-
Notifications
You must be signed in to change notification settings - Fork 1
/
user_friendly_example.conf
267 lines (208 loc) · 4.93 KB
/
user_friendly_example.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
#####################################
# Security Hardening Configuration File
# Version: 3.0
#####################################
# Basic Configuration Options
#---------------------------
# Enable/disable backup creation before making changes
# Values: true/false
# Default: true
# Recommended: true
BACKUP_ENABLED="true"
# Enable/disable automatic backup rotation
# Values: true/false
# Default: true
BACKUP_ROTATION="true"
# Number of backups to keep
# Values: number
# Default: 5
BACKUP_COUNT="5"
# Firewall Configuration
#----------------------
# Enable/disable firewall configuration
# Values: true/false
# Default: true
FIREWALL_ENABLED="true"
# Default incoming policy
# Values: accept/drop/reject
# Default: drop
FIREWALL_DEFAULT_INCOMING="drop"
# Default outgoing policy
# Values: accept/drop/reject
# Default: accept
FIREWALL_DEFAULT_OUTGOING="accept"
# Enable rate limiting for SSH
# Values: true/false
# Default: true
FIREWALL_SSH_RATE_LIMIT="true"
# Access Control Configuration
#---------------------------
# Enable SELinux (Note: This will disable AppArmor if enabled)
# Values: true/false
# Default: false
SELINUX_ENABLED="false"
# Enable AppArmor (Note: This will disable SELinux if enabled)
# Values: true/false
# Default: true
APPARMOR_ENABLED="true"
# Network Configuration
#--------------------
# Enable/disable IPv6
# Values: true/false
# Default: false
IPV6_ENABLED="false"
# Enable network segmentation
# Values: true/false
# Default: true
NETWORK_SEGMENTATION="true"
# DMZ network address (if applicable)
# Values: CIDR notation
# Default: empty
DMZ_NETWORK=""
# Audit and Monitoring
#-------------------
# Enable system auditing
# Values: true/false
# Default: true
AUDIT_ENABLED="true"
# Audit log size limit in MB
# Values: number
# Default: 50
AUDIT_LOG_SIZE="50"
# Enable automatic security updates
# Values: true/false
# Default: true
AUTOMATIC_UPDATES="true"
# Password and Authentication
#--------------------------
# Enable strict password policy
# Values: true/false
# Default: true
PASSWORD_POLICY_STRICT="true"
# Password minimum length
# Values: number
# Default: 15
PASSWORD_MIN_LENGTH="15"
# Password maximum age in days
# Values: number
# Default: 60
PASSWORD_MAX_DAYS="60"
# Password minimum age in days
# Values: number
# Default: 1
PASSWORD_MIN_DAYS="1"
# Number of passwords to remember
# Values: number
# Default: 24
PASSWORD_REMEMBER="24"
# Account lockout threshold
# Values: number
# Default: 3
ACCOUNT_LOCKOUT_THRESHOLD="3"
# Account lockout duration in seconds
# Values: number
# Default: 1800 (30 minutes)
ACCOUNT_LOCKOUT_TIME="1800"
# Device Control
#-------------
# Enable USB device control
# Values: true/false
# Default: true
USB_CONTROL_ENABLED="true"
# Default USB device policy
# Values: allow/block
# Default: block
USB_DEFAULT_POLICY="block"
# File Integrity
#-------------
# Enable file integrity monitoring
# Values: true/false
# Default: true
FILE_INTEGRITY_MONITORING="true"
# File integrity check frequency in seconds
# Values: number
# Default: 7200 (2 hours)
FILE_INTEGRITY_CHECK_FREQUENCY="7200"
# Security Monitoring
#-----------------
# Enable OSSEC HIDS
# Values: true/false
# Default: true
OSSEC_ENABLED="true"
# Enable daily security scans
# Values: true/false
# Default: true
DAILY_SECURITY_SCAN="true"
# Email for security notifications
# Values: email address
# Default: root@localhost
SECURITY_EMAIL="root@localhost"
# Logging Configuration
#-------------------
# Log retention period in days
# Values: number
# Default: 90
LOG_RETENTION_DAYS="90"
# Enable verbose logging
# Values: true/false
# Default: false
VERBOSE_LOGGING="false"
# Maximum log file size in MB
# Values: number
# Default: 100
MAX_LOG_SIZE="100"
# System Hardening
#---------------
# Enable kernel hardening
# Values: true/false
# Default: true
KERNEL_HARDENING="true"
# Enable secure boot configuration
# Values: true/false
# Default: true
SECURE_BOOT="true"
# Enable process accounting
# Values: true/false
# Default: true
PROCESS_ACCOUNTING="true"
# Performance Settings
#------------------
# Maximum concurrent security scans
# Values: number
# Default: 2
MAX_CONCURRENT_SCANS="2"
# Resource usage limit percentage
# Values: number (1-100)
# Default: 70
RESOURCE_LIMIT="70"
# Recovery Settings
#---------------
# Enable automatic recovery attempts
# Values: true/false
# Default: true
AUTO_RECOVERY="true"
# Maximum recovery attempts
# Values: number
# Default: 3
MAX_RECOVERY_ATTEMPTS="3"
# Compliance Settings
#-----------------
# Enable STIG compliance checks
# Values: true/false
# Default: true
STIG_COMPLIANCE="true"
# Enable CIS compliance checks
# Values: true/false
# Default: true
CIS_COMPLIANCE="true"
# Custom Settings
#-------------
# Custom security scripts directory
# Values: path
# Default: /usr/local/security/scripts
CUSTOM_SCRIPTS_DIR="/usr/local/security/scripts"
# Custom rules directory
# Values: path
# Default: /usr/local/security/rules
CUSTOM_RULES_DIR="/usr/local/security/rules"
# End of configuration file