--------------------------------------------------
# DEV_SPACE:device:min_space_kb
# arg "-dev" for disable.
DEV_SPACE:wd0a:8000
DEV_SPACE:wd0s1f:100000
DEV_SPACE:wd0s1e:50000
--------------------------------------------------
# FS_SPACE:dir_or_file:max_space_kb
# arg "-fs" for disable.
FS_SPACE:/etc:5000
FS_SPACE:/var/log:10000
FS_SPACE:/usr/local/bin:100000
FS_SPACE:/var/log/syslog:20000
--------------------------------------------------
# PROC:prog_name:max_forks:max_size_kb, 0-ignore
# arg "-proc" for disable.
PROC:syslogd:0:1000
PROC:trafd:30:30000
PROC:named:0:5000
PROC:snmpd:0:1000
--------------------------------------------------
# NETSERVICE;host;port;timeout;send data;wait for data
# arg "-ns" for disable. !!! Use ';' instead ':' !!!
NETSERVICE;www.opennet.ru;80;20;GET http://www.opennet.me/under.shtml;SKYNET
NETSERVICE;www.skyway.ru;80;5;GET http://www.skyway.ru/under.shtml;SKYNET
NETSERVICE;www.linux.opennet.ru;80;5;GET http://www.linux.opennet.ru/index.html;Chirkov
NETSERVICE;ftp.opennet.ru;21;5;QUIT;FTP server
NETSERVICE;boa.opennet.ru;25;5;QUIT;ESMTP
NETSERVICE;boa.opennet.ru;110;5;QUIT;POP3 Server
--------------------------------------------------
# DNS:name_server:host_name
# arg "-dns" for disable.
DNS:195.161.17.65:www.opennet.ru
DNS:ns.tyumen.ru:boa.opennet.ru
DNS:ns.sibtel.ru:pentagon.opennet.ru
--------------------------------------------------
# PING:host_name
# arg "-ping" for disable.
PING:boa.opennet.ru
PING:www.tyumen.ru
PING:127.0.0.1
PING:www.online.ru
PING:www.cdrom.com
--------------------------------------------------
# INTERFACE:infterface_name[-alias]
# arg "-if" for disable.
INTERFACE:cx0
INTERFACE:lo
INTERFACE:ed2
INTERFACE:ed3
--------------------------------------------------
# ROUTE:ip_mask
# arg "-rt" for disable.
ROUTE:195.161.17.64
ROUTE:195.161.17.96
ROUTE:default
--------------------------------------------------
# SUID:dir_for_check:suid_prog_list_flag (1- list all suid programm, 0- silence)
# All suid files defined in stoplist will be ignored !
# arg "-suid" for disable.
SUID:/bin:1
SUID:/sbin:0
SUID:/usr/bin:0
SUID:/usr/sbin:0
--------------------------------------------------
# STOP_LIST:file_for_check
# arg "-make_stop_list" to create raw stoplist block at the end of the
# configuretion file.
# arg "-slist" for disable.
#
STOP_LIST:/sbin/ping
STOP_LIST:/usr/bin/su
STOP_LIST:/usr/bin/login
STOP_LIST:/usr/bin/passwd
STOP_LIST:/usr/sbin/traceroute
STOP_LIST:/usr/local/bin/sudo
STOP_LIST:/usr/sbin/sendmail
--------------------------------------------------
# LOG_MON:log_path:perform_last_N_lines
# arg "-log" for disable.
LOG_MON:/var/log/messages:100
LOG_MON:/var/log/syslog:100
--------------------------------------------------
# LOG_INFO:regular_expressions for awk
# LOG_INFO:"END_OF_LIST"
LOG_INFO:getstatd.admin
LOG_INFO:getstatd.+request.+user
LOG_INFO:error
LOG_INFO:panic
LOG_INFO:failure
LOG_INFO:deny
LOG_INFO:fatal
LOG_INFO:ping
LOG_INFO:telnet
LOG_INFO:attack
LOG_INFO:reject
LOG_INFO:incorrect
LOG_INFO:illegal
LOG_INFO:wrong
LOG_INFO:failed
LOG_INFO:denied
LOG_INFO:refused
LOG_INFO:bad
LOG_INFO:permitted
LOG_INFO:END_OF_LIST
--------------------------------------------------
# Don't edit below ! Use arg "-make_stop_list" to create stoplist block.
[RAW_STOP_LIST]
|