beatwiz · January 25, 2017 22:19
diff --git a/dfix.conf b/dfix.conf
 #
 # DFIX Configuration File.
 #

 # Dovecot Process limits
 #
 # When the number of Dovecot processes exceeds the MAX value, dfix will stop dovecot until the number of processes
 # drops beliw the MIN value.
 MIN=10
 MAX=50

 # DFix looks at a subset of the last X records in each of the log files that it uses. The following
 # settings define how many lines to look at for each logfile.

 # MAILRECS: /var/log/maillog
 # Recommended value 5000. This should be this large to allow for a busy mail server.
 MAILRECS=5000

 # GOODRECS: /var/log/maillog
 # This is the auto whitelist from the maillog. 
 # Recommended value 20000. This value was chosen to be this big because we dont want
 # to expire whitelist entries too quickly.
 GOODRECS=20000

 # FTPRECS: /var/log/secure
 # This logfile is used to detect failed ftp logins. 
 # Recommended value 100. Increase this value if blocked ftp attacks expire too quickly.
 FTPRECS=100

 # HTTPRECS: /var/log/httpd/access_log
 # This logfile is used to detect RFI attacks via your apache server.
 # Recommended value 5000. Increase this value if you have a busy web server and web
 # blocks expire too quickly.
 HTTPRECS=5000

 # MSGRECS: /var/log/messages
 # This log file contains some information from many sources. We are looking for 
 # dns server attacks in here.
 # Recommended value 1000. Increase this value if you have recurrant DNS attacks that
 # are not being blocked for long enough.
 MSGRECS=1000

 #
 # Thresholds for the above are listed below
 #

 # BADHITS - We count the number of hits in the log entries that are filtered above. If the
 # threshold is breached, we will block traffic for the bad IP. Of course, we will ignore
 # any whitelisted entries.
 BADHITS=4

 #################################### experimental values ##################################

 #The values below were added as a result of a feature request. The standard values when
 #you installed dfix will disable this feature.
 #
 #Only change these values if you know what you are doing!

 # ERECS: /var/log/httpd/error_log
 # This log file is used to detect attacks against your web server. In particular, it
 # shows file not found messages. Note that there is a seperate threshold for this logfile.
 ERECS=1

 # ERRORHITS - This is a new threshold for stuff that is not necessarily bad. In particular
 # we are looking at file not found entries in the apache error_log. If you are getting
 # false positives, increase the threshold.
 ERRORHITS=2

 ###########################################################################################

 #
 # DEBUG SETTINGS
 #

 # There are 4 debug levels.
 # 0 = silent
 # 1 = brief
 # 2 = verbose
 # 3 = super verbose
 DEBUG=2
	#
	# DFIX Configuration File.
	#

	# Dovecot Process limits
	#
	# When the number of Dovecot processes exceeds the MAX value, dfix will stop dovecot until the number of processes
	# drops beliw the MIN value.
	MIN=10
	MAX=50

	# DFix looks at a subset of the last X records in each of the log files that it uses. The following
	# settings define how many lines to look at for each logfile.

	# MAILRECS: /var/log/maillog
	# Recommended value 5000. This should be this large to allow for a busy mail server.
	MAILRECS=5000

	# GOODRECS: /var/log/maillog
	# This is the auto whitelist from the maillog.
	# Recommended value 20000. This value was chosen to be this big because we dont want
	# to expire whitelist entries too quickly.
	GOODRECS=20000

	# FTPRECS: /var/log/secure
	# This logfile is used to detect failed ftp logins.
	# Recommended value 100. Increase this value if blocked ftp attacks expire too quickly.
	FTPRECS=100

	# HTTPRECS: /var/log/httpd/access_log
	# This logfile is used to detect RFI attacks via your apache server.
	# Recommended value 5000. Increase this value if you have a busy web server and web
	# blocks expire too quickly.
	HTTPRECS=5000

	# MSGRECS: /var/log/messages
	# This log file contains some information from many sources. We are looking for
	# dns server attacks in here.
	# Recommended value 1000. Increase this value if you have recurrant DNS attacks that
	# are not being blocked for long enough.
	MSGRECS=1000

	#
	# Thresholds for the above are listed below
	#

	# BADHITS - We count the number of hits in the log entries that are filtered above. If the
	# threshold is breached, we will block traffic for the bad IP. Of course, we will ignore
	# any whitelisted entries.
	BADHITS=4

	#################################### experimental values ##################################

	#The values below were added as a result of a feature request. The standard values when
	#you installed dfix will disable this feature.
	#
	#Only change these values if you know what you are doing!

	# ERECS: /var/log/httpd/error_log
	# This log file is used to detect attacks against your web server. In particular, it
	# shows file not found messages. Note that there is a seperate threshold for this logfile.
	ERECS=1

	# ERRORHITS - This is a new threshold for stuff that is not necessarily bad. In particular
	# we are looking at file not found entries in the apache error_log. If you are getting
	# false positives, increase the threshold.
	ERRORHITS=2

	###########################################################################################

	#
	# DEBUG SETTINGS
	#

	# There are 4 debug levels.
	# 0 = silent
	# 1 = brief
	# 2 = verbose
	# 3 = super verbose
	DEBUG=2