LongTail.config

############################################################################
# Assorted Variables
#
# NOTE: Variables MUST start at the start of the line
# so that the perl scripts can read this file properly
# 
# Please do not add extra spaces or tabs into this file
# or else it might break :-)
#
#
# Is this a public webserver?  If so then we need to protect
# certain webpages so they are not seen by the badguys.  We
# have to do this in order to hide what the current "Hot" or
# "Desirable" account and password combinations are
#
# Do not assume that just because your page isn't indexed
# by Google that your webpage is private.
#
# Set it to 1 if it is public, or 0 if it is private.
# If it's public we're going to restrict access to some
# of the webpages via a chmod command in LongTail
PUBLIC_WEBSERVER=1

# Do you want Pretty graphs using jpgraph?  Set this to 1
# http://jpgraph.net/  JpGraph - Most powerful PHP-driven charts
GRAPHS=1

# Which honeypot are you running?  Uncomment only ONE of the following
#KIPPO=1 ; LONGTAIL=0 # This is for the Kippo honeypot
KIPPO=0 ; LONGTAIL=1 # This is for the LongTail honeypot

#Where is the messages file?  Uncomment only ONE of the following
PATH_TO_VAR_LOG="/var/log/" # Typically for messages file from ryslog
#PATH_TO_VAR_LOG="/usr/local/kippo-master/log/" # One place for kippo
#PATH_TO_VAR_LOG="/var/log/kippo/" # another place for kippo

# What is the name of the default log file
LOGFILE="messages"
#LOGFILE="kippo.log"


#Where is the apache access_log file?
PATH_TO_VAR_LOG_HTTPD="/var/log/httpd/"

# Do you want debug output?  Set this to 1
DEBUG=0

# Do you want ssh analysis?  Set this to 1
DO_SSH=1

# Do you want httpd analysis?  Set this to 1
DO_HTTPD=1

# Do we obfuscate/rename the IP addresses?  You might want to do this if
# you are copying your reports to a public site.
# OBFUSCATE_IP_ADDRESSES=1 will hide addresses
# OBFUSCATE_IP_ADDRESSES=0 will NOT hide addresses
OBFUSCATE_IP_ADDRESSES=0

# OBFUSCATE_URLS=1 will hide URLs in the http report
# OBFUSCATE_URLS=0 will NOT hide URLs in the http report
# This may not work properly yet.
OBFUSCATE_URLS=0

# These are the search strings from the "LogIt" function in auth-passwd.c
# and are used to figure out which ports are being brute-forced.
# The code for PASSLOG2222 has not yet been written.
PASSLOG="PassLog"
PASSLOG2222="Pass2222Log"

# Where do we put the temporary files
TMP_DIRECTORY="/data/tmp"

# Where are the scripts we need to run?
SCRIPT_DIR="/usr/local/etc/"

# Where do we put the reports?
HTML_DIR="/var/www/html"
# What's the top level directory?
SSH_HTML_TOP_DIR="honey" #NO slashes please, it breaks sed
SSH22_HTML_TOP_DIR="honey-22" #NO slashes please, it breaks sed
SSH2222_HTML_TOP_DIR="honey-2222" #NO slashes please, it breaks sed
TELNET_HTML_TOP_DIR="telnet" #NO slashes please, it breaks sed
RLOGIN_HTML_TOP_DIR="rlogin" #NO slashes please, it breaks sed
FTP_HTML_TOP_DIR="ftp" #NO slashes please, it breaks sed

# This is for my personal debugging, just leave them
# commented out if you aren't me.
#PATH_TO_VAR_LOG="/home/wedaa/source/LongTail/var/log/"
#PATH_TO_VAR_LOG_HTTPD="/home/wedaa/source/LongTail/var/log/httpd/"

# Is this a consolidation server?  (A server that
# processes many servers results AND makes individual
# reports for each server).
CONSOLIDATION=0

# Do we protect the raw data, and for how long?
# PROTECT_RAW_DATA=1 will protect raw data
# PROTECT_RAW_DATA=0 will NOT protect raw data
PROTECT_RAW_DATA=1
NUMBER_OF_DAYS_TO_PROTECT_RAW_DATA=90;

# What hosts are protected by a firewall or Intrusion Detection System?
# This is used to set the current-attack-count.data.notfullday flag 
# in those directories to help "normalize" the data
# Uncomment these and set to hostnames  (see LongTail.sh for example)
#HOSTS_PROTECTED=""
#BLACKRIDGE=""
#RESIDENTIAL_SITES=""
#EDUCATIONAL_SITES=""
#CLOUD_SITES=""
#BUSINESS_SITES=""