Commit 7536c8e4 authored by Till Brehm's avatar Till Brehm

Updated security README.txt

parent f9529b33
......@@ -69,6 +69,45 @@ Setting: remote_api_allowed
Options: yes/no
Description: Disables the remote API
Setting: ids_enabled
Options: yes/no
Description: Enables the Intrusion Detection System
Setting: ids_log_level
Options: 1 (number, default = 1)
Description: IDS score that triggers the log in /usr/local/ispconfig/interface/temp/ids.log
This log can be used to feed the whitelist.
Example:
cat /usr/local/ispconfig/interface/temp/ids.log >> /usr/local/ispconfig/security/ids.whitelist
rm -f /usr/local/ispconfig/interface/temp/ids.log
If you want to use a custom whitelist, then store it as /usr/local/ispconfig/security/ids.whitelist.custom
Setting: ids_warn_level
Options: 5 (number, default = 5)
Description: When the IDS score exceeds this level, a error message is logged into the system log. No message is displayed to the user.
Setting: ids_block_level
Options: 100 (number, default = 100)
Description: When the IDS score exceeds this level, a error message is shown to the user and further processing is blocked. A score of 100 will most likely never be reached.
We have choosen such a high score as default until we have more complete whitelists for this new feature.
Setting: sql_scan_enabled
Options: yes/no
Description: Enables the scan for SQL injections in the DB library.
Setting: sql_scan_action
Options: warn/block
Description: warn = write errot message to log only. Block = block user action and show error to the user.
Setting: apache_directives_scan_enabled
Options: yes/no
Description: Scan apache directives field for potentially malicious directives. This function uses the regex
list from /usr/local/ispconfig/security/apache_directives.blacklist file.
If you want to use a custom blacklist, then store it as /usr/local/ispconfig/security/apache_directives.blacklist.custom
Setting: security_admin_email
Options: email address
Description: Email address of the security admin
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment