gigpark-ec2onrails 0.9.10.3
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +190 -0
- data/COPYING +339 -0
- data/Manifest +160 -0
- data/README.textile +233 -0
- data/Rakefile +31 -0
- data/TODO +104 -0
- data/ec2onrails.gemspec +46 -0
- data/echoe_config.rb +27 -0
- data/examples/Capfile +3 -0
- data/examples/deploy.rb +103 -0
- data/examples/s3.yml +9 -0
- data/lib/ec2onrails.rb +20 -0
- data/lib/ec2onrails/capistrano_utils.rb +47 -0
- data/lib/ec2onrails/recipes.rb +146 -0
- data/lib/ec2onrails/recipes/db.rb +366 -0
- data/lib/ec2onrails/recipes/deploy.rb +26 -0
- data/lib/ec2onrails/recipes/server.rb +517 -0
- data/lib/ec2onrails/version.rb +29 -0
- data/server/build +74 -0
- data/server/files/etc/README +7 -0
- data/server/files/etc/aliases +5 -0
- data/server/files/etc/cron.d/ec2onrails +16 -0
- data/server/files/etc/cron.daily/app +31 -0
- data/server/files/etc/cron.daily/logrotate_post +25 -0
- data/server/files/etc/cron.hourly/app +31 -0
- data/server/files/etc/cron.monthly/app +31 -0
- data/server/files/etc/cron.weekly/app +31 -0
- data/server/files/etc/default/varnish +33 -0
- data/server/files/etc/default/varnishncsa +11 -0
- data/server/files/etc/denyhosts.conf +628 -0
- data/server/files/etc/dpkg/dpkg.cfg +13 -0
- data/server/files/etc/ec2onrails/rails_env +1 -0
- data/server/files/etc/ec2onrails/roles.yml +5 -0
- data/server/files/etc/environment +2 -0
- data/server/files/etc/event.d/god +8 -0
- data/server/files/etc/god/db_primary.god +16 -0
- data/server/files/etc/god/dkim_filter.god +17 -0
- data/server/files/etc/god/master.conf +40 -0
- data/server/files/etc/god/memcache.god +15 -0
- data/server/files/etc/god/notifications.god +11 -0
- data/server/files/etc/god/proxy.god +40 -0
- data/server/files/etc/god/system.god +37 -0
- data/server/files/etc/god/web.god +23 -0
- data/server/files/etc/init.d/ec2-every-startup +29 -0
- data/server/files/etc/init.d/ec2-first-startup +37 -0
- data/server/files/etc/init.d/nginx +78 -0
- data/server/files/etc/logrotate.d/nginx +10 -0
- data/server/files/etc/logrotate.d/rails +8 -0
- data/server/files/etc/logrotate.d/varnish +14 -0
- data/server/files/etc/memcached.conf +47 -0
- data/server/files/etc/motd.tail +13 -0
- data/server/files/etc/mysql/my.cnf +152 -0
- data/server/files/etc/nginx/conf.d/custom.conf +1 -0
- data/server/files/etc/nginx/nginx.conf.erb +152 -0
- data/server/files/etc/postfix/main.cf +4 -0
- data/server/files/etc/ssh/sshd_config +96 -0
- data/server/files/etc/sudoers +31 -0
- data/server/files/etc/syslog.conf +63 -0
- data/server/files/etc/varnish/default.vcl.erb +140 -0
- data/server/files/usr/local/ec2onrails/COPYING +339 -0
- data/server/files/usr/local/ec2onrails/bin/archive_file +44 -0
- data/server/files/usr/local/ec2onrails/bin/backup_app_db +160 -0
- data/server/files/usr/local/ec2onrails/bin/backup_dir +89 -0
- data/server/files/usr/local/ec2onrails/bin/ec2_meta_data +80 -0
- data/server/files/usr/local/ec2onrails/bin/exec_runner +76 -0
- data/server/files/usr/local/ec2onrails/bin/in_role +33 -0
- data/server/files/usr/local/ec2onrails/bin/init_services +43 -0
- data/server/files/usr/local/ec2onrails/bin/install_system_files +56 -0
- data/server/files/usr/local/ec2onrails/bin/optimize_mysql +346 -0
- data/server/files/usr/local/ec2onrails/bin/public-hostname +24 -0
- data/server/files/usr/local/ec2onrails/bin/rails_env +33 -0
- data/server/files/usr/local/ec2onrails/bin/rebundle +62 -0
- data/server/files/usr/local/ec2onrails/bin/restore_app_db +58 -0
- data/server/files/usr/local/ec2onrails/bin/set_rails_env +36 -0
- data/server/files/usr/local/ec2onrails/bin/set_roles +36 -0
- data/server/files/usr/local/ec2onrails/bin/uninstall_system_files +34 -0
- data/server/files/usr/local/ec2onrails/config +30 -0
- data/server/files/usr/local/ec2onrails/lib/aws_helper.rb +75 -0
- data/server/files/usr/local/ec2onrails/lib/god_helper.rb +84 -0
- data/server/files/usr/local/ec2onrails/lib/mysql_helper.rb +100 -0
- data/server/files/usr/local/ec2onrails/lib/roles_helper.rb +156 -0
- data/server/files/usr/local/ec2onrails/lib/s3_helper.rb +116 -0
- data/server/files/usr/local/ec2onrails/lib/system_files_helper.rb +110 -0
- data/server/files/usr/local/ec2onrails/lib/system_files_manifest.rb +107 -0
- data/server/files/usr/local/ec2onrails/lib/utils.rb +26 -0
- data/server/files/usr/local/ec2onrails/lib/vendor/ini.rb +268 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/every-startup/README +5 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/every-startup/create-mysqld-pid-dir +26 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/README +5 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/create-dirs +45 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/generate-default-web-cert-and-key +49 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/get-hostname +27 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/misc +27 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/prepare-mysql-data-dir +24 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/setup-credentials +32 -0
- data/server/files/usr/local/ec2onrails/startup-scripts/first-startup/setup-file-permissions +30 -0
- data/server/rakefile-wrapper +26 -0
- data/server/rakefile.rb +267 -0
- data/test/autobench.conf +60 -0
- data/test/spec/lib/s3_helper_spec.rb +154 -0
- data/test/spec/lib/s3_old.yml +3 -0
- data/test/spec/lib/system_files_manifest_spec.rb +122 -0
- data/test/spec/test_files/system_files1/_manifest +13 -0
- data/test/spec/test_files/system_files1/test1 +0 -0
- data/test/spec/test_files/system_files1/test2 +0 -0
- data/test/spec/test_files/system_files1/testfolder/test3 +0 -0
- data/test/spec/test_files/system_files2/_manifest +2 -0
