surfnetids-tn.conf

####################################
# Tunnel Server configuration file #
####################################

####################
# SURFids Options  #
####################
# The installation directory (no trailing forward slash).
$c_surfidsdir = "/opt/surfnetids";

####################
# Network options  #
####################
# This is the local gateway for the tunnel server
# If left blank, the scripts will try to find it themselves
$c_local_gateway = "";

#######################
# Database connection #
#######################
# User info for the logging user in the postgresql database
$c_pgsql_pass = "enter_password_here";
$c_pgsql_user = "idslog";

# Postgresql database info
$c_pgsql_host = "localhost";
$c_pgsql_dbname = "idsserver";

# The port number where the postgresql database is running on.
$c_pgsql_port = "5432";

# Connection string used by the perl scripts.
$c_dsn = "DBI:Pg:dbname=$c_pgsql_dbname;host=$c_pgsql_host;port=$c_pgsql_port";

##################
# Key generation #
##################

# The directory with the scripts to generate the keys.
$c_genkeysdir = "$c_surfidsdir/genkeys";
# The directory where the generated keys are stored.
$c_keysdir = "$c_surfidsdir/clientkeys";

# These 2 options are SURFnet specific options.
# Enable/disable soapconnection for certificate generation. 1=ON, 0=OFF
$c_certsoapconn = "0";
# The URL of the SOAP interface.
$c_soapurl = "enter_soap_url_here";
$c_soapuser = "enter_soap_user_here";
$c_soappass = "enter_soap_password_here";

###########     
# Logging #
###########     
# Method of logging
# 0 - Don't log anything
# 1 - Log to filesystem
# 2 - Log to the database
# 3 - Both option 1 and 2
$c_log_method = 3;

# Level of logging
# LOG_DEBUG => 0 
# LOG_INFO => 1 
# LOG_WARN => 2 
# LOG_ERROR => 3 
# LOG_CRITICAL => 4 
# Defines a number and logs all events with that number and higher
# Advised is to keep this level on LOG_INFO (1)
$c_log_level = 0;

# Log successful database queries yes/no (1/0)
# Turning this option ON can result into excessive logging
$c_log_success_query = 0;

# Log information about the sensors interactions with APT
$c_log_apt = 1;

# Location of the main logfile
$c_logfile_main = "/var/log/surfids/main.log";

# Location of the sensor-updates logfile
$c_logfile_apt = "/var/log/surfids/apt.log";

################
# Perl scripts #
################
# Number of seconds the sql.pl script should wait for the tap device to get an IP address with DHCP.
# After this time expires, the script fails.
$c_sql_dhcp_retries = 60;

###############
# RRD scripts #
###############
# Directory where the temporary rrd pictures are stored
$c_imgdir = "/tmp";

# RRD library directory.
$c_rrddir = "/var/lib/rrd";

#####################
# Virus scan script #
#####################
# Nepenthes downloaded binaries directory.
# Example: /home/nepenthes/var/binaries
$c_bindir = "$c_surfidsdir/binaries/";

# This variable controls the way the scanbinaries script will scan the downloaded malware
# 0 - Scan all malware when run
# 1 - Scan only new malware
# 2 - Scan only new malware and undetected/suspicious malware
# 3 - Scan only new malware, undetected/suspicious malware and all malware per $c_scan_period
$c_scan_method = 0;

# Scan a file if it hasn't been scanned for $c_scan_period method.
# Only used when scan_method = 3
# Example: 10800 = 1 week
# Example: 21600 = 2 weeks
$c_scan_period = 10800;

# Limit for the period scans
# This is the amount of files that will be scanned based on the c_scan_period
# 0 = No maximum limit
# 100 = Max 100 files will be scanned based on the c_scan_period
# This is to balance the load on the system if more than c_scan_period_limit files
# are to be scanned.
$c_scan_period_limit = 100;

# Scan for UPX packers and store the result
$c_scan_upx = 0;

# The amount of files that will be scanned in a single batch
# for the scanners with batch mode = 1
# Batch mode is required for scanners that don't accept
# a large amount of files as arguments to the scanner (example: AVAST)
$c_scan_batch_max = 50;

######################
# TCP fingerprinting #
######################
# Enable p0f fingerprinting. 0 = OFF, 1 = ON
# Requires p0f to be installed.
$c_enable_pof = 0;

######################
# Ethernet Detection #
######################
# Enable the ethernet detection script. 0 = OFF, 1 = ON
$c_ethernet_module = 0;

# Configure which arping package is being used
# Options:
#       arping
#       iputils-arping
$c_arping_package = "iputils-arping";

############ ARP #############
# The time in seconds that the script will ignore ARP alerts if it is a known alert
$c_arp_alert_expiry = 180;

# The refresh time in seconds of the static ARP list from the ARP module
$c_arp_static_refresh = 300;

# The refresh time in seconds of the ARP cache from the ARP module
$c_arp_cache_refresh = 300;

############ DHCP ############
# The refresh time of the static dhcp list
$c_dhcp_static_refresh = 300;

########### PROTOS ###########
# The refresh time in seconds of the sniff protos list
$c_sniff_protos_refresh = 300;

############ IPv6 ############
# The refresh time in seconds of the static IPv6  list
$c_ipv6_static_refresh = 300;

# The time in seconds that the script will ignore ipv6 alerts if it is a known alert
$c_ipv6_alert_expiry = 180;

############ Misc ############
# The refresh time in seconds of the sniff toggles (ie, which modules are enabled/disabled)
$c_sniff_toggle_refresh = 300;

# The refresh time in seconds of the email reports
$c_mail_refresh = 300;

################
# Mail logging #
################

# Maillog From: address. This is the email adres that appears in the From header.
$c_from_address = 'enter_email_address_here';

# Maillog GNUPG passphrase.
$c_passphrase = "enter_GNU_passphrase_here";

# GNUPG home dir (the dir which contains the gpg keyring/database)
$c_gpg_homedir = "/root/.gnupg/";

# Prefix for the subject of email reports
$c_subject_prefix = "[SURFids] ";