forked from bonjourmalware/melody
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.yml
106 lines (87 loc) · 3.49 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
---
## Melody configuration file
## This file shows all supported configuration keys with their default values
##
## Logs
##
## Directory where the logs will be written
# logs.dir: "logs/"
## By default, the logs are compressed (gzip) and rotated after reaching 1G, then discarded after 30 days
## You can disable the log rotation by setting "logs.sensor.rotation.enable: false"
## The minimum rotation.max_size is 1 megabyte, anything below will disable the rotation based on file size
## Supported notation : "M, G, MB, GB" (case insensitive)
## Raw number are parsed as bytes ("1240000" == "1M")
## Warning : anything below "1240000" (raw) will be parsed as 0 megabytes
## Using raw values is discouraged
## The minimum rotation.max_age is 1 day, anything below will disable the rotation based on file age
## Sensor logs
# logs.sensor.file: melody.ndjson
# logs.sensor.rotation.max_size: 1G
# logs.sensor.rotation.max_age: 30 # days
# logs.sensor.rotation.enable: true
# logs.sensor.rotation.compress: true
## Error logs
# logs.errors.file: melody_err.log
# logs.errors.rotation.max_size: 1G
# logs.errors.rotation.max_age: 30 # days
# logs.errors.rotation.enable: true
# logs.errors.rotation.compress: true
## Truncate the logged data in the payload/body after reaching the size limit
## In such case, the log has the "truncated" field set as "true"
# logs.http.post.max_size: "10kb"
# logs.tcp.payload.max_size: "10kb"
# logs.udp.payload.max_size: "10kb"
# logs.icmpv4.payload.max_size: "10KB"
# logs.icmpv6.payload.max_size: "10KB"
##
## Rules
##
## The directory where the active rules lives
# rules.dir: "rules/rules-enabled"
## Whitelist the protocols on which you want to apply rules
## Please note that the filtered protocols will still be logged
## Available values : all, http, icmp, tcp, udp, icmpv4, icmpv6
# rules.match.protocols: ["all"]
##
## Listen
##
## The interface on which Melody is listening
## Listen by default on localhost
## You want to change it to your internet facing interface (wlp3s0, ens3, enp0s25, eth0...)
# listen.interface: "lo"
##
## Filters
##
## Filter out specific protocols.
## Available protocols are : udp, tcp, http, https, icmp, icmpv4 (ipv4 only), icmpv6 (ipv6 only)
# filters.ipv4.proto: []
# filters.ipv6.proto: []
## Filter packets according to the BPF syntax (https://biot.com/capstats/bpf.html)
## The filter must start with "inbound" to filter outgoing packets
# filters.bpf.file: "filter.bpf"
##
## Dummy server
##
## Configure the dummy server spawned by Melody
## A listening HTTP server is needed to capture full HTTP requests
## Use iptables to redirect all traffic to the listening port in order to catch HTTP noise on all ports
# server.http.enable: true
# server.http.port: 10080
# server.http.dir: "var/http/serve"
## The missing_status_code is the default HTTP status code sent back if the file is not found
## A default status code of 200 can be useful to generate false positive in badly configured scanners
# server.http.response.missing_status_code: 200
## Add or override specific response headers
# server.http.response.headers:
# Server: "Apache"
## Same for the HTTPS server
## Valid TLS certificates are needed
## They can be generated using the Makefile (make certs)
# server.https.enable: true
# server.https.port: 10443
# server.https.dir: "var/https/serve"
# server.https.crt: "var/https/certs/cert.pem"
# server.https.key: "var/https/certs/key.pem"
# server.https.response.missing_status_code: 200
# server.https.response.headers:
# Server: "Apache"