Created
January 25, 2017 22:19
-
-
Save beatwiz/eeb2c50db763393e082e5dd0c0bf8c24 to your computer and use it in GitHub Desktop.
le good old dfix conf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # DFIX Configuration File. | |
| # | |
| # Dovecot Process limits | |
| # | |
| # When the number of Dovecot processes exceeds the MAX value, dfix will stop dovecot until the number of processes | |
| # drops beliw the MIN value. | |
| MIN=10 | |
| MAX=50 | |
| # DFix looks at a subset of the last X records in each of the log files that it uses. The following | |
| # settings define how many lines to look at for each logfile. | |
| # MAILRECS: /var/log/maillog | |
| # Recommended value 5000. This should be this large to allow for a busy mail server. | |
| MAILRECS=5000 | |
| # GOODRECS: /var/log/maillog | |
| # This is the auto whitelist from the maillog. | |
| # Recommended value 20000. This value was chosen to be this big because we dont want | |
| # to expire whitelist entries too quickly. | |
| GOODRECS=20000 | |
| # FTPRECS: /var/log/secure | |
| # This logfile is used to detect failed ftp logins. | |
| # Recommended value 100. Increase this value if blocked ftp attacks expire too quickly. | |
| FTPRECS=100 | |
| # HTTPRECS: /var/log/httpd/access_log | |
| # This logfile is used to detect RFI attacks via your apache server. | |
| # Recommended value 5000. Increase this value if you have a busy web server and web | |
| # blocks expire too quickly. | |
| HTTPRECS=5000 | |
| # MSGRECS: /var/log/messages | |
| # This log file contains some information from many sources. We are looking for | |
| # dns server attacks in here. | |
| # Recommended value 1000. Increase this value if you have recurrant DNS attacks that | |
| # are not being blocked for long enough. | |
| MSGRECS=1000 | |
| # | |
| # Thresholds for the above are listed below | |
| # | |
| # BADHITS - We count the number of hits in the log entries that are filtered above. If the | |
| # threshold is breached, we will block traffic for the bad IP. Of course, we will ignore | |
| # any whitelisted entries. | |
| BADHITS=4 | |
| #################################### experimental values ################################## | |
| #The values below were added as a result of a feature request. The standard values when | |
| #you installed dfix will disable this feature. | |
| # | |
| #Only change these values if you know what you are doing! | |
| # ERECS: /var/log/httpd/error_log | |
| # This log file is used to detect attacks against your web server. In particular, it | |
| # shows file not found messages. Note that there is a seperate threshold for this logfile. | |
| ERECS=1 | |
| # ERRORHITS - This is a new threshold for stuff that is not necessarily bad. In particular | |
| # we are looking at file not found entries in the apache error_log. If you are getting | |
| # false positives, increase the threshold. | |
| ERRORHITS=2 | |
| ########################################################################################### | |
| # | |
| # DEBUG SETTINGS | |
| # | |
| # There are 4 debug levels. | |
| # 0 = silent | |
| # 1 = brief | |
| # 2 = verbose | |
| # 3 = super verbose | |
| DEBUG=2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment