GPL v3 Release

csf/profiles/block_all_perm.conf

@@ -0,0 +1,32 @@
+# Profile: This provides a configuration where all blocks are configured to be
+# permanent
+CT_BLOCK_TIME = "0"
+CT_PERMANENT = "1"
+DENY_IP_LIMIT = "400"
+LF_APACHE_403_PERM = "1"
+LF_APACHE_404_PERM = "1"
+LF_BIND_PERM = "1"
+LF_CPANEL_PERM = "1"
+LF_CXS_PERM = "1"
+LF_DISTFTP_PERM = "1"
+LF_DISTSMTP_PERM = "1"
+LF_EXIMSYNTAX_PERM = "1"
+LF_FTPD_PERM = "1"
+LF_HTACCESS_PERM = "1"
+LF_IMAPD_PERM = "1"
+LF_MODSEC_PERM = "1"
+LF_NETBLOCK = "1"
+LF_PERMBLOCK = "1"
+LF_POP3D_PERM = "1"
+LF_QOS_PERM = "1"
+LF_SMTPAUTH_PERM = "1"
+LF_SSHD_PERM = "1"
+LF_SUHOSIN_PERM = "1"
+LF_SYMLINK_PERM = "1"
+LF_TRIGGER_PERM = "1"
+LF_WEBMIN_PERM = "1"
+PS_BLOCK_TIME = "0"
+PS_PERMANENT = "1"
+RT_AUTHRELAY_BLOCK = "1"
+RT_POPRELAY_BLOCK = "1"
+RT_RELAY_BLOCK = "1"

csf/profiles/block_all_temp.conf

@@ -0,0 +1,32 @@
+# Profile: This provides a configuration where all blocks are configured to be
+# temporary for a duration of one hour
+CT_BLOCK_TIME = "3600"
+CT_PERMANENT = "0"
+DENY_TEMP_IP_LIMIT = "200"
+LF_APACHE_403_PERM = "3600"
+LF_APACHE_404_PERM = "3600"
+LF_BIND_PERM = "3600"
+LF_CPANEL_PERM = "3600"
+LF_CXS_PERM = "3600"
+LF_DISTFTP_PERM = "3600"
+LF_DISTSMTP_PERM = "3600"
+LF_EXIMSYNTAX_PERM = "3600"
+LF_FTPD_PERM = "3600"
+LF_HTACCESS_PERM = "3600"
+LF_IMAPD_PERM = "3600"
+LF_MODSEC_PERM = "3600"
+LF_NETBLOCK = "0"
+LF_PERMBLOCK = "0"
+LF_POP3D_PERM = "3600"
+LF_QOS_PERM = "3600"
+LF_SMTPAUTH_PERM = "3600"
+LF_SSHD_PERM = "3600"
+LF_SUHOSIN_PERM = "3600"
+LF_SYMLINK_PERM = "3600"
+LF_TRIGGER_PERM = "3600"
+LF_WEBMIN_PERM = "3600"
+PS_BLOCK_TIME = "3600"
+PS_PERMANENT = "0"
+RT_AUTHRELAY_BLOCK = "3600"
+RT_POPRELAY_BLOCK = "3600"
+RT_RELAY_BLOCK = "3600"

csf/profiles/disable_alerts.conf

@@ -0,0 +1,38 @@
+# Profile: This profile disables all options that will send email alerts. This
+# profile is not recommended as the alerts often provide essential information
+# about blocks and hacking activity on a server and if disabled that
+# information will be lost. Additionally, some of these options disable
+# functionality.
+AT_ALERT = "0"
+CT_EMAIL_ALERT = "0"
+LF_CONSOLE_EMAIL_ALERT = "0"
+LF_CPANEL_ALERT = "0"
+LF_DIRWATCH = "0"
+LF_EMAIL_ALERT = "0"
+LF_INTEGRITY = "0"
+LF_NETBLOCK_ALERT = "0"
+LF_PERMBLOCK_ALERT = "0"
+LF_QUEUE_ALERT = "0"
+LF_SCRIPT_ALERT = "0"
+LF_SSH_EMAIL_ALERT = "0"
+LF_SU_EMAIL_ALERT = "0"
+LF_WEBMIN_EMAIL_ALERT = "0"
+LOGFLOOD_ALERT = "0"
+LOGSCANNER = "0"
+LT_EMAIL_ALERT = "0"
+PORTKNOCKING_ALERT = "0"
+PS_EMAIL_ALERT = "0"
+PT_INTERVAL = "0"
+PT_LOAD = "0"
+PT_USERKILL_ALERT = "0"
+RT_AUTHRELAY_ALERT = "0"
+RT_LOCALHOSTRELAY_ALERT = "0"
+RT_LOCALRELAY_ALERT = "0"
+RT_POPRELAY_ALERT = "0"
+RT_RELAY_ALERT = "0"
+SYSLOG_CHECK = "0"
+UID_INTERVAL = "0"
+RECAPTCHA_ALERT = "0"
+LF_DISTSMTP_ALERT = "0"
+LF_DISTFTP_ALERT = "0"
+LF_MODSECIPDB_ALERT = "0"

