/
maltrail.conf
83 lines (76 loc) · 3.6 KB
/
maltrail.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
{% from 'OPNsense/Macros/interface.macro' import physical_interface %}
{% if helpers.exists('OPNsense.maltrail.server.enabled') and OPNsense.maltrail.server.enabled == '1' %}
# [Server]
HTTP_ADDRESS {{ OPNsense.maltrail.server.listenaddress }}
HTTP_PORT {{ OPNsense.maltrail.server.listenport }}
USE_SSL false
# Regular expression to be used in external /fail2ban calls for extraction of attacker source IPs
FAIL2BAN_REGEX attacker|reputation|potential[^"]*(web scan|directory traversal|injection|remote code)|spammer|mass scanner
{% if helpers.exists('OPNsense.maltrail.server.loglistenaddress') and OPNsense.maltrail.server.loglistenaddress != '' %}
UDP_ADDRESS {{ OPNsense.maltrail.server.loglistenaddress }}
{% endif %}
{% if helpers.exists('OPNsense.maltrail.server.loglistenport') and OPNsense.maltrail.server.loglistenport != '' %}
UDP_PORT {{ OPNsense.maltrail.server.loglistenport }}
{% endif %}
{% else %}
HTTP_PORT {{ OPNsense.maltrail.server.listenport }}
{% endif %}
{% if helpers.exists('OPNsense.maltrail.sensor.enabled') and OPNsense.maltrail.sensor.enabled == '1' %}
{% if helpers.exists('OPNsense.maltrail.sensor.remoteserver') and OPNsense.maltrail.sensor.remoteserver != '' %}
LOG_SERVER {{ OPNsense.maltrail.sensor.remoteserver }}:{{ OPNsense.maltrail.sensor.remoteport }}
DISABLE_LOCAL_LOG_STORAGE true
{% else %}
DISABLE_LOCAL_LOG_STORAGE false
{% endif %}
{% endif %}
{% if helpers.exists('OPNsense.maltrail.sensor.enabled') and OPNsense.maltrail.sensor.enabled == '1' %}
{% if helpers.exists('OPNsense.maltrail.sensor.syslogserver') and OPNsense.maltrail.sensor.syslogserver != '' %}
SYSLOG_SERVER {{ OPNsense.maltrail.sensor.syslogserver }}:{{ OPNsense.maltrail.sensor.syslogport }}
{% endif %}
{% endif %}
SENSOR_NAME $HOSTNAME
CUSTOM_TRAILS_DIR /usr/local/maltrail/trails/custom/
PROCESS_COUNT $CPU_CORES
DISABLE_CPU_AFFINITY false
USE_FEED_UPDATES true
DISABLED_FEEDS turris, ciarmy, policeman, myip, alienvault
UPDATE_PERIOD {{ OPNsense.maltrail.general.updateperiod }}
USE_SERVER_UPDATE_TRAILS false
{% if helpers.exists('OPNsense.maltrail.general.heuristics') and OPNsense.maltrail.general.heuristics == '1' %}
USE_HEURISTICS true
{% else %}
USE_HEURISTICS false
{% endif %}
{% if helpers.exists('OPNsense.maltrail.general.checkhostheader') and OPNsense.maltrail.general.checkhostheader == '1' %}
CHECK_HOST_DOMAINS true
{% else %}
CHECK_HOST_DOMAINS false
{% endif %}
CHECK_MISSING_HOST false
{% if helpers.exists('OPNsense.maltrail.general.whitelist') and OPNsense.maltrail.general.whitelist != '' %}
USER_WHITELIST /usr/local/share/maltrail/misc/user_whitelist.txt
{% endif %}
CHECK_HOST_DOMAINS false
SHOW_DEBUG false
LOG_DIR /var/log/maltrail
{% if helpers.exists('OPNsense.maltrail.general.monitorinterface') and OPNsense.maltrail.general.monitorinterface != '' %}
{% set interfaces = [] %}
{% for interface in OPNsense.maltrail.general.monitorinterface.split(',') %}
{% do interfaces.append(physical_interface(interface)) %}
{% endfor %}
MONITOR_INTERFACE {{ interfaces|join(',') }}
{% else %}
MONITOR_INTERFACE any
{% endif %}
{% if helpers.empty('OPNsense.maltrail.sensor.capturebuffer') %}
CAPTURE_BUFFER 10%
{% else %}
CAPTURE_BUFFER {{OPNsense.maltrail.sensor.capturebuffer}}MB
{% endif %}
{% if helpers.exists('OPNsense.maltrail.sensor.captureall') and OPNsense.maltrail.sensor.captureall == '1' %}
CAPTURE_FILTER ip or ip6
{% else %}
CAPTURE_FILTER udp or icmp or (tcp and (tcp[tcpflags] == tcp-syn or port 80 or port 1080 or port 3128 or port 8000 or port 8080 or port 8118))
{% endif %}
USERS
admin:{{ OPNsense.maltrail.general.adminpassword }}:2000:0.0.0.0/0 # changeme!