Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
(Wolfgang Breyha) Bug fix to allow VLAN interfaces and interface alia…
…ses in IGNORE_INTERFACES This fixes issue #8 on github.
- Loading branch information
Showing
5 changed files
with
209 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,188 @@ | ||
EMAIL_ADDRESSES root@localhost; | ||
HOSTNAME _CHANGEME_; | ||
HOME_NET any; | ||
EXTERNAL_NET any; | ||
FW_SEARCH_ALL Y; | ||
FW_MSG_SEARCH DROP; | ||
SYSLOG_DAEMON syslogd; | ||
IFCFGTYPE ifconfig; | ||
DANGER_LEVEL1 5; ### Number of packets. | ||
DANGER_LEVEL2 15; | ||
DANGER_LEVEL3 150; | ||
DANGER_LEVEL4 1500; | ||
DANGER_LEVEL5 10000; | ||
CHECK_INTERVAL 5; | ||
SNORT_SID_STR SID; | ||
ENABLE_PSADWATCHD Y; | ||
PORT_RANGE_SCAN_THRESHOLD 1; | ||
PROTOCOL_SCAN_THRESHOLD 5; | ||
ENABLE_PERSISTENCE Y; | ||
SCAN_TIMEOUT 3600; ### seconds | ||
PERSISTENCE_CTR_THRESHOLD 5; | ||
MAX_SCAN_IP_PAIRS 0; | ||
SHOW_ALL_SIGNATURES N; | ||
ALERTING_METHODS nomail; | ||
ENABLE_SYSLOG_FILE Y; | ||
IPT_WRITE_FWDATA Y; | ||
IPT_SYSLOG_FILE /var/log/messages; | ||
ENABLE_SIG_MSG_SYSLOG Y; | ||
SIG_MSG_SYSLOG_THRESHOLD 10; | ||
SIG_SID_SYSLOG_THRESHOLD 10; | ||
EXPECT_TCP_OPTIONS Y; | ||
MAX_HOPS 20; | ||
IGNORE_KERNEL_TIMESTAMP Y; | ||
IGNORE_CONNTRACK_BUG_PKTS Y; | ||
IGNORE_PORTS NONE; | ||
IGNORE_PROTOCOLS NONE; | ||
IGNORE_INTERFACES eth1, eth0.1; | ||
IGNORE_LOG_PREFIXES NONE; | ||
MIN_DANGER_LEVEL 1; | ||
EMAIL_ALERT_DANGER_LEVEL 1; | ||
ENABLE_IPV6_DETECTION Y; | ||
ENABLE_INTF_LOCAL_NETS Y; | ||
ENABLE_MAC_ADDR_REPORTING N; | ||
ENABLE_FW_LOGGING_CHECK Y; | ||
EMAIL_LIMIT 0; | ||
ENABLE_EMAIL_LIMIT_PER_DST N; | ||
EMAIL_LIMIT_STATUS_MSG Y; | ||
EMAIL_THROTTLE 0; | ||
ALERT_ALL Y; | ||
IMPORT_OLD_SCANS N; | ||
SYSLOG_IDENTITY psad; | ||
SYSLOG_FACILITY LOG_LOCAL7; | ||
SYSLOG_PRIORITY LOG_INFO; | ||
TOP_PORTS_LOG_THRESHOLD 500; | ||
STATUS_PORTS_THRESHOLD 20; | ||
TOP_SIGS_LOG_THRESHOLD 500; | ||
STATUS_SIGS_THRESHOLD 50; | ||
TOP_IP_LOG_THRESHOLD 500; | ||
STATUS_IP_THRESHOLD 25; | ||
TOP_SCANS_CTR_THRESHOLD 1; | ||
ENABLE_DSHIELD_ALERTS N; | ||
DSHIELD_ALERT_EMAIL reports@dshield.org; | ||
DSHIELD_ALERT_INTERVAL 6; ### hours | ||
DSHIELD_USER_ID 0; | ||
DSHIELD_USER_EMAIL NONE; | ||
DSHIELD_DL_THRESHOLD 0; | ||
HTTP_SERVERS $HOME_NET; | ||
SMTP_SERVERS $HOME_NET; | ||
DNS_SERVERS $HOME_NET; | ||
SQL_SERVERS $HOME_NET; | ||
TELNET_SERVERS $HOME_NET; | ||
