����JFIFXX�����    $.' ",#(7),01444'9=82<.342  2!!22222222222222222222222222222222222222222222222222����"��4�� ���,�PG"Z_�4�˷����kjز�Z�,F+��_z�,�© �����zh6�٨�ic�fu���#ډb���_�N�?��wQ���5-�~�I���8����TK<5o�Iv-�����k�_U_�����~b�M��d����Ӝ�U�Hh��?]��E�w��Q���k�{��_}qFW7HTՑ��Y��F�?_�'ϔ��_�Ջt��=||I ��6�έ"�����D���/[�k�9���Y�8ds|\���Ҿp6�Ҵ���]��.����6�z<�v��@]�i%��$j��~�g��J>��no����pM[me�i$[����s�o�ᘨ�˸ nɜG-�ĨU�ycP�3.DB�li�;��hj���x7Z^�N�h������N3u{�:j�x�힞��#M&��jL P@_���� P��&��o8������9�����@Sz6�t7#O�ߋ �s}Yf�T���lmr����Z)'N��k�۞p����w\�Tȯ?�8`�O��i{wﭹW�[�r�� ��Q4F�׊���3m&L�=��h3����z~��#�\�l :�F,j@�� ʱ�wQT����8�"kJO���6�֚l����}���R�>ډK���]��y����&����p�}b��;N�1�m�r$�|��7�>e�@B�TM*-iH��g�D�)� E�m�|�ؘbҗ�a��Ҿ����t4���o���G��*oCN�rP���Q��@z,|?W[0�����:�n,jWiE��W��$~/�hp\��?��{(�0���+�Y8rΟ�+����>S-S����VN;�}�s?.����� w�9��˟<���Mq4�Wv'��{)0�1mB��V����W[�����8�/<� �%���wT^�5���b��)iM� pg�N�&ݝ��VO~�q���u���9� ����!��J27����$O-���! �:�%H��� ـ����y�ΠM=t{!S�� oK8������t<����è:a������[�����ա�H���~��w��Qz`�po�^ ����Q��n� �,uu�C�$ ^���,������8�#��:�6��e�|~���!�3�3.�\0��q��o�4`.|� ����y�Q�`~;�d�ׯ,��O�Zw�������`73�v�܋�<���Ȏ�� ـ4k��5�K�a�u�=9Yd��$>x�A�&�� j0� ���vF��� Y�|�y��� ~�6�@c��1vOp�Ig����4��l�OD���L����� R���c���j�_�uX6��3?nk��Wy�f;^*B� ��@�~a�`��Eu������+���6�L��.ü>��}y���}_�O�6�͐�:�YrG�X��kG�����l^w���~㒶sy��Iu�!� W ��X��N�7BV��O��!X�2����wvG�R�f�T#�����t�/?���%8�^�W�aT��G�cL�M���I��(J����1~�8�?aT ���]����AS�E��(��*E}� 2��#I/�׍qz��^t�̔���b�Yz4x���t�){ OH��+(E��A&�N�������XT��o��"�XC��'���)}�J�z�p� ��~5�}�^����+�6����w��c��Q�|Lp�d�H��}�(�.|����k��c4^�"�����Z?ȕ ��a<�L�!039C� �Eu�C�F�Ew�ç ;�n?�*o���B�8�bʝ���'#Rqf���M}7����]����s2tcS{�\icTx;�\��7K���P���ʇ Z O-��~��c>"��?�������P��E��O�8��@�8��G��Q�g�a�Վ���󁶠�䧘��_%#r�>�1�z�a��eb��qcPѵ��n���#L��� =��׀t� L�7�`��V���A{�C:�g���e@�w1 Xp3�c3�ġ����p��M"'-�@n4���fG��B3�DJ�8[Jo�ߐ���gK)ƛ��$���� ���8�3�����+���� �����6�ʻ���� ���S�kI�*KZlT _`���?��K����QK�d����B`�s}�>���`��*�>��,*@J�d�oF*����弝��O}�k��s��]��y�ߘ��c1G�V���<=�7��7����6�q�PT��tXԀ�!9*4�4Tހ3XΛex�46���Y��D ����� �BdemDa����\�_l,��G�/���֌7���Y�](�xTt^%�GE�����4�}bT���ڹ�����;Y)���B�Q��u��>J/J �⮶.�XԄ��j�ݳ�+E��d ��r�5�_D�1 ��o�� �B�x�΢�#���<��W�����8���R6�@g�M�.��� dr�D��>(otU��@x=��~v���2� ӣ�d�oBd��3�eO�6�㣷�����ݜ6��6Y��Qz`��S��{���\P�~z m5{J/L��1������<�e�ͅPu�b�]�ϔ���'������f�b� Zpw��c`"��i���BD@:)ִ�:�]��hv�E�w���T�l��P���"Ju�}��وV J��G6��. J/�Qgl߭�e�����@�z�Zev2u�)]կ�����7x���s�M�-<ɯ�c��r�v�����@��$�ޮ}lk���a���'����>x��O\�ZFu>�����ck#��&:��`�$�ai�>2Δ����l���oF[h��lE�ܺ�Πk:)���`�� $[6�����9�����kOw�\|���8}������ބ:��񶐕��I�A1/�=�2[�,�!��.}gN#�u����b��� ~��݊��}34q����d�E��Lc��$��"�[q�U�硬g^��%B �z���r�pJ�ru%v\h1Y�ne`ǥ:g���pQM~�^�Xi� ��`S�:V29.�P���V�?B�k�� AEvw%�_�9C�Q����wKekPؠ�\�;Io d�{ ߞo�c1eP����\� `����E=���@K<�Y���eڼ�J���w����{av�F�'�M�@/J��+9p���|]�����Iw &`��8���&M�hg��[�{��Xj��%��Ӓ�$��(����ʹN���<>�I���RY���K2�NPlL�ɀ)��&e����B+ь����( � �JTx���_?EZ� }@ 6�U���뙢ط�z��dWI�n` D����噥�[��uV��"�G&Ú����2g�}&m��?ċ�"����Om#��������� ��{�ON��"S�X��Ne��ysQ���@Fn��Vg���dX�~nj�]J�<�K]:��FW��b�������62�=��5f����JKw��bf�X�55��~J �%^����:�-�QIE��P��v�nZum� z � ~ə ���� ���ة����;�f��\v���g�8�1��f24;�V���ǔ�)����9���1\��c��v�/'Ƞ�w�������$�4�R-��t���� e�6�/�ġ �̕Ecy�J���u�B���<�W�ַ~�w[B1L۲�-JS΂�{���΃������A��20�c#��@ 0!1@AP"#2Q`$3V�%45a6�FRUq��� ����^7ׅ,$n�������+��F�`��2X'��0vM��p�L=������5��8������u�p~���.�`r�����\���O��,ư�0oS ��_�M�����l���4�kv\JSd���x���SW�<��Ae�IX����������$I���w�:S���y���›R��9�Q[���,�5�;�@]�%���u�@ *ro�lbI �� ��+���%m:�͇ZV�����u�̉����θau<�fc�.����{�4Ա� �Q����*�Sm��8\ujqs]{kN���)qO�y�_*dJ�b�7���yQqI&9�ԌK!�M}�R�;������S�T���1���i[U�ɵz�]��U)V�S6���3$K{�ߊ<�(� E]Զ[ǼENg�����'�\?#)Dkf��J���o��v���'�%ƞ�&K�u�!��b�35LX�Ϸ��63$K�a�;�9>,R��W��3�3� d�JeTYE.Mϧ��-�o�j3+y��y^�c�������VO�9NV\nd�1 ��!͕_)a�v;����թ�M�lWR1��)El��P;��yوÏ�u 3�k�5Pr6<�⒲l�!˞*��u־�n�!�l:����UNW ��%��Chx8vL'��X�@��*��)���̮��ˍ��� ���D-M�+J�U�kvK����+�x8��cY������?�Ԡ��~3mo��|�u@[XeY�C�\Kp�x8�oC�C�&����N�~3-H���� ��MX�s�u<`���~"WL��$8ξ��3���a�)|:@�m�\���^�`�@ҷ)�5p+��6���p�%i)P M���ngc�����#0Aruz���RL+xSS?