dovecot
This commit is contained in:
root
165
config.ini
165
config.ini
@@ -1,42 +1,191 @@
|
||||
# ============================================
|
||||
# LogMon Configuration File
|
||||
# ============================================
|
||||
|
||||
[general]
|
||||
# Tryb debug - wyświetla szczegółowe informacje
|
||||
debug = false
|
||||
|
||||
# Ścieżka do pliku z logami LogMon
|
||||
log_file = /var/log/logmon.log
|
||||
|
||||
# Plik PID demona
|
||||
pid_file = /var/run/logmon.pid
|
||||
|
||||
# Backend firewall: csf, nftables, iptables, ufw
|
||||
backend = csf
|
||||
|
||||
|
||||
# ============================================
|
||||
# Konfiguracja backendów firewall
|
||||
# ============================================
|
||||
|
||||
[backend_csf]
|
||||
# Ścieżka do wykonywania CSF
|
||||
csf_path = /usr/sbin/csf
|
||||
# Dodatkowe opcje CSF
|
||||
|
||||
[backend_nftables]
|
||||
table_name = filter
|
||||
# Nazwa tabeli i chain dla nftables
|
||||
table_name = inet
|
||||
chain_name = logmon_block
|
||||
|
||||
[backend_iptables]
|
||||
# Nazwa chain dla iptables
|
||||
chain_name = LOGMON_BLOCK
|
||||
|
||||
[backend_ufw]
|
||||
# UFW nie wymaga dodatkowych parametrów
|
||||
|
||||
|
||||
# ============================================
|
||||
# Moduł Postfix - SMTP Server
|
||||
# ============================================
|
||||
|
||||
[module_postfix]
|
||||
# Włącz/wyłącz moduł
|
||||
enabled = true
|
||||
|
||||
# Ścieżka do logu Postfix
|
||||
log_file = /var/log/mail.log
|
||||
# Alternatywnie dla systemd:
|
||||
|
||||
# Alternatywnie dla systemd journald:
|
||||
# use_journald = true
|
||||
# journald_unit = postfix.service
|
||||
|
||||
# Parametry detekcji
|
||||
# Maksymalna liczba niepowodzeń przed banem
|
||||
max_failures = 5
|
||||
|
||||
# Okno czasowe w sekundach (domyślnie 60s = 1 minuta)
|
||||
time_window = 60
|
||||
|
||||
# Czas bana w sekundach (domyślnie 86400s = 24 godziny)
|
||||
ban_duration = 86400
|
||||
|
||||
# Wzorce do wykrywania
|
||||
patterns = auth_failed,sasl_failed
|
||||
# Lista wzorców do wykrywania (oddzielone przecinkami)
|
||||
patterns = postfix_auth_failed,postfix_sasl_failed
|
||||
|
||||
[pattern_auth_failed]
|
||||
|
||||
# ============================================
|
||||
# Moduł Dovecot - IMAP/POP3 Server
|
||||
# ============================================
|
||||
|
||||
[module_dovecot]
|
||||
# Włącz/wyłącz moduł
|
||||
enabled = true
|
||||
|
||||
# Ścieżka do logu Dovecot
|
||||
log_file = /var/log/dovecot-info.log
|
||||
|
||||
# Maksymalna liczba niepowodzeń przed banem
|
||||
max_failures = 5
|
||||
|
||||
# Okno czasowe w sekundach (domyślnie 120s = 2 minuty)
|
||||
time_window = 120
|
||||
|
||||
# Czas bana w sekundach (domyślnie 86400s = 24 godziny)
|
||||
ban_duration = 86400
|
||||
|
||||
# Ignoruj błędy SSL/TLS (często są to skanery, nie ataki brute-force)
|
||||
ignore_ssl_errors = true
|
||||
|
||||
# Ignoruj połączenia z localhost (127.0.0.1)
|
||||
ignore_localhost = true
|
||||
|
||||
# Lista wzorców do wykrywania
|