AIM_SERVERS [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24]; | ||
HTTP_PORTS 80; | ||
SHELLCODE_PORTS !80; | ||
ORACLE_PORTS 1521; | ||
ENABLE_SNORT_SIG_STRICT Y; | ||
ENABLE_AUTO_IDS N; | ||
AUTO_IDS_DANGER_LEVEL 5; | ||
AUTO_BLOCK_TIMEOUT 3600; | ||
AUTO_BLOCK_DL1_TIMEOUT $AUTO_BLOCK_TIMEOUT; | ||
AUTO_BLOCK_DL2_TIMEOUT $AUTO_BLOCK_TIMEOUT; | ||
AUTO_BLOCK_DL3_TIMEOUT $AUTO_BLOCK_TIMEOUT; | ||
AUTO_BLOCK_DL4_TIMEOUT $AUTO_BLOCK_TIMEOUT; | ||
AUTO_BLOCK_DL5_TIMEOUT 0; ### permanent | ||
ENABLE_AUTO_IDS_REGEX N; | ||
AUTO_BLOCK_REGEX ESTAB; ### from fwsnort logging prefixes | ||
ENABLE_RENEW_BLOCK_EMAILS N; | ||
ENABLE_AUTO_IDS_EMAILS Y; | ||
IPTABLES_BLOCK_METHOD Y; | ||
IPT_AUTO_CHAIN1 DROP, src, filter, INPUT, 1, PSAD_BLOCK_INPUT, 1; | ||
IPT_AUTO_CHAIN2 DROP, dst, filter, OUTPUT, 1, PSAD_BLOCK_OUTPUT, 1; | ||
IPT_AUTO_CHAIN3 DROP, both, filter, FORWARD, 1, PSAD_BLOCK_FORWARD, 1; | ||
FLUSH_IPT_AT_INIT Y; | ||
IPTABLES_PREREQ_CHECK 1; | ||
TCPWRAPPERS_BLOCK_METHOD N; | ||
WHOIS_TIMEOUT 60; ### seconds | ||
WHOIS_LOOKUP_THRESHOLD 20; | ||
ENABLE_WHOIS_FORCE_ASCII N; | ||
ENABLE_WHOIS_FORCE_SRC_IP N; | ||
DNS_LOOKUP_THRESHOLD 20; | ||
ENABLE_EXT_SCRIPT_EXEC N; | ||
EXTERNAL_SCRIPT /bin/true; | ||
EXEC_EXT_SCRIPT_PER_ALERT N; | ||
DISK_CHECK_INTERVAL 300; ### seconds | ||
DISK_MAX_PERCENTAGE 95; | ||
DISK_MAX_RM_RETRIES 10; | ||
ENABLE_SCAN_ARCHIVE N; | ||
TRUNCATE_FWDATA Y; | ||
MIN_ARCHIVE_DANGER_LEVEL 1; | ||
MAIL_ALERT_PREFIX [psad-alert]; | ||
MAIL_STATUS_PREFIX [psad-status]; | ||
MAIL_ERROR_PREFIX [psad-error]; | ||
MAIL_FATAL_PREFIX [psad-fatal]; | ||
SIG_UPDATE_URL http://www.cipherdyne.org/psad/signatures; | ||
PSADWATCHD_CHECK_INTERVAL 5; ### seconds | ||
PSADWATCHD_MAX_RETRIES 10; | ||
INSTALL_ROOT psad-install; | ||
PSAD_DIR $INSTALL_ROOT/var/log/psad; | ||
PSAD_RUN_DIR $INSTALL_ROOT/var/run/psad; | ||
PSAD_FIFO_DIR $INSTALL_ROOT/var/lib/psad; | ||
PSAD_LIBS_DIR $INSTALL_ROOT/usr/lib/psad; | ||
PSAD_CONF_DIR $INSTALL_ROOT/etc/psad; | ||
PSAD_ERR_DIR $PSAD_DIR/errs; | ||
CONF_ARCHIVE_DIR $PSAD_CONF_DIR/archive; | ||
SCAN_DATA_ARCHIVE_DIR $PSAD_DIR/scan_archive; | ||
ANALYSIS_MODE_DIR $PSAD_DIR/ipt_analysis; | ||
SNORT_RULES_DIR $PSAD_CONF_DIR/snort_rules; | ||
FWSNORT_RULES_DIR /etc/fwsnort/snort_rules; ### may not exist | ||
FW_DATA_FILE $PSAD_DIR/fwdata; | ||
ULOG_DATA_FILE $PSAD_DIR/ulogd.log; | ||
FW_CHECK_FILE $PSAD_DIR/fw_check; | ||
DSHIELD_EMAIL_FILE $PSAD_DIR/dshield.email; | ||
