/etc/prelude-correlator/prelude-correlator.conf is in prelude-correlator 1.0.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 | # This is a template configuration file for prelude-correlator
#
# [BruteForcePlugin]
# disable = false
#
# Disable BusinessHour correlation by default since it is very verbose
[BusinessHourPlugin]
disable = true
#
# [OpenSSHAuthPlugin]
# disable = false
#
# [EventScanPlugin]
# disable = false
#
# [EventStormPlugin]
# disable = false
#
# [EventSweepPlugin]
# disable = false
#
# [WormPlugin]
# disable = false
# repeat-target = 5
#
# [DshieldPlugin]
# disable = false
#
# How often the Dshield database should be reloaded (download + reload)
# (default: once a week). 0 to disable reloading.
# reload = 604800
#
# The server address where the Dshield database is loaded from:
# server = www.dshield.org
#
# URI used to retrive the dshield database:
# uri = /ipsascii.html?limit=10000
#
# Define the maximum allowed time for downloading the database
# (only work with Python >= 2.6, default is 10 seconds)
# timeout = 10
# This plugin will report CorrelationAlert for events / sets of events
# that appear to have passed through a firewall known to protect the
# target machine.
#
# If no firewall ever emit block concerning a given host, then this host
# is considered un-protected, and there is no point in reporting
# CorrelationAlert.
#
# The 'flush-protected-hosts' variable allow you to define how much
# time a given target hosts should be considered as protected when a
# firewall drop is noticed for this machine.
#
# The plugin is disabled by default since it tend to be very verbose
[FirewallPlugin]
disable = True
flush-protected-hosts = 3600
##
# Logging configuration might also be defined in this file:
# http://docs.python.org/library/logging.html
|