From 7536c8e4a052bc889e434da3f6df8ae47faedd3d Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Mon, 25 Aug 2014 17:10:10 +0200
Subject: [PATCH] Updated security README.txt

---
 security/README.txt | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/security/README.txt b/security/README.txt
index c73231237..b68f64780 100644
--- a/security/README.txt
+++ b/security/README.txt
@@ -69,6 +69,45 @@ Setting:     remote_api_allowed
 Options:     yes/no
 Description: Disables the remote API
 
+Setting:     ids_enabled
+Options:     yes/no
+Description: Enables the Intrusion Detection System
+
+Setting:     ids_log_level
+Options:     1 (number, default = 1)
+Description: IDS score that triggers the log in /usr/local/ispconfig/interface/temp/ids.log
+             This log can be used to feed the whitelist. 
+			 
+			 Example:
+			 
+			 cat /usr/local/ispconfig/interface/temp/ids.log >> /usr/local/ispconfig/security/ids.whitelist
+			 rm -f /usr/local/ispconfig/interface/temp/ids.log
+			 
+			 If you want to use a custom whitelist, then store it as /usr/local/ispconfig/security/ids.whitelist.custom
+
+Setting:     ids_warn_level
+Options:     5 (number, default = 5)
+Description: When the IDS score exceeds this level, a error message is logged into the system log. No message is displayed to the user.
+
+Setting:     ids_block_level
+Options:     100 (number, default = 100)
+Description: When the IDS score exceeds this level, a error message is shown to the user and further processing is blocked. A score of 100 will most likely never be reached. 
+             We have choosen such a high score as default until we have more complete whitelists for this new feature.
+
+Setting:     sql_scan_enabled
+Options:     yes/no
+Description: Enables the scan for SQL injections in the DB library.
+
+Setting:     sql_scan_action
+Options:     warn/block
+Description: warn = write errot message to log only. Block = block user action and show error to the user.
+
+Setting:     apache_directives_scan_enabled
+Options:     yes/no
+Description: Scan apache directives field for potentially malicious directives. This function uses the regex
+             list from /usr/local/ispconfig/security/apache_directives.blacklist file.
+			 If you want to use a custom blacklist, then store it as /usr/local/ispconfig/security/apache_directives.blacklist.custom
+
 Setting:     security_admin_email
 Options:     email address
 Description: Email address of the security admin
-- 
GitLab