###############################################################################
# IF MODIFICATIONS ARE MADE TO THIS FILE DIRECTLY, THE FOLLOWING MUST BE RUN
# TO COMMIT THE CHANGES:
#
# For ful ASL installations:
#   /var/asl/bin/asl -s -f
#
# For rules only installations:
#   /var/asl/bin/aum -uf
#
###############################################################################

# Authentication information
USERNAME="USERNAME"
PASSWORD="PASSWORD"
UPDATEPATH="www.atomicorp.com/channels/asl-3.0/rules/"
ASLHOME="/var/asl"
UPDATE_SERVER="updates.atomicorp.com"
UPDATE_PATH="/channels/asl-4.0"
HTTP_PROXY=""
HTTP_PROXY_PORT=""
HTTP_PROXY_USERNAME=""
HTTP_PROXY_PASSWORD=""


# ASL Web Settings
ASLW_AUTO_LOGOUT="60"
ALERTS_USE_DB="yes"
ASL_DB_RETENTION="3 days"
ASL_DB_ARCHIVE="yes"

# ASL Data Paths
PATH_EVENT_LOG="/var/ossec/logs/alerts/alerts.log"
PATH_DISABLED_SIG="/etc/asl/disabled_signatures"
PATH_SEC_MODULE="/var/asl/data/security-modules"
PATH_SIG_UPDATE="/var/asl/data/updates-data"
PATH_VULNERABILITY="/var/asl/data/vulnerability-data"
PATH_VULNERABILITY_REPORT="/var/asl/data/vulnerability-report.html"
PATH_VULNERABILITY_TEMPLATES="/var/asl/data/templates"
PATH_RSS="http://www.atomicorp.com/news.feed"
IP_WHITELIST="/etc/asl/whitelist"
PATH_BLACKLIST="/etc/asl/blacklist"
PATH_GEOBLACKLIST="/etc/asl/geo-blacklist"
PATH_TLD="/etc/asl/tld_country.txt"
PATH_SYSCHECK="/var/ossec/queue/syscheck/syscheck"
PATH_WEBAPP_DB="/var/asl/data/webapp.db"

# ASL general configuration.
NOTIFY="yes"
EMAIL="root@localhost"
HOSTNAME="localhost"
ADMIN_USERS=""
SYSTEM_TYPE="webserver"
AUTOMATIC_UPDATES="daily"
UPDATE_TYPE="all"
RESTART_APACHE="graceful"
ASL_USER="tortix"
FEED_TYPE="real-time"
FEED_SOURCE=""
COMPLIANCE="off"
KERNEL_CHANNEL="disabled"
ALLOW_NFS="yes"
DOWNLOADER="curl"
REPUTATION_REPORT="yes"
REPUTATION_FREQUENCY="hourly"

