forked from ankydanky/breachblocker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
breachblocker.conf
111 lines (77 loc) · 2.6 KB
/
breachblocker.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
[global]
# enable/disable dry-run (this means no update to the firewall will be done)
dry_run = 1
# run as daemon
# please disable this when running through cron
daemon = 0
# scan interval in daemon mode in seconds
# this defines after how amny seconds a new log scan will
# be done
scan_interval = 10
# set firewall type (iptables / firewalld / ipfw / auto)
# iptables uses iptables command (standard linux iptables)
# firwalld uses firewalld-cmd command (CentOS 7)
# ipfw (FreeBSD)
# auto prefers firewalld command if found
firewall = auto
# write to syslog facility
write_syslog = 1
# set block timeout for ip before removal in minutes (0 = never / 1440 = 24h)
block_timeout = 1440
# set the invalid attempts before the host is blocked
attempts = 10
# set a space-separated list or newline-separated file of blacklisted
# ip addresses or hosts ALWAYS getting blocked
# (except if in whitelist)
# e.g. blacklist = 8.8.8.8 192.168.0.1 or blacklist = file:/path/to/file
# no comments, emptylines and whitespaces support
blacklist =
# set a space-separated list or newline-separated file of whitelisted
# ip addresses or hosts NEVER getting blocked
# e.g. whitelist = 127.0.0.1 whitelist or whitelist = file:/path/to/file
# no comments, emptylines and whitespaces support
whitelist = 127.0.0.1 localhost
# set the PID file when used in daemon mode
pid_file = /var/run/breachblocker.pid
# set the database file location
db_file = /tmp/breachblocker.db
# clear ip history in seconds (0 = never / 1440 = 24h)
# this option will be set to block_timeout if block_timeout > history_timeout
history_timeout = 43200
[scan]
# scan for HTTP attempts
# USE WITH CARE! this checks for "not found/not exists" which can lead to
# false positives if the webmaster did fuck up the site.
http = 0
# scan for SSH attempts
ssh = 0
# scan for FTP attempts
ftp = 0
# scan for IMAP/POP attempts
mail = 0
# scan for SMTP attempts
smtp = 0
# scan for SYN_RECV connection status
synrecv = 0
[servers]
# set the webserver (only apache supported)
http = apache
# set the ftp server (proftpd, pure-ftpd and vsftpd supported)
ftp = proftpd
# set the email server (dovecot and uw-imapd supported)
mail = dovecot
# set the smtp server (only postfix supported)
smtp = postfix
# set the ssh server (only openssh supported)
ssh = openssh
[email]
# enable/disable email notifications
send = 0
# set email smtp host
mailhost = localhost
# set the email from address
from = [email protected]
# set the email to address
# multiple recipients separated by space
recipient = [email protected]