File: ignore_udp.conf

package info (click to toggle)
psad 2.4.6-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 5,084 kB
  • sloc: perl: 13,976; ansic: 1,322; sh: 319; makefile: 18
file content (211 lines) | stat: -rw-r--r-- 8,680 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
 
EMAIL_ADDRESSES             root@localhost;
HOSTNAME                    _CHANGEME_;
HOME_NET                    any;
EXTERNAL_NET                any;
FW_SEARCH_ALL               Y;
FW_MSG_SEARCH               DROP;
SYSLOG_DAEMON               syslogd;
IFCFGTYPE                   ifconfig;
DANGER_LEVEL1               5;    ### Number of packets.
DANGER_LEVEL2               15;
DANGER_LEVEL3               150;
DANGER_LEVEL4               1500;
DANGER_LEVEL5               10000;
DL1_UNIQUE_HOSTS            10;
DL2_UNIQUE_HOSTS            20;
DL3_UNIQUE_HOSTS            50;
DL4_UNIQUE_HOSTS            100;
DL5_UNIQUE_HOSTS            500;
CHECK_INTERVAL              5;
SNORT_SID_STR               SID;
ENABLE_PSADWATCHD           Y;
PORT_RANGE_SCAN_THRESHOLD   1;
PORT_RANGE_SWEEP_THRESHOLD  0;
PROTOCOL_SCAN_THRESHOLD     5;
ENABLE_PERSISTENCE          Y;
SCAN_TIMEOUT                3600;  ### seconds
PERSISTENCE_CTR_THRESHOLD   5;
MAX_SCAN_IP_PAIRS           0;
SHOW_ALL_SIGNATURES         N;
ALERTING_METHODS            nomail;
ENABLE_SYSLOG_FILE          Y;
IPT_WRITE_FWDATA            Y;
IPT_SYSLOG_FILE             /var/log/messages;
AUTO_DETECT_JOURNALCTL      Y;
ENABLE_FW_MSG_READ_CMD      N;
FW_MSG_READ_CMD             /bin/journalctl;
FW_MSG_READ_CMD_ARGS        -f -k;
USE_FW_MSG_READ_CMD_ARGS    Y;
FW_MSG_READ_MIN_PKTS        30;
ENABLE_SIG_MSG_SYSLOG       Y;
SIG_MSG_SYSLOG_THRESHOLD    10;
SIG_SID_SYSLOG_THRESHOLD    10;
EXPECT_TCP_OPTIONS          Y;
MAX_HOPS                    20;
ENABLE_OVERRIDE_FW_CMD      N;
FW_CMD                      NONE;
FW_CMD_ARGS                 NONE;
IGNORE_KERNEL_TIMESTAMP     Y;
IGNORE_CONNTRACK_BUG_PKTS   Y;
IGNORE_PORTS                NONE;
IGNORE_PROTOCOLS            udp;
IGNORE_INTERFACES           NONE;
IGNORE_LOG_PREFIXES         NONE;
MIN_DANGER_LEVEL            1;
EMAIL_ALERT_DANGER_LEVEL    1;
ENABLE_IPV6_DETECTION       Y;
ENABLE_INTF_LOCAL_NETS      Y;
ENABLE_MAC_ADDR_REPORTING   N;
ENABLE_FW_LOGGING_CHECK     Y;
EMAIL_LIMIT                 0;
ENABLE_EMAIL_LIMIT_PER_DST  N;
EMAIL_LIMIT_STATUS_MSG      Y;
EMAIL_THROTTLE              0;
EMAIL_APPEND_HEADER         NONE;
ALERT_ALL                   Y;
IMPORT_OLD_SCANS            N;
SYSLOG_IDENTITY             psad;
SYSLOG_FACILITY             LOG_LOCAL7;
SYSLOG_PRIORITY             LOG_INFO;
TOP_PORTS_LOG_THRESHOLD     500;
STATUS_PORTS_THRESHOLD      20;
TOP_SIGS_LOG_THRESHOLD      500;
STATUS_SIGS_THRESHOLD       50;
TOP_IP_LOG_THRESHOLD        500;
STATUS_IP_THRESHOLD         25;
TOP_SCANS_CTR_THRESHOLD     1;
ENABLE_DSHIELD_ALERTS       N;
DSHIELD_ALERT_EMAIL         reports@dshield.org;
DSHIELD_ALERT_INTERVAL      6;  ### hours
DSHIELD_USER_ID             0;