csf/profiles/protection_high.conf

@@ -0,0 +1,61 @@
+# Profile: This provides a high security level configuration that sets low
+# levels for failure blocking and enables some of the more advanced features to
+# provide a more secure configuration. It also enables a large number of alert
+# emails. This profile can increase the rate of false-positive blocks
+AT_ALERT = "1"
+AUTO_UPDATES = "1"
+CT_LIMIT = "300"
+DROP_LOGGING = "1"
+DROP_ONLYRES = "0"
+ICMP_IN_RATE = "1/s"
+IGNORE_ALLOW = "0"
+LF_BLOCKINONLY = "0"
+LF_CONSOLE_EMAIL_ALERT = "1"
+LF_CPANEL = "3"
+LF_CPANEL_ALERT = "1"
+LF_CSF = "1"
+LF_CXS = "1"
+LF_DIRWATCH = "300"
+LF_DISTATTACK = "1"
+LF_DISTFTP = "5"
+LF_DISTSMTP = "5"
+LF_EXIMSYNTAX = "10"
+LF_FTPD = "5"
+LF_HTACCESS = "5"
+LF_IMAPD = "5"
+LF_INTEGRITY = "3600"
+LF_MODSEC = "3"
+LF_NETBLOCK = "1"
+LF_PERMBLOCK = "1"
+LF_POP3D = "5"
+LF_QUEUE_ALERT = "2000"
+LF_SCRIPT_ALERT = "1"
+LF_SMTPAUTH = "5"
+LF_SSH_EMAIL_ALERT = "1"
+LF_SSHD = "3"
+LF_SU_EMAIL_ALERT = "1"
+LF_SYMLINK = "5"
+LF_WEBMIN = "3"
+LF_WEBMIN_EMAIL_ALERT = "1"
+LOGSCANNER = "1"
+LOGSCANNER_INTERVAL = "hourly"
+PACKET_FILTER = "1"
+PS_EMAIL_ALERT = "1"
+PS_INTERVAL = "300"
+PT_ALL_USERS = "1"
+PT_DELETED = "1"
+PT_FORKBOMB = "250"
+PT_LIMIT = "60"
+PT_SKIP_HTTP = "0"
+RELAYHOSTS = "0"
+RESTRICT_SYSLOG = "3"
+RESTRICT_UI = "1"
+RT_AUTHRELAY_ALERT = "1"
+RT_LOCALHOSTRELAY_ALERT = "1"
+RT_POPRELAY_ALERT = "1"
+RT_RELAY_ALERT = "1"
+SMTP_BLOCK = "1"
+SYSLOG_CHECK = "300" 
+UDPFLOOD = "1"
+UDPFLOOD_LOGGING = "1"
+UID_INTERVAL = "600"