���ʮ}()#�t��mˇ!��0}}y����<�e� �-ή�Ԩ��X������ MF���ԙ~l L.3���}�V뽺�v�����멬��Nl�)�2����^�Iq��a��M��qG��T�����c3#������3U�Ǎ���}��לS�|qa��ڃ�+���-��2�f����/��bz��ڐ�� �ݼ[2�ç����k�X�2�* �Z�d���J�G����M*9W���s{��w���T��x��y,�in�O�v��]���n����P�$�JB@=4�OTI�n��e�22a\����q�d���%�$��(���:���: /*�K[PR�fr\nڙdN���F�n�$�4�[�� U�zƶ����� �mʋ���,�ao�u 3�z� �x��Kn����\[��VFmbE;�_U��&V�Gg�]L�۪&#n%�$ɯ�dG���D�TI=�%+AB�Ru#��b4�1�»x�cs�YzڙJG��f��Il��d�eF'T� iA��T���uC�$����Y��H?����[!G`}���ͪ� �纤Hv\������j�Ex�K���!���OiƸ�Yj�+u-<���'q����uN�*�r\��+�]���<�wOZ.fp�ێ��,-*)V?j-kÊ#�`�r��dV����(�ݽBk�����G�ƛk�QmUڗe��Z���f}|����8�8��a���i��3'J�����~G_�^���d�8w������ R�`(�~�.��u���l�s+g�bv���W���lGc}��u���afE~1�Ue������Z�0�8�=e�� f@/�jqEKQQ�J��oN��J���W5~M>$6�Lt�;$ʳ{���^��6�{����v6���ķܰg�V�cnn �~z�x�«�,2�u�?cE+Ș�H؎�%�Za�)���X>uW�Tz�Nyo����s���FQƤ��$��*�&�LLXL)�1�" L��eO��ɟ�9=���:t��Z���c��Ž���Y?�ӭV�wv�~,Y��r�ۗ�|�y��GaF�����C�����.�+� ���v1���fήJ�����]�S��T��B��n5sW}y�$��~z�'�c ��8 ��� ,! �p��VN�S��N�N�q��y8z˱�A��4��*��'������2n<�s���^ǧ˭P�Jޮɏ�U�G�L�J�*#��<�V��t7�8����TĜ>��i}K%,���)[��z�21z ?�N�i�n1?T�I�R#��m-�����������������1����lA�`��fT5+��ܐ�c�q՝��ʐ��,���3�f2U�եmab��#ŠdQ�y>\��)�SLY����w#��.���ʑ�f��� ,"+�w�~�N�'�c�O�3F�������N<���)j��&��,-� �љ���֊�_�zS���TǦ����w�>��?�������n��U仆�V���e�����0���$�C�d���rP �m�׈e�Xm�Vu� �L��.�bֹ��� �[Դaզ���*��\y�8�Է:�Ez\�0�Kq�C b��̘��cө���Q��=0Y��s�N��S.���3.���O�o:���#���v7�[#߫ ��5�܎�L���Er4���9n��COWlG�^��0k�%<���ZB���aB_���������'=��{i�v�l�$�uC���mƎҝ{�c㱼�y]���W�i ��ߧc��m�H� m�"�"�����;Y�ߝ�Z�Ǔ�����:S#��|}�y�,/k�Ld� TA�(�AI$+I3��;Y*���Z��}|��ӧO��d�v��..#:n��f>�>���ȶI�TX��� 8��y����"d�R�|�)0���=���n4��6ⲑ�+��r<�O�܂~zh�z����7ܓ�HH�Ga롏���nCo�>������a ���~]���R���̲c?�6(�q�;5%� |�uj�~z8R=X��I�V=�|{v�Gj\gc��q����z�؋%M�ߍ����1y��#��@f^���^�>N�����#x#۹��6�Y~�?�dfPO��{��P�4��V��u1E1J �*|���%���JN��`eWu�zk M6���q t[�� ��g�G���v��WIG��u_ft����5�j�"�Y�:T��ɐ���*�;� e5���4����q$C��2d�}���� _S�L#m�Yp��O�.