Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #############################################################################################
- #
- # This is the Artillery configuration file. Change these variables and flags to change how
- # this behaves.
- #
- # Artillery written by: Dave Kennedy (ReL1K)
- # Website: https://www.binarydefense.com
- # Email: info [at] binarydefense.com
- # Download: git clone https://github.com/binarydefense/artillery artillery/
- # Install: python setup.py
- #
- #############################################################################################
- #
- # DETERMINE IF YOU WANT TO MONITOR OR NOT
- MONITOR="ON"
- #
- # THESE ARE THE FOLDERS TO MONITOR, TO ADD MORE, JUST DO "/root","/var/", etc.
- MONITOR_FOLDERS="/var/www","/root","/home"
- #
- # BASED ON SECONDS, 2 = 2 seconds.
- MONITOR_FREQUENCY="90"
- #
- # PORT 22 CHECK
- SSH_DEFAULT_PORT_CHECK="ON"
- #
- # EXCLUDE CERTAIN DIRECTORIES OR FILES. USE FOR EXAMPLE: /etc/passwd,/etc/hosts.allow
- EXCLUDE=""
- #
- # DO YOU WANT TO AUTOMATICALLY BAN ON THE HONEYPOT
- HONEYPOT_BAN="OFF"
- #
- # WHITELIST IP ADDRESSES, SPECIFY BY COMMAS ON WHAT IP ADDRESSES YOU WANT TO WHITELIST
- WHITELIST_IP="127.0.0.1,localhost"
- #
- # PORTS TO SPAWN HONEYPOT FOR
- PORTS="135,445,1433,3389,8080,21,5900,1723,1337,10000,5800,44443"
- #
- # SHOULD THE HONEYPOT AUTOMATICALLY ADD ACCEPT RULES TO THE ARTILLERY CHAIN FOR ANY PORTS ITS LISTENING ON
- HONEYPOT_AUTOACCEPT="ON"
- #
- # SHOULD EMAIL ALERTS BE SENT
- EMAIL_ALERTS="OFF"
- #
- # CURRENT SUPPORT IS FOR SMTP, ENTER YOUR USERNAME AND PASSWORD HERE. LEAVE BLANK FOR OPEN RELAY
- SMTP_USERNAME=""
- #
- # ENTER THE SMTP PASSWORD HERE. LEAVE BLANK FOR OPEN RELAY
- SMTP_PASSWORD=""
- #
- # THIS IS WHO TO SEND THE ALERTS TO - EMAILS WILL BE SENT FROM ARTILLERY TO THIS ADDRESS
- ALERT_USER_EMAIL="user@whatever.com"
- #
- # FOR SMTP ONLY HERE, THIS IS THE MAILTO
- SMTP_FROM="Artillery Incident"
- #
- # SMTP ADDRESS FOR SENDING EMAILS, DEFAULT IS GMAIL
- SMTP_ADDRESS="smtp.gmail.com"
- #
- # SMTP PORT FOR SENDING EMAILS DEFAULT IS GMAIL WITH TTLS
- SMTP_PORT="587"
- #
- # THIS WILL SEND EMAILS OUT DURING A CERTAIN FREQUENCY. IF THIS IS SET TO OFF, ALERTS
- # WILL BE SENT AUTOMATICALLY AS THEY HAPPEN (CAN LEAD TO A LOT OF SPAM)
- EMAIL_TIMER="ON"
- #
- # HOW OFTEN DO YOU WANT TO SEND EMAIL ALERTS (DEFAULT 10 MINUTES)
- EMAIL_FREQUENCY="600"
- #
- # DO YOU WANT TO MONITOR SSH BRUTE FORCE ATTEMPTS
- SSH_BRUTE_MONITOR="ON"
- #
- # HOW MANY ATTEMPTS BEFORE YOU BAN
- SSH_BRUTE_ATTEMPTS="4"
- #
- # DO YOU WANT TO MONITOR FTP BRUTE FORCE ATTEMPTS
- FTP_BRUTE_MONITOR="OFF"
- #
- # HOW MANY ATTEMPTS BEFORE YOU BAN
- FTP_BRUTE_ATTEMPTS="4"
- #
- # DO YOU WANT TO DO AUTOMATIC UPDATES. TYPE ON OR OFF
- AUTO_UPDATE="OFF"
- #