DSHIELD_USER_EMAIL          NONE;
DSHIELD_DL_THRESHOLD        0;
HTTP_SERVERS                $HOME_NET;
SMTP_SERVERS                $HOME_NET;
DNS_SERVERS                 $HOME_NET;
SQL_SERVERS                 $HOME_NET;
TELNET_SERVERS              $HOME_NET;
AIM_SERVERS                 [64.12.24.0/24, 64.12.25.0/24, 64.12.26.14/24, 64.12.28.0/24, 64.12.29.0/24, 64.12.161.0/24, 64.12.163.0/24, 205.188.5.0/24, 205.188.9.0/24];
HTTP_PORTS                  80;
SHELLCODE_PORTS             !80;
ORACLE_PORTS                1521;
ENABLE_SNORT_SIG_STRICT     Y;
ENABLE_AUTO_IDS             N;
AUTO_IDS_DANGER_LEVEL       5;
AUTO_BLOCK_TIMEOUT          3600;
AUTO_BLOCK_DL1_TIMEOUT      $AUTO_BLOCK_TIMEOUT;
AUTO_BLOCK_DL2_TIMEOUT      $AUTO_BLOCK_TIMEOUT;
AUTO_BLOCK_DL3_TIMEOUT      $AUTO_BLOCK_TIMEOUT;
AUTO_BLOCK_DL4_TIMEOUT      $AUTO_BLOCK_TIMEOUT;
AUTO_BLOCK_DL5_TIMEOUT      0;   ### permanent
ENABLE_AUTO_IDS_REGEX       N;
AUTO_BLOCK_REGEX            ESTAB;  ### from fwsnort logging prefixes
ENABLE_RENEW_BLOCK_EMAILS   N;
ENABLE_AUTO_IDS_EMAILS      Y;
IPTABLES_BLOCK_METHOD       Y;
IPT_AUTO_CHAIN1             DROP, src, filter, INPUT, 1, PSAD_BLOCK_INPUT, 1;
IPT_AUTO_CHAIN2             DROP, dst, filter, OUTPUT, 1, PSAD_BLOCK_OUTPUT, 1;
IPT_AUTO_CHAIN3             DROP, both, filter, FORWARD, 1, PSAD_BLOCK_FORWARD, 1;
FLUSH_IPT_AT_INIT           Y;
IPTABLES_PREREQ_CHECK       1;
TCPWRAPPERS_BLOCK_METHOD    N;
ENABLE_WHOIS_LOOKUPS        Y;
WHOIS_TIMEOUT               60;  ### seconds
WHOIS_LOOKUP_THRESHOLD      20;
ENABLE_WHOIS_FORCE_ASCII    N;
ENABLE_WHOIS_FORCE_SRC_IP   N;
ENABLE_DNS_LOOKUPS          Y;
DNS_LOOKUP_THRESHOLD        20;
ENABLE_EXT_SCRIPT_EXEC      N;
EXTERNAL_SCRIPT             /bin/true;
EXEC_EXT_SCRIPT_PER_ALERT   N;
ENABLE_EXT_BLOCK_SCRIPT_EXEC      N;
EXTERNAL_BLOCK_SCRIPT             /bin/true;
ENABLE_CUSTOM_SYSLOG_TS_RE      N;
CUSTOM_SYSLOG_TS_RE             ^\s*((?:\S+\s+){2}\S+)\s+(\S+)\s+kernel\:;
DISK_CHECK_INTERVAL         300;  ### seconds
DISK_MAX_PERCENTAGE         95;
DISK_MAX_RM_RETRIES         10;
ENABLE_SCAN_ARCHIVE         N;
TRUNCATE_FWDATA             Y;
MIN_ARCHIVE_DANGER_LEVEL    1;
MAIL_ALERT_PREFIX           [psad-alert];
MAIL_STATUS_PREFIX          [psad-status];
MAIL_ERROR_PREFIX           [psad-error];
MAIL_FATAL_PREFIX           [psad-fatal];
SIG_UPDATE_URL              http://www.cipherdyne.org/psad/signatures;
PSADWATCHD_CHECK_INTERVAL   5;  ### seconds
PSADWATCHD_MAX_RETRIES      10;
INSTALL_ROOT                psad-install;
PSAD_DIR                    $INSTALL_ROOT/var/log/psad;
PSAD_RUN_DIR                $INSTALL_ROOT/var/run/psad;
PSAD_FIFO_DIR               $INSTALL_ROOT/var/lib/psad;
PSAD_LIBS_DIR               $INSTALL_ROOT/usr/lib/psad;
PSAD_CONF_DIR               $INSTALL_ROOT/etc/psad;
PSAD_ERR_DIR                $PSAD_DIR/errs;
CONF_ARCHIVE_DIR            $PSAD_CONF_DIR/archive;
SCAN_DATA_ARCHIVE_DIR       $PSAD_DIR/scan_archive;
ANALYSIS_MODE_DIR           $PSAD_DIR/ipt_analysis;