�C�;��c����Hi#֩%+) �Ӎ��ƲV���SYź��g |���tj��3�8���r|���V��1#;.SQ�A[���S������#���`n�+���$��$I �P\[�@�s��(�ED�z���P��])8�G#��0B��[ى��X�II�q<��9�~[Z멜�Z�⊔IWU&A>�P~�#��dp<�?����7���c��'~���5 ��+$���lx@�M�dm��n<=e�dyX��?{�|Aef ,|n3�<~z�ƃ�uۧ�����P��Y,�ӥQ�*g�#먙R�\���;T��i,��[9Qi歉����c>]9�� ��"�c��P�� �Md?٥��If�ت�u��k��/����F��9�c*9��Ǎ:�ØF���z�n*�@|I�ށ9����N3{'��[�'ͬ�Ҳ4��#}��!�V� Fu��,�,mTIk���v C�7v���B�6k�T9��1�*l� '~��ƞF��lU��'�M ����][ΩũJ_�{�i�I�n��$���L�� j��O�dx�����kza۪��#�E��Cl����x˘�o�����V���ɞ�ljr��)�/,�߬h�L��#��^��L�ф�,íMƁe�̩�NB�L�����iL����q�}��(��q��6IçJ$�W�E$��:������=#����(�K�B����zђ <��K(�N�۫K�w��^O{!����)�H���>x�������lx�?>Պ�+�>�W���,Ly!_�D���Ō�l���Q�!�[ �S����J��1��Ɛ�Y}��b,+�Lo�x�ɓ)����=�y�oh�@�꥟/��I��ѭ=��P�y9��� �ۍYӘ�e+�p�Jnϱ?V\SO%�(�t� ���=?MR�[Ș�����d�/ ��n�l��B�7j� ��!�;ӥ�/�[-���A�>�dN�sLj ��,ɪv��=1c�.SQ�O3�U���ƀ�ܽ�E����������̻��9G�ϷD�7(�}��Ävӌ\�y�_0[w ���<΍>����a_��[0+�L��F.�޺��f�>oN�T����q;���y\��bՃ��y�jH�<|q-eɏ�_?_9+P���Hp$�����[ux�K w�Mw��N�ی'$Y2�=��q���KB��P��~������Yul:�[<����F1�2�O���5=d����]Y�sw:���Ϯ���E��j,_Q��X��z`H1,#II ��d�wr��P˂@�ZJV����y$�\y�{}��^~���[:N����ߌ�U�������O��d�����ؾe��${p>G��3c���Ė�lʌ�� ת��[��`ϱ�-W����dg�I��ig2��� ��}s ��ؤ(%#sS@���~���3�X�nRG�~\jc3�v��ӍL��M[JB�T��s3}��j�Nʖ��W����;7��ç?=X�F=-�=����q�ߚ���#���='�c��7���ڑW�I(O+=:uxq�������������e2�zi+�kuG�R��������0�&e�n���iT^J����~\jy���p'dtG��s����O��3����9* �b#Ɋ�� p������[Bws�T�>d4�ۧs���nv�n���U���_�~,�v����ƜJ1��s�� �QIz��)�(lv8M���U=�;����56��G���s#�K���MP�=��LvyGd��}�VwWBF�'�à �?MH�U�g2�� ����!�p�7Q��j��ڴ����=��j�u��� Jn�A s���uM������e��Ɔ�Ҕ�!)'��8Ϣ�ٔ��ޝ(��Vp���צ֖d=�IC�J�Ǡ{q������kԭ�߸���i��@K����u�|�p=..�*+����x�����z[Aqġ#s2a�Ɗ���RR�)*HRsi�~�a &f��M��P����-K�L@��Z��Xy�'x�{}��Zm+���:�)�) IJ�-i�u���� ���ܒH��'�L(7�y�GӜq���� j��� 6ߌg1�g�o���,kر���tY�?W,���p���e���f�OQS��!K�۟cҒA�|ս�j�>��=⬒��˧L[�� �߿2JaB~R��u�:��Q�] �0H~���]�7��Ƽ�I���(}��cq '�ήET���q�?f�ab���ӥvr� �)o��-Q��_'����ᴎo��K������;��V���o��%���~OK ����*��b�f:���-ťIR��`B�5!RB@���ï�� �u �̯e\�_U�_������� g�ES��3�������QT��a����x����U<~�c?