- # ANTI DOS WILL CONFIGURE MACHINE TO THROTTLE CONNECTIONS, TURN THIS OFF IF YOU DO NOT WANT TO USE
- ANTI_DOS="OFF"
- #
- # THESE ARE THE PORTS THAT WILL PROVIDE ANTI-DOS PROTECTION
- ANTI_DOS_PORTS="80,443"
- #
- # THIS WILL THROTTLE HOW MANY CONNECTIONS PER MINUTE ARE ALLOWED HOWEVER THE BURST WILL ENFORCE THIS
- ANTI_DOS_THROTTLE_CONNECTIONS="50"
- #
- # THIS WILL ONLY ALLOW A CERTAIN BURST PER MINUTE THEN WILL ENFORCE AND NOT ALLOW ANYMORE TO CONNECT
- ANTI_DOS_LIMIT_BURST="200"
- #
- # THIS IS THE PATH FOR THE APACHE LOG FILES INCLUDING ERROR AND ACCESS
- ACCESS_LOG="/var/log/apache2/access.log"
- ERROR_LOG="/var/log/apache2/error.log"
- #
- # THIS ALLOWS YOU TO SPECIFY AN IP ADDRESS. LEAVE THIS BLANK TO BIND TO ALL INTERFACES. EXAMPLE BIND_IP="192.168.1.154"
- BIND_INTERFACE=""
- #
- # THIS TURNS ON THE THREAT INTELLIGENCE FEED, THIS WILL CALL TO https://www.binarydefense.com/banlist.txt IN ORDER TO FIND
- # ALREADY KNOWN MALICIOUS WEBSITES. WILL PULL EVERY 24 HOURS
- THREAT_INTELLIGENCE_FEED="OFF"
- #
- # CONFIGURE THIS TO BE WHATEVER THREAT FEED YOU WANT BY DEFAULT IT WILL USE BINARY DEFENSE
- # NOTE YOU CAN SPECIFY MULTIPLE THREAT FEEDS BY DOING http://urlthreatfeed1,http://urlthreadfeed2
- THREAT_FEED="https://www.binarydefense.com/banlist.txt"
- #
- # A THREAT SERVER IS A SERVER THAT WILL COPY THE BANLIST.TXT TO A PUBLIC HTTP LOCATION TO BE PULLED BY
- # OTHER ARTILLERY SERVER. THIS IS USED IF YOU DO NOT WANT TO USE THE STANDARD BINARY DEFENSE ONE.
- #
- # THIS WILL DETECT IF A THREAT SERVER IS NEEDED, AS IN IT WILL COPY TO /var/www/ FOR YOU AUTOMATICALLY
- THREAT_SERVER="OFF"
- #
- # PUBLIC LOCATION TO PULL VIA HTTP ON THE THREAT SERVER. NOTE THAT THREAT SERVER MUST BE SET TO ON
- THREAT_LOCATION="/var/www/"
- #
- # THIS CHECKS TO SEE WHAT PERMISSIONS ARE RUNNING AS ROOT IN A WEB SERVER DIRECTORY
- ROOT_CHECK="ON"
- #
- # Specify SYSLOG TYPE to be local, file or remote. LOCAL will pipe to syslog, REMOTE will pipe to remote SYSLOG, and file will send to alerts.log in local artillery directory
- SYSLOG_TYPE="REMOTE"
- #
- # IF YOU SPECIFY SYSLOG TYPE TO REMOTE, SPECIFY A REMOTE SYSLOG SERVER TO SEND ALERTS TO
- SYSLOG_REMOTE_HOST="192.168.3.1"
- #
- # IF YOU SPECIFY SYSLOG TYPE OF REMOTE, SEPCIFY A REMOTE SYSLOG PORT TO SEND ALERTS TO
- SYSLOG_REMOTE_PORT="514"
- #
- # TURN ON CONSOLE LOGGING
- CONSOLE_LOGGING="OFF"
- #
- # RECYCLE LOGS AFTER A CERTAIN AMOUNT OF TIME - THIS WILL WIPE ALL IP ADDRESSES AND START FROM SCRATCH AFTER A CERTAIN INTERVAL
- RECYCLE_IPS="OFF"
- #
- # RECYCLE INTERVAL AFTER A CERTAIN AMOUNT OF MINUTES IT WILL OVERWRITE THE LOG WITH A BLANK ONE AND ELIMINATE THE IPS - DEFAULT IS 7 DAYS
- ARTILLERY_REFRESH="604800"
- #
- # PULL ADDITIONAL SOURCE FEEDS FOR BANNED IP LISTS FROM MULTIPLE OTHER SOURCES OTHER THAN ARTILLERY
- SOURCE_FEEDS="ON"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement