X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Fvuurmuur%2Fconfig.conf;h=37bc4587124f793b2896752691e49bb5cf0e96ac;hb=refs%2Fheads%2Fds-host;hp=3051ca740a38f59c6d84ccfbef5de70721e0b7cd;hpb=b821f2dd223b5ca3b56ef45f856881c533c8303b;p=matthijs%2Fservers%2Fdrsnuggles.git diff --git a/etc/vuurmuur/config.conf b/etc/vuurmuur/config.conf index 3051ca7..37bc458 100644 --- a/etc/vuurmuur/config.conf +++ b/etc/vuurmuur/config.conf @@ -22,7 +22,7 @@ IPTABLES="/sbin/iptables" IPTABLES_RESTORE="/sbin/iptables-restore" # Location of the conntrack-command (full path). -CONNTRACK="" +CONNTRACK="/usr/sbin/conntrack" # Location of the tc-command (full path). TC="" @@ -30,6 +30,9 @@ TC="" # Location of the modprobe-command (full path). MODPROBE="/sbin/modprobe" +# Maximum permissions for config and log files and directories. +MAX_PERMISSION="755" + # Load modules if needed? (yes/no) LOAD_MODULES="No" @@ -44,7 +47,7 @@ OLD_CREATE_METHOD="No" LOGDIR="/var/log/vuurmuur" # The logfile where the kernel writes the logs to e.g. /var/log/messages (full path). -SYSTEMLOG="/var/log/messages" +SYSTEMLOG="/var/log/rsyslog/syslog" # The loglevel to use when logging traffic. For use with syslog. LOGLEVEL="info" @@ -56,38 +59,38 @@ DYN_INT_CHECK="No" DYN_INT_INTERVAL="30" # LOG_POLICY controls the logging of the default policy. -LOG_POLICY="Yes" +LOG_POLICY="No" # LOG_POLICY_LIMIT sets the maximum number of logs per second. LOG_POLICY_LIMIT="20" # LOG_BLOCKLIST enables/disables logging of items on the blocklist. -LOG_BLOCKLIST="Yes" +LOG_BLOCKLIST="No" # LOG_INVALID enables/disables logging of INVALID traffic. -LOG_INVALID="Yes" +LOG_INVALID="No" # LOG_NO_SYN enables/disables logging of new tcp packets without the SIN flag set. -LOG_NO_SYN="Yes" +LOG_NO_SYN="No" # LOG_PROBES enables/disables logging of probes. Probes are packets that are used in portscans. -LOG_PROBES="Yes" +LOG_PROBES="No" # LOG_FRAG enables/disables logging of fragmented packets. -LOG_FRAG="Yes" +LOG_FRAG="No" # LOG_TCP_OPTIONS controls the logging of tcp options. This is. # not used by Vuurmuur itself. PSAD 1.4.x uses it for OS-detection. LOG_TCP_OPTIONS="No" # SYN_LIMIT sets the maximum number of SYN-packets per second. -USE_SYN_LIMIT="Yes" +USE_SYN_LIMIT="No" SYN_LIMIT="15" SYN_LIMIT_BURST="30" # UDP_LIMIT sets the maximum number of udp 'connections' per second. -USE_UDP_LIMIT="Yes" +USE_UDP_LIMIT="No" UDP_LIMIT="10" UDP_LIMIT_BURST="60"