- data/test/spec/test_files/system_files2/test1 +0 -0
- data/test/spec/test_files/system_files2/test2 +0 -0
- data/test/spec/test_files/system_files2/testfolder/test3 +0 -0
- data/test/spec/test_files/test2 +0 -0
- data/test/test_app/Capfile +3 -0
- data/test/test_app/README +243 -0
- data/test/test_app/Rakefile +10 -0
- data/test/test_app/app/controllers/application_controller.rb +10 -0
- data/test/test_app/app/controllers/db_fast_controller.rb +6 -0
- data/test/test_app/app/controllers/fast_controller.rb +5 -0
- data/test/test_app/app/controllers/slow_controller.rb +6 -0
- data/test/test_app/app/controllers/very_slow_controller.rb +6 -0
- data/test/test_app/app/helpers/application_helper.rb +3 -0
- data/test/test_app/config/boot.rb +110 -0
- data/test/test_app/config/database.yml +24 -0
- data/test/test_app/config/deploy.rb +22 -0
- data/test/test_app/config/ec2onrails/config.rb +5 -0
- data/test/test_app/config/environment.rb +41 -0
- data/test/test_app/config/environments/development.rb +17 -0
- data/test/test_app/config/environments/production.rb +28 -0
- data/test/test_app/config/environments/test.rb +28 -0
- data/test/test_app/config/initializers/backtrace_silencers.rb +7 -0
- data/test/test_app/config/initializers/inflections.rb +10 -0
- data/test/test_app/config/initializers/mime_types.rb +5 -0
- data/test/test_app/config/initializers/new_rails_defaults.rb +19 -0
- data/test/test_app/config/initializers/session_store.rb +15 -0
- data/test/test_app/config/locales/en.yml +5 -0
- data/test/test_app/config/routes.rb +43 -0
- data/test/test_app/doc/README_FOR_APP +2 -0
- data/test/test_app/public/404.html +30 -0
- data/test/test_app/public/422.html +30 -0
- data/test/test_app/public/500.html +30 -0
- data/test/test_app/public/favicon.ico +0 -0
- data/test/test_app/public/images/rails.png +0 -0
- data/test/test_app/public/index.html +275 -0
- data/test/test_app/public/javascripts/application.js +2 -0
- data/test/test_app/public/javascripts/controls.js +963 -0
- data/test/test_app/public/javascripts/dragdrop.js +973 -0
- data/test/test_app/public/javascripts/effects.js +1128 -0
- data/test/test_app/public/javascripts/prototype.js +4320 -0
- data/test/test_app/public/robots.txt +5 -0
- data/test/test_app/script/about +4 -0
- data/test/test_app/script/console +3 -0
- data/test/test_app/script/dbconsole +3 -0
- data/test/test_app/script/destroy +3 -0
- data/test/test_app/script/generate +3 -0
- data/test/test_app/script/performance/benchmarker +3 -0
- data/test/test_app/script/performance/profiler +3 -0
- data/test/test_app/script/plugin +3 -0
- data/test/test_app/script/runner +3 -0
- data/test/test_app/script/server +3 -0
- data/test/test_app/test/performance/browsing_test.rb +9 -0
- data/test/test_app/test/test_helper.rb +38 -0
- metadata +266 -0
@@ -0,0 +1,29 @@
|
|
1
|
+
# This file is part of EC2 on Rails.
|
2
|
+
# http://rubyforge.org/projects/ec2onrails/
|
3
|
+
#
|
4
|
+
# Copyright 2007 Paul Dowman, http://pauldowman.com/
|
5
|
+
#
|
6
|
+
# EC2 on Rails is free software; you can redistribute it and/or modify
|
7
|
+
# it under the terms of the GNU General Public License as published by
|
8
|
+
# the Free Software Foundation; either version 2 of the License, or
|
9
|
+
# (at your option) any later version.
|
10
|
+
#
|
11
|
+
# EC2 on Rails is distributed in the hope that it will be useful,
|
12
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
13
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
14
|
+
# GNU General Public License for more details.
|
15
|
+
#
|
16
|
+
# You should have received a copy of the GNU General Public License
|
17
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
18
|
+
|
19
|
+
module Ec2onrails #:nodoc:
|
20
|
+
module VERSION #:nodoc:
|
21
|
+
STRING = "0.9.10.3"
|
22
|
+
|
23
|
+
AMI_ID_32_BIT_US = 'ami-xx'
|
24
|
+
AMI_ID_64_BIT_US = 'ami-xx'
|
25
|
+
|
26
|
+
AMI_ID_32_BIT_EU = 'ami-xx'
|
27
|
+
AMI_ID_64_BIT_EU = 'ami-xx'
|
28
|
+
end
|
29
|
+
end
|
data/server/build
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
# This file is part of EC2 on Rails.
|
4
|
+
# http://rubyforge.org/projects/ec2onrails/
|
5
|
+
#
|
6
|
+
# Copyright 2007 Paul Dowman, http://pauldowman.com/
|
7
|
+
#
|
8
|
+
# EC2 on Rails is free software; you can redistribute it and/or modify
|
9
|
+
# it under the terms of the GNU General Public License as published by
|
10
|
+
# the Free Software Foundation; either version 2 of the License, or
|
11
|
+
# (at your option) any later version.
|
12
|
+
#
|
13
|
+
# EC2 on Rails is distributed in the hope that it will be useful,
|
14
|
+
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
15
|
+
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
16
|
+
# GNU General Public License for more details.
|
17
|
+
#
|
18
|
+
# You should have received a copy of the GNU General Public License
|
19
|
+
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
20
|
+
|
21
|
+
|
22
|
+
# This script wraps Eric Hammond's ec2ubuntu-build-ami script ( http://alestic.com/ )
|
23
|
+
# It passes all args directly to the ec2ubuntu-build-ami script, except for three
|
24
|
+
# which it modifies to the following values:
|
25
|
+
# --distribution ubuntu
|
26
|
+
# --codename intrepid
|
27
|
+
# --script /mnt/ec2onrails/server/rakefile-wrapper
|
28
|
+
# Other than those three args (which will be ignored if given) this script should
|
29
|
+
# be given the regular ec2ubuntu-build-ami args, for details see the comments at:
|
30
|
+
# http://ec2ubuntu.googlecode.com/svn/trunk/bin/ec2ubuntu-build-ami
|
31
|
+
|
32
|
+
require "fileutils"
|
33
|
+
|
34
|
+
EC2UBUNTU_VERSION = 148
|
35
|
+
|
36
|
+
unless File.exist? "/mnt/ec2ubuntu"
|
37
|
+
puts "Installing yum..."
|
38
|
+
system "yum install svn -y"
|
39
|
+
end
|
40
|
+
|
41
|
+
puts "Getting ec2ubuntu build script..."
|
42
|
+
system "svn checkout -r #{EC2UBUNTU_VERSION} http://ec2ubuntu.googlecode.com/svn/trunk/ /mnt/ec2ubuntu"
|
43
|
+
|
44
|
+
unless system "which rake"
|
45
|
+
puts "Installing rake..."
|
46
|
+
|
47
|
+
FileUtils.cd "/tmp" do
|
48
|
+
system "wget http://rubyforge.org/frs/download.php/29752/rake-0.8.1.tgz"
|
49
|
+
system "tar xvf rake-0.8.1.tgz"
|
50
|
+
end
|
51
|
+
FileUtils.cd "/tmp/rake-0.8.1" do
|
52
|
+
system "ruby install.rb"
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
# copy all args except the ones we want to overwrite into a new array
|
57
|
+
ec2ubuntu_args = []
|
58
|
+
(0..(ARGV.size-1)).to_a.delete_if{|n| n%2!=0}.each do |n|
|
59
|
+
unless %w(--distribution --codename --script).include? ARGV[n]
|
60
|
+
ec2ubuntu_args << ARGV[n]
|
61
|
+
ec2ubuntu_args << ARGV[n+1]
|
62
|
+
end
|
63
|
+
end
|
64
|
+
|
65
|
+
# Call Eric Hammond's build script, passing it all the args that this script was given,
|
66
|
+
# except with our own values for distribution, codename, and script
|
67
|
+
system <<-EOS
|
68
|
+
/mnt/ec2ubuntu/bin/ec2ubuntu-build-ami \
|
69
|
+
--distribution ubuntu \
|
70
|
+
--codename jaunty \
|
71
|
+
--script /mnt/ec2onrails/server/rakefile-wrapper \
|
72
|
+
#{ec2ubuntu_args.join(' ')}
|
73
|
+
EOS
|
74
|
+
|
@@ -0,0 +1,16 @@
|
|
1
|
+
#
|
2
|
+
# different backup strategies depending on whether the db instance is using Amazon's EBS
|
3
|
+
#
|
4
|
+
|
5
|
+
# without EBS:
|
6
|
+
# Incremental backup every 5 minutes
|
7
|
+
*/5 * * * * root test ! -f /etc/mysql/conf.d/mysql-ec2-ebs.cnf && /usr/local/ec2onrails/bin/backup_app_db --incremental
|
8
|
+
|
9
|
+
# without EBS:
|
10
|
+
# Full backup every day at 05:01, reset the binary logs.
|
11
|
+
# First kill any incremental backup that happens to be in progress
|
12
|
+
1 5 * * * root killall -q -u root backup_app_db ; test ! -f /etc/mysql/conf.d/mysql-ec2-ebs.cnf && /usr/local/ec2onrails/bin/backup_app_db --reset
|
13
|
+
|
14
|
+
# with EBS:
|
15
|
+
# Full snapshot every 2 hours
|
16
|
+
11 */2 * * * root test -f /etc/mysql/conf.d/mysql-ec2-ebs.cnf && /usr/local/ec2onrails/bin/backup_app_db
|
@@ -0,0 +1,31 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
#NOTE: you can also call
|
4
|
+
# /usr/local/ec2onrails/bin/exec_runner
|
5
|
+
# to run a script under a specific role
|
6
|
+
# see the file for details
|
7
|
+
|
8
|
+
if test -e /mnt/app/current; then
|
9
|
+
cd /mnt/app/current
|
10
|
+
|
11
|
+
if test -e /mnt/app/current/script/cron/daily; then
|
12
|
+
if test -f /mnt/app/current/script/cron/daily; then
|
13
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env script/cron/daily;
|
14
|
+
else
|
15
|
+
for f in script/cron/daily/*; do
|
16
|
+
if test -f $f; then
|
17
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env $f
|
18
|
+
fi
|
19
|
+
done
|
20
|
+
fi
|
21
|
+
exit 0;
|
22
|
+
fi
|
23
|
+
|
24
|
+
#DEPRECATED: just for old usage....
|
25
|
+
if test -e /mnt/app/current/script/daily
|
26
|
+
then
|
27
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env script/daily
|
28
|
+
exit 0;
|
29
|
+
fi
|
30
|
+
|
31
|
+
fi
|
@@ -0,0 +1,25 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
RAILS_ENV=`/usr/local/ec2onrails/bin/rails_env`
|
4
|
+
|
5
|
+
if [ -x /mnt/app/current ] ; then
|
6
|
+
logfile=/mnt/app/current/log/$RAILS_ENV.log-`date +%Y%m%d`
|
7
|
+
if [ -e $logfile ] ; then
|
8
|
+
gzip -c $logfile > $logfile.gz
|
9
|
+
/usr/local/ec2onrails/bin/archive_file --file $logfile.gz --dir logs/rails && rm $logfile.gz
|
10
|
+
fi
|
11
|
+
fi
|
12
|
+
|
13
|
+
for f in `ls /mnt/log/nginx/*.log` ; do
|
14
|
+
logfile=$f-`date +%Y%m%d`
|
15
|
+
if [ -e $logfile ] ; then
|
16
|
+
gzip -c $logfile > $logfile.gz
|
17
|
+
/usr/local/ec2onrails/bin/archive_file --file $logfile.gz --dir logs/nginx && rm $logfile.gz
|
18
|
+
fi
|
19
|
+
done
|
20
|
+
|
21
|
+
logfile=/mnt/log/varnish/varnishncsa.log-`date +%Y%m%d`
|
22
|
+
if [ -e $logfile ] ; then
|
23
|
+
gzip -c $logfile > $logfile.gz
|
24
|
+
/usr/local/ec2onrails/bin/archive_file --file $logfile.gz --dir logs/varnish && rm $logfile.gz
|
25
|
+
fi
|
@@ -0,0 +1,31 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
#NOTE: you can also call
|
4
|
+
# /usr/local/ec2onrails/bin/exec_runner
|
5
|
+
# to run a script under a specific role
|
6
|
+
# see the file for details
|
7
|
+
|
8
|
+
if test -e /mnt/app/current; then
|
9
|
+
cd /mnt/app/current
|
10
|
+
|
11
|
+
if test -e /mnt/app/current/script/cron/hourly; then
|
12
|
+
if test -f /mnt/app/current/script/cron/hourly; then
|
13
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env script/cron/hourly;
|
14
|
+
else
|
15
|
+
for f in script/cron/hourly/*; do
|
16
|
+
if test -f $f; then
|
17
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env $f
|
18
|
+
fi
|
19
|
+
done
|
20
|
+
fi
|
21
|
+
exit 0;
|
22
|
+
fi
|
23
|
+
|
24
|
+
#DEPRECATED: just for old usage....