||||
patterns = dovecot_auth_failed,dovecot_auth_failed_multi
|
||||
|
||||
|
||||
# ============================================
|
||||
# Wzorce dla Postfix
|
||||
# ============================================
|
||||
|
||||
[pattern_postfix_auth_failed]
|
||||
# Wykrywa: "authentication failed"
|
||||
regex = authentication failed
|
||||
score = 1
|
||||
|
||||
[pattern_sasl_failed]
|
||||
[pattern_postfix_sasl_failed]
|
||||
# Wykrywa: "SASL LOGIN authentication failed" i podobne
|
||||
regex = SASL [A-Z\-\d]+ authentication failed
|
||||
score = 2
|
||||
|
||||
|
||||
# ============================================
|
||||
# Wzorce dla Dovecot
|
||||
# ============================================
|
||||
|
||||
[pattern_dovecot_auth_failed]
|
||||
# Wykrywa: "auth failed, 1 attempts"
|
||||
regex = auth failed, 1 attempts
|
||||
score = 2
|
||||
|
||||
[pattern_dovecot_auth_failed_multi]
|
||||
# Wykrywa: "auth failed, 2 attempts" lub więcej (2-9+)
|
||||
regex = auth failed, [2-9]+ attempts
|
||||
score = 5
|
||||
|
||||
|
||||
# ============================================
|
||||
# Dodatkowe moduły (przygotowane do rozbudowy)
|
||||
# ============================================
|
||||
|
||||
# [module_ssh]
|
||||
# enabled = false
|
||||
# log_file = /var/log/auth.log
|
||||
# max_failures = 5
|
||||
# time_window = 300
|
||||
# ban_duration = 3600
|
||||
# patterns = ssh_failed_password,ssh_invalid_user
|
||||
|
||||
# [pattern_ssh_failed_password]
|
||||
# regex = Failed password for .+ from
|
||||
# score = 2
|
||||
|
||||
# [pattern_ssh_invalid_user]
|
||||
# regex = Invalid user .+ from
|
||||
# score = 3
|
||||
|
||||
|
||||
# [module_nginx]
|
||||
# enabled = false
|
||||
# log_file = /var/log/nginx/error.log
|
||||
# max_failures = 10
|
||||
# time_window = 60
|
||||
# ban_duration = 3600
|
||||
# patterns = nginx_404_flood,nginx_403_scan
|
||||
|
||||
# [pattern_nginx_404_flood]
|
||||
# regex = \[error\].*GET .* HTTP/
|
||||
# score = 1
|
||||
|
||||
# [pattern_nginx_403_scan]
|
||||
# regex = 403.*GET
|
||||
# score = 2
|
||||
|
||||
|
||||
# ============================================
|
||||
# Whitelist IP (przygotowane do implementacji)
|
||||
# ============================================
|
||||
|
||||
# [whitelist]
|
||||
# # Lista IP które nigdy nie będą banowane (oddzielone przecinkami)
|
||||
# ips = 127.0.0.1,192.168.1.0/24,10.0.0.0/8
|
||||
#
|
||||
# # Lub z pliku:
|
||||
# # file = /etc/logmon/whitelist.txt
|
||||
|
||||
|
||||
# ============================================
|
||||
# Zaawansowane opcje
|
||||
# ============================================
|
||||
|
||||
# [advanced]
|
||||
# # Maksymalna liczba jednocześnie śledzonych IP
|
||||
# max_tracked_ips = 10000
|
||||
#
|
||||
# # Jak często sprawdzać wygasłe bany (w sekundach)
|
||||
# check_expired_interval = 10
|
||||
#
|
||||
# # Persystencja - zapisz stan banów do pliku
|
||||
# persist_state = true
|
||||
# persist_file = /var/lib/logmon/state.json
|
||||
|
||||
Reference in New Issue
Block a user