forked from trustedsec/artillery
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconfig
153 lines (153 loc) · 5.05 KB
/
config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
########################################################################################
#
# This is the Artillery configuration file. Change these variables and flags to change how
# this behaves.
#
# Artillery written by: Dave Kennedy (ReL1K)
# Website: https://www.binarydefense.com
# Email: info [at] binarydefense.com
# Download: git clone https://github.com/trustedsec/artillery artillery/
# Install: python setup.py
#
############################################################################################
#
# DETERMINE IF YOU WANT TO MONITOR OR NOT
MONITOR=ON
#
# THESE ARE THE FOLDERS TO MONITOR, TO ADD MORE, JUST DO "/root","/var/", etc.
MONITOR_FOLDERS="/var/www","/etc/"
#
# BASED ON SECONDS, 2 = 2 seconds.
MONITOR_FREQUENCY=60
#
# PORT 22 CHECK
SSH_DEFAULT_PORT_CHECK=ON
#
# EXCLUDE CERTAIN DIRECTORIES OR FILES. USE FOR EXAMPLE: /etc/passwd,/etc/hosts.allow
EXCLUDE=
#
# DO YOU WANT TO AUTOMATICALLY BAN ON THE HONEYPOT
HONEYPOT_BAN=ON
#
# WHITELIST IP ADDRESSES, SPECIFY BY COMMAS ON WHAT IP ADDRESSES YOU WANT TO WHITELIST
WHITELIST_IP=127.0.0.1,localhost
#
# PORTS TO SPAWN HONEYPOT FOR
PORTS="135,445,22,1433,3389,8080,21,5900,25,53,110,1723,1337,10000,5800,44443"
#
EMAIL_ALERTS=OFF
#
# CURRENT SUPPORT IS FOR SMTP, ENTER YOUR USERNAME AND PASSWORD HERE. LEAVE BLANK FOR OPEN RELAY
SMTP_USERNAME=""
#
# ENTER THE SMTP PASSWORD HERE. LEAVE BLANK FOR OPEN RELAY
SMTP_PASSWORD=""
#
# THIS IS WHO TO SEND THE ALERTS TO - EMAILS WILL BE SENT FROM ARTILLERY TO THIS ADDRESS
ALERT_USER_EMAIL="user@whatever.com"
#
# FOR SMTP ONLY HERE, THIS IS THE MAILTO
SMTP_FROM="Artillery Incident"
#
# SMTP ADDRESS FOR SENDING EMAILS, DEFAULT IS GMAIL
SMTP_ADDRESS="smtp.gmail.com"
#
# SMTP PORT FOR SENDING EMAILS DEFAULT IS GMAIL WITH TTLS
SMTP_PORT="587"
#
# THIS WILL SEND EMAILS OUT DURING A CERTAIN FREQUENCY. IF THIS IS SET TO OFF, ALERTS
# WILL BE SENT AUTOMATICALLY AS THEY HAPPEN (CAN LEAD TO A LOT OF SPAM)
EMAIL_TIMER=ON
#
# HOW OFTEN DO YOU WANT TO SEND EMAIL ALERTS (DEFAULT 10 MINUTES)
EMAIL_FREQUENCY=600
#
# DO YOU WANT TO MONITOR SSH BRUTE FORCE ATTEMPTS
SSH_BRUTE_MONITOR=ON
#
# HOW MANY ATTEMPTS BEFORE YOU BAN
SSH_BRUTE_ATTEMPTS=4
#
# DO YOU WANT TO MONITOR FTP BRUTE FORCE ATTEMPTS
FTP_BRUTE_MONITOR=OFF
#
# HOW MANY ATTEMPTS BEFORE YOU BAN
FTP_BRUTE_ATTEMPTS=4
#
# DO YOU WANT TO DO AUTOMATIC UPDATES. TYPE ON OR OFF
AUTO_UPDATE=OFF
#
# ANTI DOS WILL CONFIGURE MACHINE TO THROTTLE CONNECTIONS, TURN THIS OFF IF YOU DO NOT WANT TO USE
ANTI_DOS=ON
