Main settings (kor-elf-shield.toml)
By default, the main settings are located here:
/etc/kor-elf-shield/kor-elf-shield.toml
But the program can also be started via a flag --config and specify your path. For example:
kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml start
It is necessary to make changes to /etc/systemd/system/kor-elf-shield.service
[Unit]
Description=kor-elf-shield
After=network.target
[Service]
-ExecStart=/usr/sbin/kor-elf-shield start
-ExecStop=/usr/sbin/kor-elf-shield stop
+ExecStart=/usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml start
+ExecStop=/usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml stop
[Install]
WantedBy=sysinit.target
And edit it /etc/kor-elf-shield.logrotate
/var/log/kor-elf-shield.log {
rotate 3
weekly
compress
maxsize 100M
missingok
notifempty
postrotate
- /usr/sbin/kor-elf-shield reopen_logger
+ /usr/sbin/kor-elf-shield --config=/my/path/configs/kor-elf-shield.toml reopen_logger
endscript
}
A copy of the full settings file (kor-elf-shield.toml) is located here.
There are several sections in this file:
Basic settings
These settings should be located at the beginning of the file before the sections: "Log", "OS-specific settings", "Paths to other settings".
| Parameter | testing |
| Meaning | true or false |
| By default | true |
| Description | Enables the test mode. If the test mode is enabled, then after the minutes specified in the parameter "testing_interval", the nftables rule cleanup program will shut down. true - includes false - turns it off |
| Examples |
|
| Parameter | testing_interval |
| Meaning | from 1 to 30,000 |
| By default | 5 |
| Description | Specify in minutes how long the program running in test mode will shut down. |
| Examples |
|
| Parameter | language |
| Meaning | ru, kk, en |
| By default | ru |
| Description | We specify the language. Does not affect logs. Logs are written in English. Currently, the following languages are supported: ru - Russian kk - Kazakh en - English |
| Examples |
|
| Parameter | fallback_language |
| Meaning | ru, kk, en |
| By default | ru |
| Description | The second language, in case the current language doesn't have a translation. All the values that the parameter has are availablelanguage. But we recommend that you specify "ru"or "en". |
| Examples |
|
| Parameter | pid_file |
| Meaning | Specifying the path to the file |
| By default | /var/run/kor-elf-shield/kor-elf-shield.pid |
| Description | The path where the pid file will be created. The path must be absolute. The relative path will cause an error! It must be indicated at the end .pid. |
| Examples |
|
| Parameter | socket_file |
| Meaning | Specifying the path to the file |
| By default | /var/run/kor-elf-shield/kor-elf-shield.sock |
| Description | The path where the socket file will be created. The path must be absolute. The relative path will cause an error! It must be indicated at the end .sock. |
| Examples |
|
| Parameter | data_dir |
| Meaning | Specifying the path to the directory |
| By default | /var/lib/kor-elf-shield/ |
| Description | Directory for permanent application data (state): local database, cache/indexes, status files and other service files. It must be writable by the user on whose behalf the daemon is running. If the folder does not exist, it will be created. |
| Examples |
|
Log
Specify the parameters for this section first [log], and then specify the other parameters of this section. Example:
[log]
enabled = true
level = "info"
| Parameter | enabled |
| Meaning | true or false |
| By default | true |
| Description | Includes logs. true - includes false - turns it off |
| Examples |
|
| *** | |
|---|---|
| Parameter | level |
| Meaning | debug, info, warn, error, fatal |
| By default | info |
| Description | Logging level: debug - Logs are for debugging and it is recommended not to select them in production. info - Detailed management of the lair. Records information about starting, stopping, etc. warn - Warnings about potentially problematic situations that do not interfere with the operation of the application, but require attention. error - Errors that occurred during operation, but did not cause the program to stop. fatal - Critical errors, after which the program will shut down. |
| Examples |
|
| *** | |
| Parameter | development |
| Meaning | true or false |
| By default | false |
| Description | It is needed for debugging in test environments. It productionshould always be turned off. true - includes false - turns it off |
| Examples |
|
| *** | |
| Parameter | encoding |
| Meaning | json or text |
| By default | json |
| Description | In what format should the data be written to the log?: json - In the format json. text - In plain text format. Each parameter in the log will be separated by a space. (not recommended) |
| Examples |
|
| *** | |
| Parameter | paths |
| Meaning | Specifying the paths to the log |
| By default | ["/var/log/kor-elf-shield.log"] |
| Description | A list of locations for the main logs. You can specify several paths. The path must be absolute. The relative path will cause an error! It must be indicated at the end .log. The exception "stdout" and "stderr" is the output of data to the console. If we change the standard value, we recommend that you view and edit the file /etc/logrotate.d/kor-elf-shield to the new paths. |
| Examples |
|
| *** | |
| Parameter | log_error_paths |
| Meaning | Specifying the paths to the log |
| By default | ["stderr"] |
| Description | A list of locations for logging errors. For example, the logger could not record some data. You can specify several paths. The path must be absolute. The relative path will cause an error! It must be indicated at the end .log. The exception "stdout" and "stderr" is the output of data to the console. If we change the standard value, we recommend that you view and edit the file /etc/logrotate.d/kor-elf-shield to the new paths. |
| Examples |
|
OS-specific settings
Specify the parameters for this section first [binaryLocations], and then specify the other parameters of this section. Example:
[binaryLocations]
nftables = "/usr/sbin/nft"
| Parameter | nftables |
| Meaning | Specifying the path tonftables |
| By default | /usr/sbin/nft |
| Description | Specify the path to. nftables Perhaps the path may be different in your OS. |
| Examples |
|
| *** | |
|---|---|
| Parameter | journalctl |
| Meaning | Specifying the path to journalctl |
| By default | /bin/journalctl |
| Description | Specify the path to. journalctl Perhaps the path may be different in your OS. |
| Examples |
|
| *** | |
| Parameter | docker |
| Meaning | Specifying the path to docker |
| By default | /usr/bin/docker |
| Description | Specify the path to. docker Perhaps the path may be different in your OS. |
| Examples |
|
Paths to other settings
Specify the parameters for this section first [otherSettingsPath], and then specify the other parameters of this section. Example:
[otherSettingsPath]
firewall = "/etc/kor-elf-shield/firewall.toml"
| Parameter | firewall |
| Meaning | Specifying the path to the settings forfirewall |
| By default | /etc/kor-elf-shield/firewall.toml |
| Description | Specify the path to the firewall settings. In these settings, we specify which ports to open or close. Which IP addresses should be blocked or vice versa, so that they would never be blocked. The path must be absolute. The relative path will cause an error! It must be indicated at the end .toml. You firewallcan read about the settings here. |
| Examples |
|
| *** | |
|---|---|
| Parameter | analyzer |
| Meaning | Specifying the path to the settings for analyzer |
| By default | /etc/kor-elf-shield/analyzer.toml |
| Description | Specify the path to the log parsing settings. There you can set up password brute force protection or set up an alert for an anomaly in the logs. The path must be absolute. The relative path will cause an error! It must be indicated at the end .toml. Log parsing settings can be found here. |
| Examples |
|
| *** | |
| Parameter | notifications |
| Meaning | Specifying the path to the settings for notifications |
| By default | /etc/kor-elf-shield/notifications.toml |
| Description | Specify the path to the notification settings. The path must be absolute. The relative path will cause an error! It must be indicated at the end .toml. You can read about notification settings here. |
| Examples |
|
| *** | |
| Parameter | docker |
| Meaning | Specifying the path to the settings for docker |
| By default | /etc/kor-elf-shield/docker.toml |
| Description | Specify the path to the settings docker. The path must be absolute. The relative path will cause an error! It must be indicated at the end .toml. You can read about notification settings here. |
| Examples |
|
| *** | |
| Parameter | blocklists |
| Meaning | Specifying the path to the settings for blocklists |
| By default | /etc/kor-elf-shield/blocklists.toml |
| Description | Specify the path to the settings to get lists of IP addresses to block. The relative path will cause an error! It must be indicated at the end .toml. You can read about the settings here. |
| Examples |
|
| *** | |
| Parameter | geoip |
| Meaning | Specifying the path to the settings for geoip |
| By default | /etc/kor-elf-shield/geoip.toml |
| Description | Specify the path to the settings for receiving IP address data. The relative path will cause an error! It must be indicated at the end .toml. You can read about the settings here. |
| Examples |
|