ChipMaster
/
Poor-Mans-IDS
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
The Poor Man's (or Woman's) Intrusion Detection System
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21 Commits
1 Branch
133 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Poor-Mans-IDS/sample.conf

sample.conf 1.0 KiB
Raw Permalink Normal View History

Begin realtime tracking * Program to run as daemon and listen to SysLogD on a pipe. * C++CMS web app to show accumulated domain names and set their status * Sample configs to be used to set things up
2 years ago
v0.10 badtrafficrpt ignores and smooth trafficctrl * Add ignore lists to badtrafficrpt. * trafficctrl now carries the "decision" from POST to POST. * New trafficmon_cron to find new DNS and classify DNS names. * Remove the DNS "catch up" process from the control panel. * Wild card accepts Trafficctrl doesn't cull new names from the DB anymore. That's now up to trafficmon_cron. Trafficmon_cron will also apply wildcard accepts as well as blocks to newly found names. So if you decide a domain is OK you don't have to be harrased with every new host/subdomain.
2 weeks ago
Begin realtime tracking * Program to run as daemon and listen to SysLogD on a pipe. * C++CMS web app to show accumulated domain names and set their status * Sample configs to be used to set things up
2 years ago
v0.10 badtrafficrpt ignores and smooth trafficctrl * Add ignore lists to badtrafficrpt. * trafficctrl now carries the "decision" from POST to POST. * New trafficmon_cron to find new DNS and classify DNS names. * Remove the DNS "catch up" process from the control panel. * Wild card accepts Trafficctrl doesn't cull new names from the DB anymore. That's now up to trafficmon_cron. Trafficmon_cron will also apply wildcard accepts as well as blocks to newly found names. So if you decide a domain is OK you don't have to be harrased with every new host/subdomain.
2 weeks ago
 1234567891011121314151617181920212223242526272829303132333435 
  1. # This is a sample config file. A single file can be used as repository of

  2. # information for all of the tools in this package, other than "trafficctrl",

  3. # since its a C++CMS app and C++CMS needs JSON to setup its features.

  4. 

  5. # List of address prefixes that represent our networks (us)

  6. [us]

  7. 192.168.1.

  8. 

  9. 

  10. 

  11. # Traffic monitor (trafficmon) settings

  12. [Traffic Mon]

  13. db user     = 

  14. db password = 

  15. db name     = 

  16. # db host   =

  17. 

  18. 

  19. 

  20. # Sample List of connections to ignore. This is used by iptraffic and

  21. # badtrafficrpt.

  22. # Format (TSV):

  23. # us_IP	us_port	them_IP	them_port	them_name	proto	in

  24. # * can be used to match all in the *_IP, "them_name" and "proto" fields.

  25. # 0 is the wild card for ports. No wild card for "in".

  26. # *_IP fields can be prefixes ending in the appropriate address component

  27. #   separator. This means you can only mask on the three standard IPv4

  28. #   classes (A, B & C). IPv6 can mask on any 16bit boundary.

  29. [ignores]

  30. 

  31. # muttering to self

  32. 127.0.0.1	0	127.0.0.1	0	*	*	0

  33. 127.0.0.1	0	127.0.0.1	0	*	*	1

  34. ::1	53	::1	0	*	*	0

  35. ::1	53	::1	0	*	*	1