUD, SNORT and SSH + +## Optional settings + +# Guardian will open an Unix socket to provide an IPC mechanism for communicating with it's client +# application and maybe other control instances. The SocketOwner option allows to configure the +# ownership of this socket to a different user:group. +#SocketOwner = user:group