csf/profiles/protection_low.conf

@@ -0,0 +1,60 @@
+# Profile: This provides a low security level configuration that sets high
+# levels for login failure blocking and disables some of the more advanced
+# features to provide a more simple configuration. It also disables a large
+# number of alert emails. This profile can decrease the rate of false-positive
+# blocks and reduced the load lfd places on the server, but is much less secure
+AT_ALERT = "0"
+AUTO_UPDATES = "0"
+CONNLIMIT = ""
+CT_LIMIT = "0"
+ICMP_IN = "1"
+ICMP_IN_RATE = "0"
+ICMP_OUT = "1"
+ICMP_OUT_RATE = "0"
+LF_APACHE_403 = "0"
+LF_APACHE_404 = "0"
+LF_BIND = "0"
+LF_BLOCKINONLY = "0"
+LF_CONSOLE_EMAIL_ALERT = "0"
+LF_CPANEL = "20"
+LF_CPANEL_ALERT = "0"
+LF_CXS = "0"
+LF_DIRWATCH = "0"
+LF_EXIMSYNTAX = "20"
+LF_FTPD = "20"
+LF_HTACCESS = "20"
+LF_IMAPD = "20"
+LF_INTEGRITY = "0"
+LF_MODSEC = "20"
+LF_NETBLOCK = "0"
+LF_PERMBLOCK = "0"
+LF_POP3D = "20"
+LF_QOS = "0"
+LF_QUEUE_ALERT = "0"
+LF_SCRIPT_ALERT = "0"
+LF_SMTPAUTH = "20"
+LF_SSHD = "20"
+LF_SUHOSIN = "0"
+LF_SYMLINK = "0"
+LF_WEBMIN = "0"
+LF_WEBMIN_EMAIL_ALERT = "0"
+LOGSCANNER = "0"
+LT_IMAPD = "0"
+LT_POP3D = "0"
+PACKET_FILTER = "0"
+PORTFLOOD = ""
+PS_INTERVAL = "0"
+PT_LIMIT = "0"
+RELAYHOSTS = "0"
+RESTRICT_SYSLOG = "2"
+RESTRICT_UI = "0"
+RT_AUTHRELAY_ALERT = "0"
+RT_LOCALHOSTRELAY_ALERT = "0"
+RT_LOCALRELAY_ALERT = "0"
+RT_POPRELAY_ALERT = "0"
+RT_RELAY_ALERT = "0"
+SMTP_BLOCK = "0"
+ST_ENABLE = "0"
+SYNFLOOD = "0"
+UDPFLOOD = "0"
+UID_INTERVAL = "0"

csf/profiles/protection_medium.conf

@@ -0,0 +1,62 @@
+# Profile: This provides a medium security level configuration that sets medium
+# levels for login failure blocking and minimises false-positives. It is a
+# slightly higher level than the default installation
+AT_ALERT = "2"
+AUTO_UPDATES = "1"
+CONNLIMIT = ""
+CT_LIMIT = "300"
+ICMP_IN = "1"
+ICMP_IN_RATE = "1/s"
+ICMP_OUT = "1"
+ICMP_OUT_RATE = "0"
+LF_APACHE_403 = "0"
+LF_APACHE_404 = "0"
+LF_BIND = "0"
+LF_BLOCKINONLY = "0"
+LF_CONSOLE_EMAIL_ALERT = "0"
+LF_CPANEL = "5"
+LF_CPANEL_ALERT = "1"
+LF_CXS = "1"
+LF_DIRWATCH = "300"
+LF_DISTATTACK = "1"
+LF_EXIMSYNTAX = "10"
+LF_FTPD = "10"
+LF_HTACCESS = "5"
+LF_IMAPD = "10"
+LF_INTEGRITY = "3600"
+LF_MODSEC = "5"
+LF_NETBLOCK = "0"
+LF_PERMBLOCK = "1"
+LF_POP3D = "10"
+LF_QOS = "0"
+LF_QUEUE_ALERT = "2000"
+LF_SCRIPT_ALERT = "1"
+LF_SMTPAUTH = "5"
+LF_SSHD = "5"
+LF_SUHOSIN = "0"
+LF_SYMLINK = "0"
+LF_WEBMIN = "0"
+LF_WEBMIN_EMAIL_ALERT = "0"
+LOGSCANNER = "0"
+LT_IMAPD = "0"
+LT_POP3D = "0"
+PACKET_FILTER = "1"
+PORTFLOOD = ""
+PS_INTERVAL = "0"
+PT_ALL_USERS = "1"
+PT_LIMIT = "60"
+RELAYHOSTS = "0"
+RESTRICT_SYSLOG = "3"
+RESTRICT_UI = "1"
+RT_AUTHRELAY_ALERT = "1"
+RT_LOCALHOSTRELAY_ALERT = "1"
+RT_LOCALRELAY_ALERT = "1"
+RT_POPRELAY_ALERT = "1"
+RT_RELAY_ALERT = "1"
+SMTP_ALLOWLOCAL = "1"
+SMTP_BLOCK = "1"
+ST_ENABLE = "1"
+SYNFLOOD = "0"
+SYSLOG_CHECK = "300"
+UDPFLOOD = "0"
+UID_INTERVAL = "0"