forked from ph0sph8/LinuxConfigs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auto_dl
24 lines (23 loc) · 1.16 KB
/
auto_dl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#Location /etc/psad/auto_dl
#############################################################################
#
# This file is used by psad to elevate/decrease the danger levels of IP
# addresses (or networks in CIDR notation) so that psad does not have to
# apply the normal signature logic. This is useful if certain IP addresses
# or networks are known trouble makers and should automatically be assigned
# higher danger levels than would normally be assigned. Also, psad can be
# made to ignore certain IP addresses or networks if a danger level of "0" is
# specified. Optionally, danger levels for IPs/networks can be influenced
# based on protocol (tcp, udp, icmp).
#
#############################################################################
#
# <IP address> <danger level> <optional protocol>/<optional ports>;
#
# Examples:
#
# 10.111.21.23 5; # Very bad IP.
# 127.0.0.1 0; # Ignore this IP.
# 10.10.1.0/24 0; # Ignore traffic from this entire class C.
# 192.168.10.4 3 tcp; # Assign danger level 3 if protocol is tcp.
# 10.10.1.0/24 3 tcp/1-1024; # Danger level 3 for tcp port range