forked from trustedsec/artillery
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig
128 lines (128 loc) · 4.26 KB
/
config
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
#############################################################################################
#
# This is the Artillery configuration file. Change these variables and flags to change how
# this behaves.
#
# Artillery written by: Dave Kennedy (ReL1K)
# Website: https://www.trustedsec.com
# Email: info [at] trustedsec.com
# Download: git clone https://github.com/trustedsec/artillery artillery/
# Install: python setup.py
#
#############################################################################################
#
# DETERMINE IF YOU WANT TO MONITOR OR NOT
MONITOR=ON
#
# THESE ARE THE FOLDERS TO MONITOR, TO ADD MORE, JUST DO "/root","/var/", etc.
MONITOR_FOLDERS="/var/www","/etc/"
#
# BASED ON SECONDS, 2 = 2 seconds.
MONITOR_FREQUENCY=60
#
# PORT 22 CHECK
SSH_DEFAULT_PORT_CHECK=ON
#
# EXCLUDE CERTAIN DIRECTORIES OR FILES. USE FOR EXAMPLE: /etc/passwd,/etc/hosts.allow
EXCLUDE=
#
# DO YOU WANT TO AUTOMATICALLY BAN ON THE HONEYPOT
HONEYPOT_BAN=ON
#
# WHITELIST IP ADDRESSES, SPECIFY BY COMMAS ON WHAT IP ADDRESSES YOU WANT TO WHITELIST
WHITELIST_IP=127.0.0.1,localhost
#
# PORTS TO SPAWN HONEYPOT FOR
PORTS="135,445,22,1433,3389,8080,21,5900,25,53,110,1723,1337,10000,5800,44443"
#
EMAIL_ALERTS=OFF
#
# CURRENT SUPPORT IS FOR SMTP, ENTER YOUR USERNAME AND PASSWORD HERE. LEAVE BLANK FOR OPEN RELAY
SMTP_USERNAME=""
#
# ENTER THE SMTP PASSWORD HERE. LEAVE BLANK FOR OPEN RELAY
SMTP_PASSWORD=""
#
# THIS IS WHO TO SEND THE ALERTS TO - EMAILS WILL BE SENT FROM ARTILLERY TO THIS ADDRESS
ALERT_USER_EMAIL="[email protected]"
#
# FOR SMTP ONLY HERE, THIS IS THE MAILTO
SMTP_FROM="Artillery Incident"
#
# SMTP ADDRESS FOR SENDING EMAILS, DEFAULT IS GMAIL
SMTP_ADDRESS="smtp.gmail.com"
#
# SMTP PORT FOR SENDING EMAILS DEFAULT IS GMAIL WITH TTLS
SMTP_PORT="587"
#
# THIS WILL SEND EMAILS OUT DURING A CERTAIN FREQUENCY. IF THIS IS SET TO OFF, ALERTS
# WILL BE SENT AUTOMATICALLY AS THEY HAPPEN (CAN LEAD TO A LOT OF SPAM)
EMAIL_TIMER=ON
#
# HOW OFTEN DO YOU WANT TO SEND EMAIL ALERTS (DEFAULT 10 MINUTES)
EMAIL_FREQUENCY=600
#
# DO YOU WANT TO MONITOR SSH BRUTE FORCE ATTEMPTS
SSH_BRUTE_MONITOR=ON
#
# HOW MANY ATTEMPTS BEFORE YOU BAN
SSH_BRUTE_ATTEMPTS=4
#
# DO YOU WANT TO MONITOR FTP BRUTE FORCE ATTEMPTS
FTP_BRUTE_MONITOR=OFF
#
# HOW MANY ATTEMPTS BEFORE YOU BAN
FTP_BRUTE_ATTEMPTS=4
#
# DO YOU WANT TO DO AUTOMATIC UPDATES. TYPE ON OR OFF
AUTO_UPDATE=OFF
#
# ANTI DOS WILL CONFIGURE MACHINE TO THROTTLE CONNECTIONS, TURN THIS OFF IF YOU DO NOT WANT TO USE
ANTI_DOS=ON
#
# THESE ARE THE PORTS THAT WILL PROVIDE ANTI-DOS PROTECTION
ANTI_DOS_PORTS=80,443
#
# THIS WILL THROTTLE HOW MANY CONNECTIONS PER MINUTE ARE ALLOWED HOWEVER THE BURST WILL ENFORCE THIS
ANTI_DOS_THROTTLE_CONNECTIONS=50
#
# THIS WILL ONLY ALLOW A CERTAIN BURST PER MINUTE THEN WILL ENFORCE AND NOT ALLOW ANYMORE TO CONNECT
ANTI_DOS_LIMIT_BURST=200
#
# THIS IS THE PATH FOR THE APACHE LOG FILES INCLUDING ERROR AND ACCESS
ACCESS_LOG=/var/log/apache2/access.log
ERROR_LOG=/var/log/apache2/error.log
#
# THIS ALLOWS YOU TO SPECIFY AN IP ADDRESS. LEAVE THIS BLANK TO BIND TO ALL INTERFACES. EXAMPLE BIND_IP="192.168.1.154"
BIND_INTERFACE=""
#
# THIS TURNS ON THE THREAT INTELLIGENCE FEED, THIS WILL CALL TO HTTPS://WWW.TRUSTEDSEC.COM/banlist.txt IN ORDER TO FIND
# ALREADY KNOWN MALICIOUS WEBSITES. WILL PULL EVERY 24 HOURS
THREAT_INTELLIGENCE_FEED=OFF
#
# CONFIGURE THIS TO BE WHATEVER THREAT FEED YOU WANT BY DEFAULT IT WILL USE TRUSTEDSEC
# NOTE YOU CAN SPECIFY MULTIPLE THREAT FEEDS BY DOING http://urlthreatfeed1,http://urlthreadfeed2
THREAT_FEED="https://www.trustedsec.com/banlist.txt"
#
# A THREAT SERVER IS A SERVER THAT WILL COPY THE BANLIST.TXT TO A PUBLIC HTTP LOCATION TO BE PULLED BY
# OTHER ARTILLERY SERVER. THIS IS USED IF YOU DO NOT WANT TO USE THE STANDARD TRUSTEDSEC ONE.
#
# THIS WILL DETECT IF A THREAT SERVER IS NEEDED, AS IN IT WILL COPY TO /var/www/ FOR YOU AUTOMATICALLY
THREAT_SERVER="OFF"
#
# PUBLIC LOCATION TO PULL VIA HTTP ON THE THREAT SERVER. NOTE THAT THREAT SERVER MUST BE SET TO ON
THREAT_LOCATION="/var/www/"
#
# THIS CHECKS TO SEE WHAT PERMISSIONS ARE RUNNING AS ROOT IN A WEB SERVER DIRECTORY
ROOT_CHECK=ON
#
# Specify SYSLOG TYPE to be local or remote.
SYSLOG_TYPE=LOCAL
#
# IF YOU SPECIFY SYSLOG TYPE TO REMOTE, SPECIFY A REMOTE SYSLOG SERVER TO SEND ALERTS TO
SYSLOG_REMOTE_HOST="192.168.0.1"
#
# TURN ON CONSOLE LOGGING
CONSOLE_LOGGING=OFF
#
#