SNORT_RULES_DIR             $PSAD_CONF_DIR/snort_rules;
FWSNORT_RULES_DIR           /etc/fwsnort/snort_rules;  ### may not exist
FW_DATA_FILE                $PSAD_DIR/fwdata;
ULOG_DATA_FILE              $PSAD_DIR/ulogd.log;
FW_CHECK_FILE               $PSAD_DIR/fw_check;
DSHIELD_EMAIL_FILE          $PSAD_DIR/dshield.email;
SIGS_FILE                   $PSAD_CONF_DIR/signatures;
PROTOCOLS_FILE              $PSAD_CONF_DIR/protocols;
ICMP_TYPES_FILE             $PSAD_CONF_DIR/icmp_types;
ICMP6_TYPES_FILE            $PSAD_CONF_DIR/icmp6_types;
AUTO_DL_FILE                $PSAD_CONF_DIR/auto_dl;
SNORT_RULE_DL_FILE          $PSAD_CONF_DIR/snort_rule_dl;
POSF_FILE                   $PSAD_CONF_DIR/posf;
P0F_FILE                    $PSAD_CONF_DIR/pf.os;
IP_OPTS_FILE                $PSAD_CONF_DIR/ip_options;
PSAD_FIFO_FILE              $PSAD_FIFO_DIR/psadfifo;
ETC_HOSTS_DENY_FILE         /etc/hosts.deny;
ETC_SYSLOG_CONF             /etc/syslog.conf;
ETC_RSYSLOG_CONF            /etc/rsyslog.conf;
ETC_SYSLOGNG_CONF           /etc/syslog-ng/syslog-ng.conf;
ETC_METALOG_CONF            /etc/metalog/metalog.conf;
STATUS_OUTPUT_FILE          $PSAD_DIR/status.out;
ANALYSIS_OUTPUT_FILE        $PSAD_DIR/analysis.out;
INSTALL_LOG_FILE            $PSAD_DIR/install.log;
PSAD_PID_FILE               $PSAD_RUN_DIR/psad.pid;
PSAD_FW_READ_PID_FILE       $PSAD_RUN_DIR/psad_fw_read.pid;
PSAD_CMDLINE_FILE           $PSAD_RUN_DIR/psad.cmd;
KMSGSD_PID_FILE             $PSAD_RUN_DIR/kmsgsd.pid;
PSADWATCHD_PID_FILE         $PSAD_RUN_DIR/psadwatchd.pid;
AUTO_BLOCK_IPT_FILE         $PSAD_DIR/auto_blocked_iptables;
AUTO_BLOCK_TCPWR_FILE       $PSAD_DIR/auto_blocked_tcpwr;
AUTO_IPT_SOCK               $PSAD_RUN_DIR/auto_ipt.sock;
FW_ERROR_LOG                $PSAD_ERR_DIR/fwerrorlog;
PRINT_SCAN_HASH             $PSAD_DIR/scan_hash;
PROC_FORWARD_FILE           /proc/sys/net/ipv4/ip_forward;
PACKET_COUNTER_FILE         $PSAD_DIR/packet_ctr;
TOP_SCANNED_PORTS_FILE      $PSAD_DIR/top_ports;
TOP_SIGS_FILE               $PSAD_DIR/top_sigs;
TOP_ATTACKERS_FILE          $PSAD_DIR/top_attackers;
DSHIELD_COUNTER_FILE        $PSAD_DIR/dshield_ctr;
IPT_PREFIX_COUNTER_FILE     $PSAD_DIR/ipt_prefix_ctr;
IPT_OUTPUT_PATTERN          psad_iptout.XXXXXX;
IPT_ERROR_PATTERN           psad_ipterr.XXXXXX;
iptablesCmd      /sbin/iptables;
ip6tablesCmd     /sbin/ip6tables;
shCmd            /bin/sh;
wgetCmd          /usr/bin/wget;
gzipCmd          /bin/gzip;
mknodCmd         /bin/mknod;
psCmd            /bin/ps;
mailCmd          /bin/mail;
sendmailCmd      /usr/sbin/sendmail;
ifconfigCmd      /sbin/ifconfig;
ipCmd            /sbin/ip;
killallCmd       /usr/bin/killall;
netstatCmd       /bin/netstat;
unameCmd         /bin/uname;
whoisCmd         $INSTALL_ROOT/usr/bin/whois_psad;
dfCmd            /bin/df;
fwcheck_psadCmd  $INSTALL_ROOT/usr/sbin/fwcheck_psad;
psadwatchdCmd    $INSTALL_ROOT/usr/sbin/psadwatchd;
kmsgsdCmd        $INSTALL_ROOT/usr/sbin/kmsgsd;
psadCmd          $INSTALL_ROOT/usr/sbin/psad;