#
# THESE ARE THE PORTS THAT WILL PROVIDE ANTI-DOS PROTECTION
ANTI_DOS_PORTS=80,443
#
# THIS WILL THROTTLE HOW MANY CONNECTIONS PER MINUTE ARE ALLOWED HOWEVER THE BURST WILL ENFORCE THIS
ANTI_DOS_THROTTLE_CONNECTIONS=50
#
# THIS WILL ONLY ALLOW A CERTAIN BURST PER MINUTE THEN WILL ENFORCE AND NOT ALLOW ANYMORE TO CONNECT
ANTI_DOS_LIMIT_BURST=200
#
# THIS IS THE PATH FOR THE APACHE LOG FILES INCLUDING ERROR AND ACCESS
ACCESS_LOG=/var/log/apache2/access.log
ERROR_LOG=/var/log/apache2/error.log
#
# THIS ALLOWS YOU TO SPECIFY AN IP ADDRESS. LEAVE THIS BLANK TO BIND TO ALL INTERFACES. EXAMPLE BIND_IP="192.168.1.154"
BIND_INTERFACE=""
#
# THIS TURNS ON THE THREAT INTELLIGENCE FEED, THIS WILL CALL TO HTTPS://WWW.TRUSTEDSEC.COM/banlist.txt IN ORDER TO FIND
# ALREADY KNOWN MALICIOUS WEBSITES. WILL PULL EVERY 24 HOURS
THREAT_INTELLIGENCE_FEED=OFF
#
# CONFIGURE THIS TO BE WHATEVER THREAT FEED YOU WANT BY DEFAULT IT WILL USE TRUSTEDSEC
# NOTE YOU CAN SPECIFY MULTIPLE THREAT FEEDS BY DOING http://urlthreatfeed1,http://urlthreadfeed2
THREAT_FEED="https://www.binarydefense.com/banlist.txt"
#
# A THREAT SERVER IS A SERVER THAT WILL COPY THE BANLIST.TXT TO A PUBLIC HTTP LOCATION TO BE PULLED BY
# OTHER ARTILLERY SERVER. THIS IS USED IF YOU DO NOT WANT TO USE THE STANDARD TRUSTEDSEC ONE.
#
# THIS WILL DETECT IF A THREAT SERVER IS NEEDED, AS IN IT WILL COPY TO /var/www/ FOR YOU AUTOMATICALLY
THREAT_SERVER="OFF"
#
# PUBLIC LOCATION TO PULL VIA HTTP ON THE THREAT SERVER. NOTE THAT THREAT SERVER MUST BE SET TO ON
THREAT_LOCATION="/var/www/"
#
# THIS CHECKS TO SEE WHAT PERMISSIONS ARE RUNNING AS ROOT IN A WEB SERVER DIRECTORY
ROOT_CHECK=ON
#
# Specify SYSLOG TYPE to be local, file or remote. LOCAL will pipe to syslog, REMOTE will pipe to remote SYSLOG, and file will send to alerts.log in local artillery directory
SYSLOG_TYPE=FILE
#
# IF YOU SPECIFY SYSLOG TYPE TO REMOTE, SPECIFY A REMOTE SYSLOG SERVER TO SEND ALERTS TO
SYSLOG_REMOTE_HOST="192.168.0.1"
#
# TURN ON CONSOLE LOGGING
CONSOLE_LOGGING=OFF
#
# THIS ARTILLERY INSTANCE IS A CONFIGURATION SERVER?
CONFIG_SERVER=OFF
#
# LOCKED CONFIGUATION ITEMS (CONFIG_SERVER_MASTER OVERRIDES CLIENT ON CHECKIN)
CONFIG_SERVER_DISABLED_ITEMS="CONFIG_REMOTE_HOST"
#
# THIS ARTILLERY INSTANCE IS A CONFIGURATION CLIENT? Will override server functionality if enabled
CONFIG_CLIENT=OFF
#
# HOW OFTEN TO CHECK IN WITH SERVER
CONFIG_FREQUENCY=60
#
# ARTILLERY SERVER URL/IP
CONFIG_REMOTE_HOST=127.0.0.1
#
# ARTILLERY SERVER PORT
CONFIG_REMOTE_PORT=34875
#
# ARTILLERY SERVER SECRET
CONFIG_REMOTE_SECRET=huggoatsforfunandprofit
#
# ENABLE BAN ON CONTINUED 404
BAN_ON_404=OFF
#
# NUMBER OF 404s IN 24 HOURS TO BAN 0 = disable (BE CAREFUL...)
NUM_404=15