# Authentication information
USERNAME="USERNAME"
PASSWORD="PASSWORD"
UPDATEPATH="www.atomicorp.com/channels/asl-2.0/rules/"
ASLHOME="/var/asl"

# ASL Web Settings
ALERTS_USE_DB="yes"
ASL_DB_RETENTION="7 days"

# ASL Data Paths
PATH_EVENT_LOG="/var/ossec/logs/alerts/alerts.log"
PATH_DISABLED_SIG="/etc/asl/disabled_signatures"
PATH_SEC_MODULE="/var/asl/data/security-modules"
PATH_SIG_UPDATE="/var/asl/data/updates-data"
PATH_VULNERABILITY="/var/asl/data/vulnerability-data"
PATH_VULNERABILITY_REPORT="/var/asl/data/vulnerability-report"
PATH_VULNERABILITY_TEMPLATES="/var/asl/data/templates"
PATH_VULNERABILITY_XML="/usr/local/psa/admin/htdocs/asl/lib/reports/data.xml"
PATH_RSS="http://www.atomicorp.com/Changelog.rss"
IP_WHITELIST="/etc/asl/whitelist"
PATH_BLACKLIST="/etc/asl/blacklist"
PATH_GEOBLACKLIST="/etc/asl/geo-blacklist"
PATH_TLD="/etc/asl/tld_country.txt"
PATH_SYSCHECK="/var/ossec/queue/syscheck/syscheck"
PATH_WEBAPP_DB="/var/asl/data/webapp.db"

# ASL general configuration.
NOTIFY="yes"
EMAIL="root@localhost"
HOSTNAME="localhost"
ADMIN_USERS=""
SYSTEM_TYPE="webserver"
AUTOMATIC_UPDATES="daily"
RESTART_APACHE="yes"
APACHE_RESTART_COMMAND="/etc/init.d/httpd restart"
ASL_USER="tortix"

# Kernel configuration.
ALLOW_kmod_loading="no"

# Clamav configuration
CLAMAV_ENABLED="yes"
CLAMAV_ENABLE_DAZUKO="no"
CLAMAV_TCPADDRESS="127.0.0.1"
CLAMAV_SCANONACCESS="no"
CLAMAV_SCANONOPEN="no"
CLAMAV_SCANONCLOSE="no"
CLAMAV_SCANONEXEC="no"
CLAMAV_CLAMUKO_MAXFILESIZE="10m"


# PSMON configuration.
PSMON_ENABLED="yes"
PSMON_NOTIFY="$NOTIFY"
PSMON_EMAIL="$EMAIL"
PSMON_FROM="psmon@$HOSTNAME"

# OSSEC configuration
OSSEC_ENABLED="yes"
OSSEC_NOTIFY="yes"
OSSEC_MODE="server"
OSSEC_USE_MYSQL="yes"
OSSEC_DATABASE_SERVER="127.0.0.1"
OSSEC_DATABASE="tortix"
OSSEC_DATABASE_USERNAME="tortix"
OSSEC_DATABASE_PASSWORD=""
OSSEC_SERVER=" "
OSSEC_EMAIL="$EMAIL"
OSSEC_SMTP_SERVER="localhost"
OSSEC_FROM="ossec@$HOSTNAME"
OSSEC_MAX_MSG="1"
OSSEC_ACTIVE_RESPONSE="no"
OSSEC_SHUN_ENABLE_TIMEOUT="yes"
OSSEC_SHUN_TIME="600"

# mod_security configuration
MODSEC_ENABLED="yes"
MODSEC_SERVERSIG="Apache"
MODSEC_UPLOADDIR="/var/asl/data/suspicious"
MODSEC_RULES_PATH="/etc/httpd/modsecurity.d"
MODSEC_KEEPFILES="on"
MODSEC_LOGTYPE="Concurrent"
MODSEC_LOGFILE="audit_log"
MODSEC_LOGELEMENT="ABIFHZ"
MODSEC_REQMEMLIMIT="131072"
MODSEC_DEBUGLOG="no"
MODSEC_CLEAN_ALERT="30"
MODSEC_DATADIR="/var/asl/data/msa"
MODSEC_AUDITDIR="/var/asl/data/audit"
MODSEC_TMPDIR="/tmp"
MODSEC_RESPONSEBODYLIMIT="2621440"
MODSEC_REQUESTBODYLIMIT="134217728"
MODSEC_RESPONSEBODYLIMITACTION="ProcessPartial"
MODSEC_00_WHITELIST="no"
MODSEC_00_RBL="no"
MODSEC_05_SCANNER="yes"
MODSEC_10_ANTIMALWARE="yes"
MODSEC_10_RULES="yes"
MODSEC_20_USERAGENTS="yes"
MODSEC_30_ANTISPAM="yes"
MODSEC_50_ROOTKITS="yes"
MODSEC_60_RECONS="yes"
MODSEC_99_JITP="yes"
MODSEC_99_REDACTOR="no"


# General PHP configuration options.
PHP_CHECKS="no"
PHP_SAFE_MODE="yes"
PHP_REGISTER_GLOBALS="no"
PHP_URL_FOPEN="no"
PHP_URL_INCLUDE="no"
PHP_MAGIC_QUOTES_GPC="on"
PHP_MAGIC_QUOTES_RUNTIME="on"
ALLOW_dl="no"
ALLOW_escapeshellcmd="no"
ALLOW_exec="no"
ALLOW_leak="no"
ALLOW_passthru="no"
ALLOW_pcntl_exec="no"
ALLOW_pfsockopen="no"
ALLOW_phpinfo="yes"
ALLOW_popen="no"
ALLOW_posix_kill="no"
ALLOW_posix_mkfifo="no"
ALLOW_posix_setpgid="no"
ALLOW_posix_setsid="no"
ALLOW_posix_setuid="no"
ALLOW_proc_close="no"
ALLOW_proc_get_status="no"
ALLOW_proc_nice="no"
ALLOW_proc_open="no"
ALLOW_proc_terminate="no"
ALLOW_shell_exec="no"
ALLOW_show_source="no"
ALLOW_system="no"

# Denyhosts settings.
DENYHOSTS_ENABLED="yes"
DENYHOSTS_NOTIFY="no"
DENYHOSTS_EMAIL="$EMAIL"
DENYHOSTS_FROM="denyhosts@$HOSTNAME"
DENYHOSTS_SYSLOG="yes"
DENYHOSTS_ROOT_THRESHOLD="3"

# SSH daemon configuration.
SSH_PROTOCOL="2"
SSH_STRICTMODE="yes"
SSH_IGNORE_RHOSTS="yes"
SSH_PUBKEY="yes"
SSH_ROOTLOGINS="no"
SSH_PASSWORD_AUTH="no"
SSH_PRIV_SEPARATION="yes"
SSH_GSSAPI_AUTH="no"
SSH_GSSAPI_CLEANUP="no"
SSH_BANNER="/etc/asl/banner"

# Rkhunter settings.
RKHUNTER_ENABLED="yes"
RKHUNTER_EMAIL="$EMAIL"


# mod_evasive configuration.
MODEV_ENABLED="yes"
MODEV_DOSHashTableSize="4096"
MODEV_DOSPageCount="5"
MODEV_DOSSiteCount="200"
MODEV_DOSPageInterval="2"
MODEV_DOSSiteInterval="2"
MODEV_DOSBlockingPeriod="25"

# Web App Inventory
APPINV_CRON="daily"

# Master configuration flag. Do not modify
CONFIGURED="no"
ASL_WEB_CONFIGURED="no"