|
25
|
+
if test -e /mnt/app/current/script/hourly
|
26
|
+
then
|
27
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env script/hourly
|
28
|
+
exit 0;
|
29
|
+
fi
|
30
|
+
|
31
|
+
fi
|
@@ -0,0 +1,31 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
#NOTE: you can also call
|
4
|
+
# /usr/local/ec2onrails/bin/exec_runner
|
5
|
+
# to run a script under a specific role
|
6
|
+
# see the file for details
|
7
|
+
|
8
|
+
if test -e /mnt/app/current; then
|
9
|
+
cd /mnt/app/current
|
10
|
+
|
11
|
+
if test -e /mnt/app/current/script/cron/monthly; then
|
12
|
+
if test -f /mnt/app/current/script/cron/monthly; then
|
13
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env script/cron/monthly;
|
14
|
+
else
|
15
|
+
for f in script/cron/monthly/*; do
|
16
|
+
if test -f $f; then
|
17
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env $f
|
18
|
+
fi
|
19
|
+
done
|
20
|
+
fi
|
21
|
+
exit 0;
|
22
|
+
fi
|
23
|
+
|
24
|
+
#DEPRECATED: just for old usage....
|
25
|
+
if test -e /mnt/app/current/script/monthly
|
26
|
+
then
|
27
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env script/monthly
|
28
|
+
exit 0;
|
29
|
+
fi
|
30
|
+
|
31
|
+
fi
|
@@ -0,0 +1,31 @@
|
|
1
|
+
#!/bin/sh
|
2
|
+
|
3
|
+
#NOTE: you can also call
|
4
|
+
# /usr/local/ec2onrails/bin/exec_runner
|
5
|
+
# to run a script under a specific role
|
6
|
+
# see the file for details
|
7
|
+
|
8
|
+
if test -e /mnt/app/current; then
|
9
|
+
cd /mnt/app/current
|
10
|
+
|
11
|
+
if test -e /mnt/app/current/script/cron/weekly; then
|
12
|
+
if test -f /mnt/app/current/script/cron/weekly; then
|
13
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env script/cron/weekly;
|
14
|
+
else
|
15
|
+
for f in script/cron/weekly/*; do
|
16
|
+
if test -f $f; then
|
17
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env $f
|
18
|
+
fi
|
19
|
+
done
|
20
|
+
fi
|
21
|
+
exit 0;
|
22
|
+
fi
|
23
|
+
|
24
|
+
#DEPRECATED: just for old usage....
|
25
|
+
if test -e /mnt/app/current/script/weekly
|
26
|
+
then
|
27
|
+
sudo -u app /usr/local/ec2onrails/bin/rails_env script/weekly
|
28
|
+
exit 0;
|
29
|
+
fi
|
30
|
+
|
31
|
+
fi
|
@@ -0,0 +1,33 @@
|
|
1
|
+
# Configuration file for varnish
|
2
|
+
#
|
3
|
+
# /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK
|
4
|
+
# to be set from this shell script fragment.
|
5
|
+
#
|
6
|
+
|
7
|
+
# Maximum number of open files (for ulimit -n)
|
8
|
+
NFILES=131072
|
9
|
+
|
10
|
+
# Maximum locked memory size (for ulimit -l)
|
11
|
+
# Used for locking the shared memory log in memory. If you increase log size,
|
12
|
+
# you need to increase this number as well
|
13
|
+
MEMLOCK=82000
|
14
|
+
|
15
|
+
# Default varnish instance name is the local nodename. Can be overridden with
|
16
|
+
# the -n switch, to have more instances on a single server.
|
17
|
+
INSTANCE=$(uname -n)
|
18
|
+
|
19
|
+
|
20
|
+
# Listen on port 80, administration on localhost:6082, and forward to
|
21
|
+
# one content server selected by the vcl file, based on the request.
|
22
|
+
|
23
|
+
# Use a 256 MB fixed-size cache file.
|
24
|
+
# TODO figure out how to configure this so that the varnishd process
|
25
|
+
# doesn't grow so large because we have little or no swap (or add
|
26
|
+
# more swap space)
|
27
|
+
#
|
28
|
+
# TODO pre-allocate the storage space using dd
|
29
|
+
#
|
30
|
+
DAEMON_OPTS="-a :80 \
|
31
|
+
-T localhost:6082 \
|
32
|
+
-f /etc/varnish/default.vcl \
|
33
|
+
-s file,/mnt/varnish/varnish_storage.bin,256M"
|
@@ -0,0 +1,11 @@
|
|
1
|
+
# Configuration file for varnishncsa
|
2
|
+
#
|
3
|
+
# Uncomment this to enable logging for varnish. Please make sure you have
|
4
|
+
# enough disk space for significant amounts of log data. To disable logging,
|
5
|
+
# set the variable to "0", "no", or leave it unset.
|
6
|
+
#
|
7
|
+
# NCSA log format, to be used by HTTP log analyzers
|
8
|
+
VARNISHNCSA_ENABLED=1
|
9
|
+
|
10
|
+
LOGFILE=/mnt/log/varnish/varnishncsa.log
|
11
|
+
|
@@ -0,0 +1,628 @@
|
|
1
|
+
# Ec2onRails NOTE: this file is only used if the :harden_server ec2onrails
|
2
|
+
# configuration is set to true
|
3
|
+
#
|
4
|
+
|
5
|
+
|
6
|
+
############ THESE SETTINGS ARE REQUIRED ############
|
7
|
+
|
8
|
+
########################################################################
|
9
|
+
#
|
10
|
+
# SECURE_LOG: the log file that contains sshd logging info
|
11
|
+
# if you are not sure, grep "sshd:" /var/log/*
|
12
|
+
#
|
13
|
+
# The file to process can be overridden with the --file command line
|
14
|
+
# argument
|
15
|
+
#
|
16
|
+
# Redhat or Fedora Core:
|
17
|
+
#SECURE_LOG = /var/log/secure
|
18
|
+
#
|
19
|
+
# Mandrake, FreeBSD or OpenBSD:
|
20
|
+
#SECURE_LOG = /var/log/auth.log
|
21
|
+
#
|
22
|
+
# SuSE:
|
23
|
+
#SECURE_LOG = /var/log/messages
|
24
|
+
#
|
25
|
+
# Mac OS X (v10.4 or greater -
|
26
|
+
# also refer to: http://www.denyhosts.net/faq.html#macos
|
27
|
+
#SECURE_LOG = /private/var/log/asl.log
|
28
|
+
#
|
29
|
+
# Mac OS X (v10.3 or earlier):
|
30
|
+
#SECURE_LOG=/private/var/log/system.log
|
31
|
+
#
|
32
|
+
# Debian:
|
33
|
+
SECURE_LOG = /var/log/auth.log
|
34
|
+
########################################################################
|
35
|
+
|
36
|
+
########################################################################
|
37
|
+
#
|
38
|
+
# HOSTS_DENY: the file which contains restricted host access information
|
39
|
+
#
|
40
|
+
# Most operating systems:
|
41
|
+
HOSTS_DENY = /etc/hosts.deny
|
42
|
+
#
|
43
|
+
# Some BSD (FreeBSD) Unixes:
|
44
|
+
#HOSTS_DENY = /etc/hosts.allow
|
45
|
+
#
|
46
|
+
# Another possibility (also see the next option):
|
47
|
+
#HOSTS_DENY = /etc/hosts.evil
|
48
|
+
#######################################################################
|
49
|
+
|
50
|
+
|
51
|
+
########################################################################
|
52
|
+
#
|
53
|
+
# PURGE_DENY: removed HOSTS_DENY entries that are older than this time
|
54
|
+
# when DenyHosts is invoked with the --purge flag
|
55
|
+
#
|
56
|
+
# format is: i[dhwmy]
|
57
|
+
# Where 'i' is an integer (eg. 7)
|
58
|
+
# 'm' = minutes
|
59
|
+
# 'h' = hours
|
60
|
+
# 'd' = days
|
61
|
+
# 'w' = weeks
|
62
|
+
# 'y' = years
|
63
|
+
#
|
64
|
+
PURGE_DENY = 12w
|
65
|
+
# never purge:
|
66
|
+
#PURGE_DENY =
|
67
|
+
#
|
68
|
+
# purge entries older than 1 week
|
69
|
+
#PURGE_DENY = 1w
|
70
|
+
#
|
71
|
+
# purge entries older than 5 days
|
72
|
+
#PURGE_DENY = 5d
|
73
|
+
#######################################################################
|
74
|
+
|
75
|
+
#######################################################################
|
76
|
+
#
|
77
|
+
# PURGE_THRESHOLD: defines the maximum times a host will be purged.
|
78
|
+
# Once this value has been exceeded then this host will not be purged.
|
79
|
+
# Setting this parameter to 0 (the default) disables this feature.
|
80
|
+
#
|
81
|
+
# default: a denied host can be purged/re-added indefinitely
|
82
|
+
#PURGE_THRESHOLD = 0
|
83
|
+
#
|
84
|
+
# a denied host will be purged at most 2 times.
|
85
|
+
#PURGE_THRESHOLD = 2
|
86
|
+
#
|
87
|
+
#######################################################################
|
88
|
+
|
89
|
+
|
90
|
+
#######################################################################
|
91
|
+
#
|
92
|
+
# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
|
93
|
+
#
|
94
|
+
# man 5 hosts_access for details
|
95
|
+
#
|
96
|
+
# eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1
|
97
|
+
#
|
98
|
+
# To block all services for the offending host:
|
99
|
+
#BLOCK_SERVICE = ALL
|
100
|
+
# To block only sshd:
|
101
|
+
BLOCK_SERVICE = sshd
|
102
|
+
# To only record the offending host and nothing else (if using
|
103
|
+
# an auxilary file to list the hosts). Refer to:
|
104
|
+
# http://denyhosts.sourceforge.net/faq.html#aux
|
105
|
+
#BLOCK_SERVICE =
|
106
|
+
#
|
107
|
+
#######################################################################
|
108
|
+
|
109
|
+
|
110
|
+
#######################################################################
|
111
|
+
#
|
112
|
+
# DENY_THRESHOLD_INVALID: block each host after the number of failed login
|
113
|
+
# attempts has exceeded this value. This value applies to invalid
|
114
|
+
# user login attempts (eg. non-existent user accounts)
|
115
|
+
#
|
116
|
+
DENY_THRESHOLD_INVALID = 3
|
117
|
+
#
|
118
|
+
#######################################################################
|
119
|
+
|
120
|
+
#######################################################################
|
121
|
+
#
|
122
|
+
# DENY_THRESHOLD_VALID: block each host after the number of failed
|
123
|
+
# login attempts has exceeded this value. This value applies to valid
|
124
|
+
# user login attempts (eg. user accounts that exist in /etc/passwd) except
|
125
|
+
# for the "root" user
|
126
|
+
#
|
127
|
+
DENY_THRESHOLD_VALID = 3
|
128
|
+
#
|
129
|
+
#######################################################################
|
130
|
+
|
131
|
+
#######################################################################
|
132
|
+
#
|
133
|
+
# DENY_THRESHOLD_ROOT: block each host after the number of failed
|
134
|
+
# login attempts has exceeded this value. This value applies to
|
135
|
+
# "root" user login attempts only.
|
136
|
+
#
|
137
|
+
DENY_THRESHOLD_ROOT = 2
|
138
|
+
#
|
139
|
+
#######################################################################
|
140
|
+
|
141
|
+
|
142
|
+
#######################################################################
|
143
|
+
#
|
144
|
+
# DENY_THRESHOLD_RESTRICTED: block each host after the number of failed
|
145
|
+
# login attempts has exceeded this value. This value applies to
|
146
|
+
# usernames that appear in the WORK_DIR/restricted-usernames file only.
|
147
|
+
#
|
148
|
+
DENY_THRESHOLD_RESTRICTED = 1
|
149
|
+
#
|
150
|
+
#######################################################################
|
151
|
+
|
152
|
+
|
153
|
+
#######################################################################
|
154
|
+
#
|
155
|
+
# WORK_DIR: the path that DenyHosts will use for writing data to
|
156
|
+
# (it will be created if it does not already exist).
|
157
|
+
#
|
158
|
+
# Note: it is recommended that you use an absolute pathname
|
159
|
+
# for this value (eg. /home/foo/denyhosts/data)
|
160
|
+
#
|
161
|
+
WORK_DIR = /var/lib/denyhosts
|
162
|
+
#
|
163
|
+
#######################################################################
|
164
|
+
|
165
|
+
#######################################################################
|
166
|
+
#
|
167
|
+
# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS
|
168
|
+
#
|
169
|
+
# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
|
170
|
+
# If set to YES, if a suspicious login attempt results from an allowed-host
|
171
|
+
# then it is considered suspicious. If this is NO, then suspicious logins
|
172
|
+
# from allowed-hosts will not be reported. All suspicious logins from
|
173
|
+
# ip addresses that are not in allowed-hosts will always be reported.
|
174
|
+
#
|
175
|
+
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
|
176
|
+
######################################################################
|
177
|
+
|
178
|
+
######################################################################
|
179
|
+
#
|
180
|
+
# HOSTNAME_LOOKUP
|
181
|
+
#
|
182
|
+
# HOSTNAME_LOOKUP=YES|NO
|
183
|
+
# If set to YES, for each IP address that is reported by Denyhosts,
|
184
|
+
# the corresponding hostname will be looked up and reported as well
|
185
|
+
# (if available).
|
186
|
+
#
|
187
|
+
HOSTNAME_LOOKUP=YES
|
188
|
+
#
|
189
|
+
######################################################################
|
190
|
+
|
191
|
+
|
192
|
+
######################################################################
|
193
|
+
#
|
194
|
+
# LOCK_FILE
|
195
|
+
#
|
196
|
+
# LOCK_FILE=/path/denyhosts
|
197
|
+
# If this file exists when DenyHosts is run, then DenyHosts will exit
|
198
|
+
# immediately. Otherwise, this file will be created upon invocation
|
199
|
+
# and deleted upon exit. This ensures that only one instance is
|
200
|
+
# running at a time.
|
201
|
+
#
|
202
|
+
# Redhat/Fedora:
|
203
|
+
#LOCK_FILE = /var/lock/subsys/denyhosts
|
204
|
+
#
|
205
|
+
# Debian
|
206
|
+
LOCK_FILE = /var/run/denyhosts.pid
|
207
|
+
#
|
208
|
+
# Misc
|
209
|
+
#LOCK_FILE = /tmp/denyhosts.lock
|
210
|
+
#
|
211
|
+
######################################################################
|
212
|
+
|
213
|
+
|
214
|
+
############ THESE SETTINGS ARE OPTIONAL ############
|
215
|
+
|
216
|
+
|
217
|
+
#######################################################################
|
218
|
+
#
|
219
|
+
# ADMIN_EMAIL: if you would like to receive emails regarding newly
|
220
|
+
# restricted hosts and suspicious logins, set this address to
|
221
|
+
# match your email address. If you do not want to receive these reports
|
222
|
+
# leave this field blank (or run with the --noemail option)
|
223
|
+
#
|
224
|
+
# Multiple email addresses can be delimited by a comma, eg:
|
225
|
+
# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
|
226
|
+
#
|
227
|
+
ADMIN_EMAIL = app@localhost
|
228
|
+
#
|
229
|
+
#######################################################################
|
230
|
+
|
231
|
+
#######################################################################
|
232
|
+
#
|
233
|
+
# SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email
|
234
|
+
# reports (see ADMIN_EMAIL) then these settings specify the
|
235
|
+
# email server address (SMTP_HOST) and the server port (SMTP_PORT)
|
236
|
+
#
|
237
|
+
#
|
238
|
+
SMTP_HOST = localhost
|
239
|
+
SMTP_PORT = 25
|
240
|
+
#
|
241
|
+
#######################################################################
|
242
|
+
|
243
|
+
#######################################################################
|
244
|
+
#
|
245
|
+
# SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your
|
246
|
+
# smtp email server requires authentication
|
247
|
+
#
|
248
|
+
#SMTP_USERNAME=foo
|
249
|
+
#SMTP_PASSWORD=bar
|
250
|
+
#
|
251
|
+
######################################################################
|
252
|
+
|
253
|
+
#######################################################################
|
254
|
+
#
|
255
|
+
# SMTP_FROM: you can specify the "From:" address in messages sent
|
256
|
+
# from DenyHosts when it reports thwarted abuse attempts
|
257
|
+
#
|
258
|
+
SMTP_FROM = DenyHosts <nobody@localhost>
|
259
|
+
#
|
260
|
+
#######################################################################
|
261
|
+
|
262
|
+
#######################################################################
|
263
|
+
#
|
264
|
+
# SMTP_SUBJECT: you can specify the "Subject:" of messages sent
|
265
|
+
# by DenyHosts when it reports thwarted abuse attempts
|
266
|
+
SMTP_SUBJECT = DenyHosts Report
|
267
|
+
#
|
268
|
+
######################################################################
|
269
|
+
|
270
|
+
######################################################################
|
271
|
+
#
|
272
|
+
# SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
|
273
|
+
# when sending email messages.
|
274
|
+
#
|
275
|
+
# for possible values for this parameter refer to: man strftime
|
276
|
+
#
|
277
|
+
# the default:
|
278
|
+
#
|
279
|
+
#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
|
280
|
+
#
|
281
|
+
######################################################################
|
282
|
+
|
283
|
+
######################################################################
|
284
|
+
#
|
285
|
+
# SYSLOG_REPORT
|
286
|
+
#
|
287
|
+
# SYSLOG_REPORT=YES|NO
|
288
|
+
# If set to yes, when denied hosts are recorded the report data
|
289
|
+
# will be sent to syslog (syslog must be present on your system).
|
290
|
+
# The default is: NO
|
291
|
+
#
|
292
|
+
#SYSLOG_REPORT=NO
|
293
|
+
#
|
294
|
+
#SYSLOG_REPORT=YES
|
295
|
+
#
|
296
|
+
######################################################################
|
297
|
+
|
298
|
+
######################################################################
|
299
|
+
#
|
300
|
+
# ALLOWED_HOSTS_HOSTNAME_LOOKUP
|
301
|
+
#
|
302
|
+
# ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO
|
303
|
+
# If set to YES, for each entry in the WORK_DIR/allowed-hosts file,
|
304
|
+
# the hostname will be looked up. If your versions of tcp_wrappers
|
305
|
+
# and sshd sometimes log hostnames in addition to ip addresses
|
306
|
+
# then you may wish to specify this option.
|
307
|
+
#
|
308
|
+
#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
|
309
|
+
#
|
310
|
+
######################################################################
|
311
|
+
|
312
|
+
######################################################################
|
313
|
+
#
|
314
|
+
# AGE_RESET_VALID: Specifies the period of time between failed login
|
315
|
+
# attempts that, when exceeded will result in the failed count for
|
316
|
+
# this host to be reset to 0. This value applies to login attempts
|
317
|
+
# to all valid users (those within /etc/passwd) with the
|
318
|
+
# exception of root. If not defined, this count will never
|
319
|
+
# be reset.
|
320
|
+
#
|
321
|
+
# See the comments in the PURGE_DENY section (above)
|
322
|
+
# for details on specifying this value or for complete details
|
323
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
324
|
+
#
|
325
|
+
AGE_RESET_VALID=5d
|
326
|
+
#
|
327
|
+
######################################################################
|
328
|
+
|
329
|
+
######################################################################
|
330
|
+
#
|
331
|
+
# AGE_RESET_ROOT: Specifies the period of time between failed login
|
332
|
+
# attempts that, when exceeded will result in the failed count for
|
333
|
+
# this host to be reset to 0. This value applies to all login
|
334
|
+
# attempts to the "root" user account. If not defined,
|
335
|
+
# this count will never be reset.
|
336
|
+
#
|
337
|
+
# See the comments in the PURGE_DENY section (above)
|
338
|
+
# for details on specifying this value or for complete details
|
339
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
340
|
+
#
|
341
|
+
AGE_RESET_ROOT=25d
|
342
|
+
#
|
343
|
+
######################################################################
|
344
|
+
|
345
|
+
######################################################################
|
346
|
+
#
|
347
|
+
# AGE_RESET_RESTRICTED: Specifies the period of time between failed login
|
348
|
+
# attempts that, when exceeded will result in the failed count for
|
349
|
+
# this host to be reset to 0. This value applies to all login
|
350
|
+
# attempts to entries found in the WORK_DIR/restricted-usernames file.
|
351
|
+
# If not defined, the count will never be reset.
|
352
|
+
#
|
353
|
+
# See the comments in the PURGE_DENY section (above)
|
354
|
+
# for details on specifying this value or for complete details
|
355
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
356
|
+
#
|
357
|
+
AGE_RESET_RESTRICTED=25d
|
358
|
+
#
|
359
|
+
######################################################################
|
360
|
+
|
361
|
+
|
362
|
+
######################################################################
|
363
|
+
#
|
364
|
+
# AGE_RESET_INVALID: Specifies the period of time between failed login
|
365
|
+
# attempts that, when exceeded will result in the failed count for
|
366
|
+
# this host to be reset to 0. This value applies to login attempts
|
367
|
+
# made to any invalid username (those that do not appear
|
368
|
+
# in /etc/passwd). If not defined, count will never be reset.
|
369
|
+
#
|
370
|
+
# See the comments in the PURGE_DENY section (above)
|
371
|
+
# for details on specifying this value or for complete details
|
372
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
373
|
+
#
|
374
|
+
AGE_RESET_INVALID=10d
|
375
|
+
#
|
376
|
+
######################################################################
|
377
|
+
|
378
|
+
|
379
|
+
######################################################################
|
380
|
+
#
|
381
|
+
# RESET_ON_SUCCESS: If this parameter is set to "yes" then the
|
382
|
+
# failed count for the respective ip address will be reset to 0
|
383
|
+
# if the login is successful.
|
384
|
+
#
|
385
|
+
# The default is RESET_ON_SUCCESS = no
|
386
|
+
#
|
387
|
+
RESET_ON_SUCCESS = yes
|
388
|
+
#
|
389
|
+
#####################################################################
|
390
|
+
|
391
|
+
|
392
|
+
######################################################################
|
393
|
+
#
|
394
|
+
# PLUGIN_DENY: If set, this value should point to an executable
|
395
|
+
# program that will be invoked when a host is added to the
|
396
|
+
# HOSTS_DENY file. This executable will be passed the host
|
397
|
+
# that will be added as its only argument.
|
398
|
+
#
|
399
|
+
#PLUGIN_DENY=/usr/bin/true
|
400
|
+
#
|
401
|
+
######################################################################
|
402
|
+
|
403
|
+
|
404
|
+
######################################################################
|
405
|
+
#
|
406
|
+
# PLUGIN_PURGE: If set, this value should point to an executable
|
407
|
+
# program that will be invoked when a host is removed from the
|
408
|
+
# HOSTS_DENY file. This executable will be passed the host
|
409
|
+
# that is to be purged as its only argument.
|
410
|
+
#
|
411
|
+
#PLUGIN_PURGE=/usr/bin/true
|
412
|
+
#
|
413
|
+
######################################################################
|
414
|
+
|
415
|
+
######################################################################
|
416
|
+
#
|
417
|
+
# USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain
|
418
|
+
# a regular expression that can be used to identify additional
|
419
|
+
# hackers for your particular ssh configuration. This functionality
|
420
|
+
# extends the built-in regular expressions that DenyHosts uses.
|
421
|
+
# This parameter can be specified multiple times.
|
422
|
+
# See this faq entry for more details:
|
423
|
+
# http://denyhosts.sf.net/faq.html#userdef_regex
|
424
|
+
#
|
425
|
+
#USERDEF_FAILED_ENTRY_REGEX=
|
426
|
+
#
|
427
|
+
#
|
428
|
+
######################################################################
|
429
|
+
|
430
|
+
|
431
|
+
|
432
|
+
|
433
|
+
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
|
434
|
+
|
435
|
+
|
436
|
+
|
437
|
+
#######################################################################
|
438
|
+
#
|
439
|
+
# DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)
|
440
|
+
# this is the logfile that DenyHosts uses to report its status.
|
441
|
+
# To disable logging, leave blank. (default is: /var/log/denyhosts)
|
442
|
+
#
|
443
|
+
DAEMON_LOG = /var/log/denyhosts
|
444
|
+
#
|
445
|
+
# disable logging:
|
446
|
+
#DAEMON_LOG =
|
447
|
+
#
|
448
|
+
######################################################################
|
449
|
+
|
450
|
+
#######################################################################
|
451
|
+
#
|
452
|
+
# DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode
|
453
|
+
# (--daemon flag) this specifies the timestamp format of
|
454
|
+
# the DAEMON_LOG messages (default is the ISO8061 format:
|
455
|
+
# ie. 2005-07-22 10:38:01,745)
|
456
|
+
#
|
457
|
+
# for possible values for this parameter refer to: man strftime
|
458
|
+
#
|
459
|
+
# Jan 1 13:05:59
|
460
|
+
#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
|
461
|
+
#
|
462
|
+
# Jan 1 01:05:59
|
463
|
+
#DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S
|
464
|
+
#
|
465
|
+
######################################################################
|
466
|
+
|
467
|
+
#######################################################################
|
468
|
+
#
|
469
|
+
# DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode
|
470
|
+
# (--daemon flag) this specifies the message format of each logged
|
471
|
+
# entry. By default the following format is used:
|
472
|
+
#
|
473
|
+
# %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
|
474
|
+
#
|
475
|
+
# Where the "%(asctime)s" portion is expanded to the format
|
476
|
+
# defined by DAEMON_LOG_TIME_FORMAT
|
477
|
+
#
|
478
|
+
# This string is passed to python's logging.Formatter contstuctor.
|
479
|
+
# For details on the possible format types please refer to:
|
480
|
+
# http://docs.python.org/lib/node357.html
|
481
|
+
#
|
482
|
+
# This is the default:
|
483
|
+
#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
|
484
|
+
#
|
485
|
+
#
|
486
|
+
######################################################################
|
487
|
+
|
488
|
+
|
489
|
+
#######################################################################
|
490
|
+
#
|
491
|
+
# DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)
|
492
|
+
# this is the amount of time DenyHosts will sleep between polling
|
493
|
+
# the SECURE_LOG. See the comments in the PURGE_DENY section (above)
|
494
|
+
# for details on specifying this value or for complete details
|
495
|
+
# refer to: http://denyhosts.sourceforge.net/faq.html#timespec
|
496
|
+
#
|
497
|
+
#
|
498
|
+
DAEMON_SLEEP = 1m
|
499
|
+
#
|
500
|
+
#######################################################################
|
501
|
+
|
502
|
+
#######################################################################
|
503
|
+
#
|
504
|
+
# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,
|
505
|
+
# run the purge mechanism to expire old entries in HOSTS_DENY
|
506
|
+
# This has no effect if PURGE_DENY is blank.
|
507
|
+
#
|
508
|
+
DAEMON_PURGE = 1h
|
509
|
+
#
|
510
|
+
#######################################################################
|
511
|
+
|
512
|
+
|
513
|
+
######### THESE SETTINGS ARE SPECIFIC TO ##########
|
514
|
+
######### DAEMON SYNCHRONIZATION ##########
|
515
|
+
|
516
|
+
|
517
|
+
#######################################################################
|
518
|
+
#
|
519
|
+
# Synchronization mode allows the DenyHosts daemon the ability
|
520
|
+
# to periodically send and receive denied host data such that
|
521
|
+
# DenyHosts daemons worldwide can automatically inform one
|
522
|
+
# another regarding banned hosts. This mode is disabled by
|
523
|
+
# default, you must uncomment SYNC_SERVER to enable this mode.
|
524
|
+
#
|
525
|
+
# for more information, please refer to:
|
526
|
+
# http:/denyhosts.sourceforge.net/faq.html#sync
|
527
|
+
#
|
528
|
+
#######################################################################
|
529
|
+
|
530
|
+
|
531
|
+
#######################################################################
|
532
|
+
#
|
533
|
+
# SYNC_SERVER: The central server that communicates with DenyHost
|
534
|
+
# daemons. Currently, denyhosts.net is the only available server
|
535
|
+
# however, in the future, it may be possible for organizations to
|
536
|
+
# install their own server for internal network synchronization
|
537
|
+
#
|
538
|
+
# To disable synchronization (the default), do nothing.
|
539
|
+
#
|
540
|
+
# To enable synchronization, you must uncomment the following line:
|
541
|
+
#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
|
542
|
+
#
|
543
|
+
#######################################################################
|
544
|
+
|
545
|
+
#######################################################################
|
546
|
+
#
|
547
|
+
# SYNC_INTERVAL: the interval of time to perform synchronizations if
|
548
|
+
# SYNC_SERVER has been uncommented. The default is 1 hour.
|
549
|
+
#
|
550
|
+
#SYNC_INTERVAL = 1h
|
551
|
+
#
|
552
|
+
#######################################################################
|
553
|
+
|
554
|
+
|
555
|
+
#######################################################################
|
556
|
+
#
|
557
|
+
# SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have
|
558
|
+
# been denied? This option only applies if SYNC_SERVER has
|
559
|
+
# been uncommented.
|
560
|
+
# The default is SYNC_UPLOAD = yes
|
561
|
+
#
|
562
|
+
#SYNC_UPLOAD = no
|
563
|
+
#SYNC_UPLOAD = yes
|
564
|
+
#
|
565
|
+
#######################################################################
|
566
|
+
|
567
|
+
|
568
|
+
#######################################################################
|
569
|
+
#
|
570
|
+
# SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have
|
571
|
+
# been denied by others? This option only applies if SYNC_SERVER has
|
572
|
+
# been uncommented.
|
573
|
+
# The default is SYNC_DOWNLOAD = yes
|
574
|
+
#
|
575
|
+
#SYNC_DOWNLOAD = no
|
576
|
+
#SYNC_DOWNLOAD = yes
|
577
|
+
#
|
578
|
+
#
|
579
|
+
#
|
580
|
+
#######################################################################
|
581
|
+
|
582
|
+
#######################################################################
|
583
|
+
#
|
584
|
+
# SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter
|
585
|
+
# filters the returned hosts to those that have been blocked this many
|
586
|
+
# times by others. That is, if set to 1, then if a single DenyHosts
|
587
|
+
# server has denied an ip address then you will receive the denied host.
|
588
|
+
#
|
589
|
+
# See also SYNC_DOWNLOAD_RESILIENCY
|
590
|
+
#
|
591
|
+
#SYNC_DOWNLOAD_THRESHOLD = 10
|
592
|
+
#
|
593
|
+
# The default is SYNC_DOWNLOAD_THRESHOLD = 3
|
594
|
+
#
|
595
|
+
#SYNC_DOWNLOAD_THRESHOLD = 3
|
596
|
+
#
|
597
|
+
#######################################################################
|
598
|
+
|
599
|
+
#######################################################################
|
600
|
+
#
|
601
|
+
# SYNC_DOWNLOAD_RESILIENCY: If SYNC_DOWNLOAD is enabled then the
|
602
|
+
# value specified for this option limits the downloaded data
|
603
|
+
# to this resiliency period or greater.
|
604
|
+
#
|
605
|
+
# Resiliency is defined as the timespan between a hackers first known
|
606
|
+
# attack and its most recent attack. Example:
|
607
|
+
#
|
608
|
+
# If the centralized denyhosts.net server records an attack at 2 PM
|
609
|
+
# and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h
|
610
|
+
# will not download this ip address.
|
611
|
+
#
|
612
|
+
# However, if the attacker is recorded again at 6:15 PM then the
|
613
|
+
# ip address will be downloaded by your DenyHosts instance.
|
614
|
+
#
|
615
|
+
# This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD
|
616
|
+
# and only hosts that satisfy both values will be downloaded.
|
617
|
+
# This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1
|
618
|
+
#
|
619
|
+
# The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)
|
620
|
+
#
|
621
|
+
# Only obtain hackers that have been at it for 2 days or more:
|
622
|
+
#SYNC_DOWNLOAD_RESILIENCY = 2d
|
623
|
+
#
|
624
|
+
# Only obtain hackers that have been at it for 5 hours or more:
|
625
|
+
#SYNC_DOWNLOAD_RESILIENCY = 5h
|
626
|
+
#
|
627
|
+
#######################################################################
|
628
|
+
|