# ASL firewall
FW_ENABLE="yes"
FW_ENABLE_IPSET="yes"
FW_ENABLE_IPV6="yes"
FW_IPS="no"
FW_IPS_LOG="yes"
FW_INBOUND_TCP_SERVICES="no"
FW_INBOUND_UDP_SERVICES="no"
FW_OUTPUT_MTA="no"
FW_OUTPUT_DNS="no"
FW_OUTPUT_NTP="no"
FW_OUTPUT_RDATE="no"
FW_OUTPUT_TCP_SERVICES="no"
FW_OUTPUT_UDP_SERVICES="no"
FW_WHITELIST="yes"
FW_WHITELIST_LOG="no"
FW_DYN_WHITELIST="no"
FW_DYN_WHITELIST_LOG="no"
FW_MSS_DROP="no"
FW_MSS_DROP_LOG="yes"
FW_RATE_LIMIT="no"
FW_RATE_LIMIT_LOG="yes"
FW_LASSO="no"
FW_LASSO_LOG="yes"
FW_ELASSO="no"
FW_ELASSO_LOG="yes"
FW_CIARMY="no"
FW_CIARMY_LOG="yes"
FW_EMERGING_THREATS="no"
FW_EMERGING_THREATS_LOG="yes"
FW_OPENBL="no"
FW_OPENBL_LOG="yes"
FW_AUTOSHUN="no"
FW_AUTOSHUN_LOG="yes"
FW_OPENPROXIES="no"
FW_OPENPROXIES_LOG="yes"
FW_DSHIELD="no"
FW_DSHIELD_LOG="yes"
FW_TOR="no"
FW_TOR_LOG="yes"
FW_LOG_AR_DROP="yes"
FW_PORTSCAN="no"
FW_LOWLEVEL_PORTSCAN="no"
FW_DROP_SYNSCAN="no"
FW_DROP_STEALTH_SCAN="no"
FW_DROP_CONNECT_SCAN="no"
FW_DROP_GRAB_SCAN="no"
FW_ADVANCED_PORTSCAN="no"
PSD_W_THRSH="21"
PSD_DELAY="300"
PSD_LO="3"
PSD_HI="1"
FW_BAD_PACKETS="no"
FW_SMALL_PACKETS="no"
FW_FRAGMENTS="no"
FW_DROP_INVALID="yes"
FW_DROP_INVALID_LOG="no"
FW_LOG_BLACKLIST_DROP="yes"
FW_LOG_GEOBLOCK_DROP="yes"
FW_IGNORE_BROADCASTS="no"
FW_ACCEPT_REDIRECTS="no"
FW_ACCEPT_SOURCE_ROUTE="no"
FW_ICMP_IGNORE_ALL="no"
FW_ICMP_IGNORE_BROADCASTS="no"
FW_IGNORE_ICMP_BOGUS="no"
FW_IPV4_FORWARD="no"
FW_IPV6_FORWARD="no"
FW_PROXY_ARP="no"
FW_RP_FILTER="no"
FW_SYN_COOKIES="yes"
FW_TCP_ECN="no"
FW_TCP_TIMESTAMPS="yes"
FW_TCP_WINDOW_SCALING="yes"
FW_PLESK_UPDATES="no"
FW_SPAMASSASSIN_UPDATES="no"
FW_PORTKNOCK="no"
FW_PORTKNOCK_SIMPLE="no"
FW_PORTKNOCK_SIMPLE_LOG_KNOCK="yes"
FW_PORTKNOCK_SIMPLE_LOG_ALLOWED="yes"
FW_PORTKNOCK_ADVANCED="no"
FW_PORTKNOCK_ADVANCED_LOG_KNOCK="yes"
FW_PORTKNOCK_ADVANCED_LOG_ALLOWED="yes"


# Kernel configuration.
ALLOW_kmod_loading="no"
MAX_USER_WATCHES="16384"
GRKERNSEC_DETER_BRUTEFORCE="no"
GRKERNSEC_CONSISTENT_SETXID="yes"
ENABLE_TPE="yes"
TPE_GROUP_POLICY="untrusted"
TPE_UNTRUSTED_USERS=""
TPE_TRUSTED_USERS=""
DISABLE_PRIVILEGED_IO="yes"
AUDIT_MOUNT="no"
AUDIT_CHDIR="no"
AUDIT_PTRACE="yes"
AUDIT_TEXTREL="no"
CHROOT_CAPS="yes"
CHROOT_DENY_CHMOD="yes"
CHROOT_DENY_CHROOT="yes"
CHROOT_DENY_FCHDIR="yes"
CHROOT_DENY_MKNOD="yes"
CHROOT_DENY_MOUNT="yes"
CHROOT_DENY_PIVOT="yes"
CHROOT_DENY_SHMAT="yes"
CHROOT_DENY_SYSCTL="yes"
CHROOT_DENY_UNIX="yes"
CHROOT_ENFORCE_CHDIR="yes"
CHROOT_EXECLOG="no"
CHROOT_FINDTASK="yes"
CHROOT_RESTRICT_NICE="yes"
EXEC_LOGGING="no"
EXEC_LOG_USERS=""
DMESG="yes"
EXECVE_LIMITING="yes"
FIFO_RESTRICTIONS="yes"
FORKFAIL_LOGGING="yes"
HARDEN_PTRACE="yes"
IP_BLACKHOLE="yes"
LASTACK_RETRIES="4"
LINKING_RESTRICTIONS="yes"
RESOURCE_LOGGING="yes"
ROMOUNT_PROTECT="no"
RWXMAP_LOGGING="yes"
SIGNAL_LOGGING="yes"
SOCKET_ALL="yes"
SOCKET_USERS=""
SOCKET_CLIENT="yes"
SOCKET_CLIENT_USERS=""
SOCKET_SERVER="yes"
SOCKET_SERVER_USERS=""
TIMECHANGE_LOGGING="yes"


# Clamav configuration
CLAMAV_ENABLED="yes"
CLAMAV_ENABLE_REALTIME="no"
CLAMAV_TCPADDRESS="127.0.0.1"
CLAMAV_PREVENTONACCESS="no"
CLAMAV_SAFEBROWSING="yes"
CLAMAV_LogFile="/var/log/clamav/clamd.log"
CLAMAV_LogFileMaxSize="0"
CLAMAV_LogTime="yes"
CLAMAV_TemporaryDirectory="/var/tmp"
CLAMAV_DatabaseDirectory="/var/clamav"
CLAMAV_LocalSocket="/tmp/clamd.socket"
CLAMAV_TCPSocket="3310"
CLAMAV_MaxConnectionQueueLength="30"
CLAMAV_MaxThreads="50"
CLAMAV_ReadTimeout="300"
CLAMAV_MaxQueue="100"
CLAMAV_SelfCheck="600"
CLAMAV_DetectPUA="no"
CLAMAV_ScanPE="yes"
CLAMAV_ScanELF="yes"
CLAMAV_DetectBrokenExecutables="no"
CLAMAV_ScanOLE2="yes"
CLAMAV_ScanPDF="yes"
CLAMAV_ScanMail="yes"
CLAMAV_ScanPartialMessages="no"
CLAMAV_CDB_SIGNATURES="yes"
CLAMAV_PhishingSignatures="yes"
CLAMAV_PhishingScanURLs="yes"
CLAMAV_PhishingAlwaysBlockSSLMismatch="no"
CLAMAV_PhishingAlwaysBlockCloak="no"
CLAMAV_StructuredDataDetection="no"
CLAMAV_StructuredMinCreditCardCount="3"
CLAMAV_StructuredMinSSNCount="3"
CLAMAV_StructuredSSNFormatNormal="yes"
CLAMAV_StructuredSSNFormatStripped="no"
CLAMAV_ScanHTML="yes"
CLAMAV_ScanArchive="yes"
CLAMAV_ArchiveBlockEncrypted="no"
CLAMAV_MaxScanSize="100M"
CLAMAV_MaxFileSize="25M"
CLAMAV_MaxRecursion="16"
CLAMAV_MaxFiles="10000"

# PSMON configuration. 
PSMON_ENABLED="yes"
PSMON_NOTIFY="$NOTIFY"
PSMON_EMAIL="$EMAIL"
PSMON_FROM="psmon@$HOSTNAME"

# OSSEC configuration
OSSEC_ENABLED="yes"
OSSEC_NOTIFY="yes"
OSSEC_MODE="server"
OSSEC_USE_MYSQL="yes"
OSSEC_DATABASE_SERVER="127.0.0.1"
OSSEC_DATABASE="tortix"
OSSEC_DATABASE_USERNAME="tortix" 
OSSEC_DATABASE_PASSWORD=""
OSSEC_SERVER=""
OSSEC_EMAIL="$EMAIL"
OSSEC_SMTP_SERVER="localhost"
HIDS_HELO_SERVER="localhost"
OSSEC_FROM="asl@$HOSTNAME"
OSSEC_MAX_MSG="1"
OSSEC_ACTIVE_RESPONSE="yes"
OSSEC_SHUN_ENABLE_TIMEOUT="yes"
OSSEC_SHUN_TIME="600"
HIDS_SHUN_MULTIPLIER="3"
HIDS_SHUN_TRACKING="yes"
HIDS_EMAIL_ALERT_LEVEL="7"
HIDS_LOG_ALERT_LEVEL="1"
HIDS_CLEAN_DIFF="60"
HIDS_ARCHIVE_ALL="no"
HIDS_analysisd_default_timeframe="360"
HIDS_analysisd_stats_maxdiff="25000"
HIDS_analysisd_stats_mindiff="250"
HIDS_analysisd_stats_percent_diff="30"
HIDS_analysisd_fts_list_size="32"
HIDS_analysisd_fts_min_size_for_str="14"
HIDS_analysisd_log_fw="1"
HIDS_logcollector_loop_timeout="2"
HIDS_logcollector_open_attempts="8"
HIDS_logcollector_remote_commands="0"
HIDS_remoted_recv_counter_flush="128"
HIDS_remoted_comp_average_printout="19999"
HIDS_remoted_verify_msg_id="1"
HIDS_maild_strict_checking="1"
HIDS_maild_groupping="1"
HIDS_maild_full_subject="0"
HIDS_maild_geoip="1"
HIDS_monitord_day_wait="10"
HIDS_monitord_compress="1"
HIDS_monitord_sign="1"
HIDS_monitord_monitor_agents="1"
HIDS_syscheck_sleep="4"
HIDS_syscheck_sleep_after="10"
HIDS_dbd_reconnect_attempts="5000"
HIDS_windows_debug="0"
HIDS_syscheck_debug="0"
HIDS_remoted_debug="0"
HIDS_analysisd_debug="0"
HIDS_logcollector_debug="0"
HIDS_agent_debug="0"
HIDS_TCP_WRAPPERS="no"
HIDS_CLOUDFLARE_BAN="no"
HIDS_CLOUDFLARE_BAN_API="no"
HIDS_CLOUDFLARE_BAN_EMAIL="no"
HIDS_IPSET_DROP="no"


# mod_security configuration
MODSEC_ENABLED="yes"
WAF_ENGINE="on"
WAF_CHROOTDIR="no"
WAF_READSTATELIMIT="100"
WAF_WRITESTATELIMIT="100"
WAF_SECREQUESTBODYNOFILESLIMIT="1048576"
WAF_SECREQUESTBODYINMEMORYLIMIT="131072"
WAF_DEFAULT_ACTION="deny"
WAF_REDIRECT_URL="https://%{server_name}:30000/blocked.php?eventid=%{unique_id}&ruleid=%{rule.id}&sourceip=%{remote_addr}"
WAF_SECINTERCEPTONERROR="on"
WAF_SECRESPONSEBODYACCESS="on"
MODSEC_SERVERSIG="Apache"
MODSEC_UPLOADDIR="/var/asl/data/suspicious"
MODSEC_RULES_PATH="/etc/httpd/modsecurity.d"
MODSEC_KEEPFILES="off"
MODSEC_LOGTYPE="Concurrent"
MODSEC_LOGFILE="audit_log"
MODSEC_LOGELEMENT="ABIFHZ"
MODSEC_REQMEMLIMIT="131072"
MODSEC_DEBUGLOG="no"
MODSEC_CLEAN_ALERT="14"
MODSEC_DATADIR="/var/asl/data/msa"
MODSEC_AUDITDIR="/var/asl/data/audit"
MODSEC_TMPDIR="/tmp"
MODSEC_RESPONSEBODYLIMIT="2621440"
MODSEC_REQUESTBODYLIMIT="134217728"
MODSEC_RESPONSEBODYLIMITACTION="ProcessPartial"
MODSEC_00_WHITELIST="no"
MODSEC_00_BLACKLIST="no"
WAF_LUA_00_SEARCHENGINE="no"
MODSEC_00_SEARCHENGINE="no"
MODSEC_00_AUTOWHITELIST_SEARCHENGINE="no"
MODSEC_00_THREAT="no"
MODSEC_00_ANTIEVASION="yes"
MODSEC_00_STRICT="no"
MODSEC_00_RBL="no"
MODSEC_01_DOMAIN_BLOCKS="no"
MODSEC_03_DOS="yes"
MODSEC_01_APP_RULES="no"
MODSEC_01_RULES="no"
MODSEC_10_ANTIMALWARE="yes"
MODSEC_10_RULES="yes"
MODSEC_11_ADV_RULES="yes"
MODSEC_11_DLP="no"
MODSEC_12_ADV_XSS_RULES="no"
MODSEC_12_BRUTE="yes"
MODSEC_20_USERAGENTS="yes"
MODSEC_30_ANTISPAM="yes"
MODSEC_31_ANTISPAM_URI="no"
MODSEC_50_ROOTKITS="yes"
MODSEC_60_RECONS="yes"
MODSEC_61_RECONS_DLP="yes"
MODSEC_98_ADV_REDACTOR="no"
MODSEC_99_JITP="yes"
MODSEC_99_REDACTOR="yes"
MODSEC_99_MALWARE_OUTPUT="yes"
MODSEC_99_SCANNER="yes"
MODSEC_99_ADV_SCANNER="yes"



# General PHP configuration options.
PHP_CHECKS="no"
PHP_SAFE_MODE="no"
PHP_REGISTER_GLOBALS="no"
PHP_URL_FOPEN="no"
PHP_URL_INCLUDE="no"
PHP_MAGIC_QUOTES_GPC="on"
PHP_MAGIC_QUOTES_RUNTIME="on"
PHP_EXPOSE_PHP="no"
PHP_DISPLAY_ERRORS="no"
PHP_MAIL_XHEADER="yes"
ALLOW_dl="no"
ALLOW_escapeshellcmd="no"
ALLOW_curl_exec="no"
ALLOW_curl_multi_exec="no"
ALLOW_exec="no"
ALLOW_ftp_exec="no"
ALLOW_fsockopen="no"
ALLOW_leak="no"
ALLOW_passthru="no"
ALLOW_pcntl_exec="no"
ALLOW_pfsockopen="no"
ALLOW_phpinfo="yes"
ALLOW_popen="no"
ALLOW_posix_kill="no"
ALLOW_posix_mkfifo="no"
ALLOW_posix_setpgid="no"
ALLOW_posix_setsid="no"
ALLOW_posix_setuid="no"
ALLOW_proc_close="no"
ALLOW_proc_get_status="no"
ALLOW_proc_nice="no"
ALLOW_proc_open="no"
ALLOW_proc_terminate="no"
ALLOW_shell_exec="no"
ALLOW_show_source="no"
ALLOW_system="no"

ALLOW_ini_alter="no"
ALLOW_ini_set="no"
ALLOW_symlink="no"
ALLOW_link="no"
ALLOW_ftok="no"
ALLOW_posix_access="no"
ALLOW_openlog="no"
ALLOW_syslog="no"
ALLOW_readlink="no"
ALLOW_apache_child_terminate="no"
ALLOW_apache_setenv="no"
ALLOW_define_syslog_variables="no"
ALLOW_escapeshelarg="no"
ALLOW_highlight_file="no"
ALLOW_ini_get_all="no"
ALLOW_posix_getpwuid="no"
ALLOW_posix_uname="no"

# SSH daemon configuration.
SSH_PROTOCOL="2"
SSH_PORT="no"
SSH_STRICTMODE="yes"
SSH_IGNORE_RHOSTS="yes"
SSH_PUBKEY="yes"
SSH_ROOTLOGINS="no"
SSH_PASSWORD_AUTH="no"
SSH_PRIV_SEPARATION="yes"
SSH_GSSAPI_AUTH="no"
SSH_GSSAPI_CLEANUP="no"
SSH_BANNER="/etc/asl/banner"
SSH_USEDNS="yes"
SSH_PERMITEMPTYPASSWORDS="no"
CUSTOM_SSH_PORT="no"

# Rkhunter settings.
RKHUNTER_ENABLED="yes"
RKHUNTER_EMAIL="$EMAIL"


# mod_evasive configuration.
MODEV_ENABLED="yes"
MODEV_DOSHashTableSize="4096"
MODEV_DOSPageCount="10"
MODEV_DOSSiteCount="400"
MODEV_DOSPageInterval="4"
MODEV_DOSSiteInterval="4"
MODEV_DOSBlockingPeriod="25"

# mod_qos 
MOD_QOS_ENABLED="no"

# Web App Inventory
APPINV_CRON="daily"

# Plesk settings
PSA_DISABLE_CRONTAB="no"
PSA_PHP_DOMAIN_POLICY="no"

# Cpanel settings
CPANEL_DISABLE_POSTEASYAPACHE="no"

# Apache settings
APACHE_SSLPROTOCOL="TLS only"
APACHE_SSLCIPHERSUITE="strong"

# Courier IMAP
COURIER_TLSPROTOCOL="TLS1"


# Mysql settings
MYSQL_CHECKS="yes"
MYSQL_DISABLE_LOAD_DATA="yes"
MYSQL_ENABLE_LOG_ERRORS="yes"
MYSQL_ENABLE_LOG_WARNINGS="yes"
MYSQL_DISABLE_SYMBOLIC_LINKS="yes"
MYSQL_QUERY_CACHE="32m"
MYSQL_WAIT_TIMEOUT="28800"

# CGroups settings
CGROUPS_ENABLE="no"

# Master configuration flag. Do not modify
CONFIGURED="no"