SIGS_FILE $PSAD_CONF_DIR/signatures; | ||
PROTOCOLS_FILE $PSAD_CONF_DIR/protocols; | ||
ICMP_TYPES_FILE $PSAD_CONF_DIR/icmp_types; | ||
ICMP6_TYPES_FILE $PSAD_CONF_DIR/icmp6_types; | ||
AUTO_DL_FILE $PSAD_CONF_DIR/auto_dl; | ||
SNORT_RULE_DL_FILE $PSAD_CONF_DIR/snort_rule_dl; | ||
POSF_FILE $PSAD_CONF_DIR/posf; | ||
P0F_FILE $PSAD_CONF_DIR/pf.os; | ||
IP_OPTS_FILE $PSAD_CONF_DIR/ip_options; | ||
PSAD_FIFO_FILE $PSAD_FIFO_DIR/psadfifo; | ||
ETC_HOSTS_DENY_FILE /etc/hosts.deny; | ||
ETC_SYSLOG_CONF /etc/syslog.conf; | ||
ETC_RSYSLOG_CONF /etc/rsyslog.conf; | ||
ETC_SYSLOGNG_CONF /etc/syslog-ng/syslog-ng.conf; | ||
ETC_METALOG_CONF /etc/metalog/metalog.conf; | ||
STATUS_OUTPUT_FILE $PSAD_DIR/status.out; | ||
ANALYSIS_OUTPUT_FILE $PSAD_DIR/analysis.out; | ||
INSTALL_LOG_FILE $PSAD_DIR/install.log; | ||
PSAD_PID_FILE $PSAD_RUN_DIR/psad.pid; | ||
PSAD_CMDLINE_FILE $PSAD_RUN_DIR/psad.cmd; | ||
KMSGSD_PID_FILE $PSAD_RUN_DIR/kmsgsd.pid; | ||
PSADWATCHD_PID_FILE $PSAD_RUN_DIR/psadwatchd.pid; | ||
AUTO_BLOCK_IPT_FILE $PSAD_DIR/auto_blocked_iptables; | ||
AUTO_BLOCK_TCPWR_FILE $PSAD_DIR/auto_blocked_tcpwr; | ||
AUTO_IPT_SOCK $PSAD_RUN_DIR/auto_ipt.sock; | ||
FW_ERROR_LOG $PSAD_ERR_DIR/fwerrorlog; | ||
PRINT_SCAN_HASH $PSAD_DIR/scan_hash; | ||
PROC_FORWARD_FILE /proc/sys/net/ipv4/ip_forward; | ||
PACKET_COUNTER_FILE $PSAD_DIR/packet_ctr; | ||
TOP_SCANNED_PORTS_FILE $PSAD_DIR/top_ports; | ||
TOP_SIGS_FILE $PSAD_DIR/top_sigs; | ||
TOP_ATTACKERS_FILE $PSAD_DIR/top_attackers; | ||
DSHIELD_COUNTER_FILE $PSAD_DIR/dshield_ctr; | ||
IPT_PREFIX_COUNTER_FILE $PSAD_DIR/ipt_prefix_ctr; | ||
IPT_OUTPUT_FILE $PSAD_DIR/psad.iptout; | ||
IPT_ERROR_FILE $PSAD_DIR/psad.ipterr; | ||
iptablesCmd /sbin/iptables; | ||
ip6tablesCmd /sbin/ip6tables; | ||
shCmd /bin/sh; | ||
wgetCmd /usr/bin/wget; | ||
gzipCmd /bin/gzip; | ||
mknodCmd /bin/mknod; | ||
psCmd /bin/ps; | ||
mailCmd /bin/mail; | ||
sendmailCmd /usr/sbin/sendmail; | ||
ifconfigCmd /sbin/ifconfig; | ||
ipCmd /sbin/ip; | ||
killallCmd /usr/bin/killall; | ||
netstatCmd /bin/netstat; | ||
unameCmd /bin/uname; | ||
whoisCmd $INSTALL_ROOT/usr/bin/whois_psad; | ||
dfCmd /bin/df; | ||
fwcheck_psadCmd $INSTALL_ROOT/usr/sbin/fwcheck_psad; | ||
psadwatchdCmd $INSTALL_ROOT/usr/sbin/psadwatchd; | ||
kmsgsdCmd $INSTALL_ROOT/usr/sbin/kmsgsd; | ||
psadCmd $INSTALL_ROOT/usr/sbin/psad; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters