Main settings (kor-elf-shield.toml)

By default, the main settings are located here:

/etc/kor-elf-shield/kor-elf-shield.toml

But the program can also be started via a flag --config and specify your path. For example:

kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml start

It is necessary to make changes to /etc/systemd/system/kor-elf-shield.service

[Unit]
Description=kor-elf-shield
After=network.target

[Service]
-ExecStart=/usr/sbin/kor-elf-shield start
-ExecStop=/usr/sbin/kor-elf-shield stop
+ExecStart=/usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml start
+ExecStop=/usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml stop

[Install]
WantedBy=sysinit.target

And edit it /etc/kor-elf-shield.logrotate

/var/log/kor-elf-shield.log {
    rotate 3
    weekly
    compress
    maxsize 100M
    missingok
    notifempty
    postrotate
-        /usr/sbin/kor-elf-shield reopen_logger
+        /usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml reopen_logger
    endscript
}

A copy of the full settings file (kor-elf-shield.toml) is located here.

There are several sections in this file:


Basic settings

These settings should be located at the beginning of the file before the sections: "Log", "OS-specific settings", "Paths to other settings".

Parameter testing
Meaning true or false
By default true
Description Enables the test mode. If the test mode is enabled, then after the minutes specified in the parameter "testing_interval", the nftables rule cleanup program will shut down.
true  - includes
false - turns it off
Examples
testing = true
testing = false
Parameter testing_interval
Meaning from 1 to 30,000
By default 5
Description Specify in minutes how long the program running in test mode will shut down.
Examples
testing_interval = 1
testing_interval = 5
testing_interval = 60
testing_interval = 30000
Parameter language
Meaning ru, kk, en
By default ru
Description We specify the language. Does not affect logs. Logs are written in English.
Currently, the following languages are supported:
ru  - Russian
kk - Kazakh
en - English
Examples
language = "ru"
language = "kk"
language = "en"
Parameter fallback_language
Meaning ru, kk, en
By default ru
Description The second language, in case the current language doesn't have a translation. All the values that the parameter has are availablelanguage. But we recommend that you specify "ru"or "en".
Examples
language = "ru"
language = "en"
Parameter pid_file
Meaning Specifying the path to the file
By default /var/run/kor-elf-shield/kor-elf-shield.pid
Description The path where the pid file will be created. The path must be absolute. The relative path will cause an error! It must be indicated at the end .pid.
Examples
pid_file = "/var/run/kor-elf-shield/kor-elf-shield.pid"
Parameter socket_file
Meaning Specifying the path to the file
By default /var/run/kor-elf-shield/kor-elf-shield.sock
Description The path where the socket file will be created. The path must be absolute. The relative path will cause an error! It must be indicated at the end .sock.
Examples
socket_file = "/var/run/kor-elf-shield/kor-elf-shield.sock"
Parameter data_dir
Meaning Specifying the path to the directory
By default /var/lib/kor-elf-shield/
Description Directory for permanent application data (state): local database, cache/indexes, status files and other service files. It must be writable by the user on whose behalf the daemon is running. If the folder does not exist, it will be created.
Examples
data_dir = "/var/lib/kor-elf-shield/"

Log

Specify the parameters for this section first [log], and then specify the other parameters of this section. Example:

[log]
enabled = true
level = "info"
Parameter enabled
Meaning true or false
By default true
Description Includes logs.
true  - includes
false - turns it off
Examples
enabled = true
enabled = false
***
Parameter level
Meaning debug, info, warn, error, fatal
By default info
Description Logging level:
debug - Logs are for debugging and it is recommended not to select them in production.
info  - Detailed management of the lair. Records information about starting, stopping, etc.
warn - Warnings about potentially problematic situations that do not interfere with the operation of the application, but require attention.
error - Errors that occurred during operation, but did not cause the program to stop.
fatal - Critical errors, after which the program will shut down.
Examples
level = "debug"
level = "info"
level = "warn"
level = "error"
level = "fatal"
***
Parameter development
Meaning true or false
By default false
Description It is needed for debugging in test environments. It productionshould always be turned off.
true  - includes
false - turns it off
Examples
development = false
development = true
***
Parameter encoding
Meaning json or text
By default json
Description In what format should the data be written to the log?:
json - In the format json.
text - In plain text format. Each parameter in the log will be separated by a space. (not recommended)
Examples
encoding = json
encoding = text
***
Parameter paths
Meaning Specifying the paths to the log
By default ["/var/log/kor-elf-shield.log"]
Description A list of locations for the main logs. You can specify several paths. The path must be absolute. The relative path will cause an error! It must be indicated at the end .log.
The exception "stdout" and "stderr" is the output of data to the console.

If we change the standard value, we recommend that you view and edit the file /etc/logrotate.d/kor-elf-shield to the new paths.
Examples
paths = ["/var/log/kor-elf-shield.log"]
paths = ["/var/log/kor-elf-shield.log", "stdout"]
paths = ["/var/log/kor-elf-shield.log", "/mnt/other-server/kor-elf-shield.log", "stdout"]
***
Parameter log_error_paths
Meaning Specifying the paths to the log
By default ["stderr"]
Description A list of locations for logging errors. For example, the logger could not record some data. You can specify several paths. The path must be absolute. The relative path will cause an error! It must be indicated at the end .log.
The exception "stdout" and "stderr" is the output of data to the console.

If we change the standard value, we recommend that you view and edit the file /etc/logrotate.d/kor-elf-shield to the new paths.
Examples
paths = ["stderr"]
paths = ["/var/log/kor-elf-shield-error.log", "stderr"]
paths = ["/var/log/kor-elf-shield-error.log", "/mnt/other-server/kor-elf-shield-error.log", "stderr"]

OS-specific settings

Specify the parameters for this section first [binaryLocations], and then specify the other parameters of this section. Example:

[binaryLocations]
nftables = "/usr/sbin/nft"
Parameter nftables
Meaning Specifying the path tonftables
By default /usr/sbin/nft
Description Specify the path to. nftables Perhaps the path may be different in your OS.
Examples
nftables = "/usr/sbin/nft"
***
Parameter journalctl
Meaning Specifying the path to journalctl
By default /bin/journalctl
Description Specify the path to. journalctl Perhaps the path may be different in your OS.
Examples
journalctl = "/bin/journalctl"
***
Parameter docker
Meaning Specifying the path to docker
By default /usr/bin/docker
Description Specify the path to. docker Perhaps the path may be different in your OS.
Examples
docker = "/usr/bin/docker"

Paths to other settings

Specify the parameters for this section first [otherSettingsPath], and then specify the other parameters of this section. Example:

[otherSettingsPath]
firewall = "/etc/kor-elf-shield/firewall.toml"
Parameter firewall
Meaning Specifying the path to the settings forfirewall
By default /etc/kor-elf-shield/firewall.toml
Description Specify the path to the firewall settings. In these settings, we specify which ports to open or close. Which IP addresses should be blocked or vice versa, so that they would never be blocked. The path must be absolute. The relative path will cause an error! It must be indicated at the end .toml.
You firewallcan read about the settings here.
Examples
firewall = "/etc/kor-elf-shield/firewall.toml"
***
Parameter analyzer
Meaning Specifying the path to the settings for analyzer
By default /etc/kor-elf-shield/analyzer.toml
Description Specify the path to the log parsing settings. There you can set up password brute force protection or set up an alert for an anomaly in the logs. The path must be absolute. The relative path will cause an error! It must be indicated at the end .toml.
Log parsing settings can be found here.
Examples
analyzer = "/etc/kor-elf-shield/analyzer.toml"
***
Parameter notifications
Meaning Specifying the path to the settings for notifications
By default /etc/kor-elf-shield/notifications.toml
Description Specify the path to the notification settings. The path must be absolute. The relative path will cause an error! It must be indicated at the end .toml.
You can read about notification settings here.
Examples
notifications = "/etc/kor-elf-shield/notifications.toml"
***
Parameter docker
Meaning Specifying the path to the settings for docker
By default /etc/kor-elf-shield/docker.toml
Description Specify the path to the settings docker. The path must be absolute. The relative path will cause an error! It must be indicated at the end .toml.
You can read about notification settings here.
Examples
docker = "/etc/kor-elf-shield/docker.toml"
***
Parameter blocklists
Meaning Specifying the path to the settings for blocklists
By default /etc/kor-elf-shield/blocklists.toml
Description Specify the path to the settings to get lists of IP addresses to block. The relative path will cause an error! It must be indicated at the end .toml.
You can read about the settings here.
Examples
blocklists = "/etc/kor-elf-shield/blocklists.toml"
***
Parameter geoip
Meaning Specifying the path to the settings for geoip
By default /etc/kor-elf-shield/geoip.toml
Description Specify the path to the settings for receiving IP address data. The relative path will cause an error! It must be indicated at the end .toml.
You can read about the settings here.
Examples
geoip = "/etc/kor-elf-shield/geoip.toml"