�*�#]�MW,[8O�a�x��]�1bC|踤�P��lw5V%�)�{t�<��d��5���0i�XSU��m:��Z�┵�i�"��1�^B�-��P�hJ��&)O��*�D��c�W��vM��)����}���P��ܗ-q����\mmζZ-l@�}��a��E�6��F�@��&Sg@���ݚ�M����� ȹ 4����#p�\H����dYDo�H���"��\��..R�B�H�z_�/5˘����6��KhJR��P�mƶi�m���3�,#c�co��q�a)*Pt����R�m�k�7x�D�E�\Y�閣_X�<���~�)���c[[�BP����6�Yq���S��0����%_����;��Àv�~�| VS؇ ��'O0��F0��\���U�-�d@�����7�SJ*z��3n��y��P����O���������m�~�P�3|Y��ʉr#�C�<�G~�.,! ���bqx���h~0=��!ǫ�jy����l�O,�[B��~��|9��ٱ����Xly�#�i�B��g%�S��������tˋ���e���ې��\[d�t)��.+u�|1 ������#�~Oj����hS�%��i.�~X���I�H�m��0n���c�1uE�q��cF�RF�o���7� �O�ꮧ� ���ۛ{��ʛi5�rw?׌#Qn�TW��~?y$��m\�\o����%W� ?=>S�N@�� �Ʈ���R����N�)�r"C�:��:����� �����#��qb��Y�. �6[��2K����2u�Ǧ�HYR��Q�MV��� �G�$��Q+.>�����nNH��q�^��� ����q��mM��V��D�+�-�#*�U�̒ ���p욳��u:�������IB���m���PV@O���r[b= �� ��1U�E��_Nm�yKbN�O���U�}�the�`�|6֮P>�\2�P�V���I�D�i�P�O;�9�r�mAHG�W�S]��J*�_�G��+kP�2����Ka�Z���H�'K�x�W�MZ%�O�YD�Rc+o��?�q��Ghm��d�S�oh�\�D�|:W������UA�Qc yT�q������~^�H��/��#p�CZ���T�I�1�ӏT����4��"�ČZ�����}��`w�#�*,ʹ�� ��0�i��課�Om�*�da��^gJ݅{���l�e9uF#T�ֲ��̲�ٞC"�q���ߍ ոޑ�o#�XZTp����@ o�8��(jd��xw�]�,f���`~�|,s��^����f�1���t��|��m�򸄭/ctr��5s��7�9Q�4�H1꠲BB@l9@���C�����+�wp�xu�£Yc�9��?`@#�o�mH�s2��)�=��2�.�l����jg�9$�Y�S�%*L������R�Y������7Z���,*=�䷘$�������arm�o�ϰ���UW.|�r�uf����IGw�t����Zwo��~5 ��YյhO+=8fF�)�W�7�L9lM�̘·Y���֘YLf�큹�pRF���99.A �"wz��=E\Z���'a� 2��Ǚ�#;�'}�G���*��l��^"q��+2FQ� hj��kŦ��${���ޮ-�T�٭cf�|�3#~�RJ����t��$b�(R��(����r���dx� >U b�&9,>���%E\� Ά�e�$��'�q't��*�א���ެ�b��-|d���SB�O�O��$�R+�H�)�܎�K��1m`;�J�2�Y~9��O�g8=vqD`K[�F)k�[���1m޼c��n���]s�k�z$@��)!I �x՝"v��9=�ZA=`Ɠi �:�E��)`7��vI��}d�YI�_ �o�:ob���o ���3Q��&D&�2=�� �Ά��;>�h����y.*ⅥS������Ӭ�+q&����j|UƧ����}���J0��WW< ۋS�)jQR�j���Ư��rN)�Gű�4Ѷ(�S)Ǣ�8��i��W52���No˓� ۍ%�5brOn�L�;�n��\G����=�^U�dI���8$�&���h��'���+�(������cȁ߫k�l��S^���cƗjԌE�ꭔ��gF���Ȓ��@���}O���*;e�v�WV���YJ\�]X'5��ղ�k�F��b 6R�o՜m��i N�i����>J����?��lPm�U��}>_Z&�KK��q�r��I�D�Չ~�q�3fL�:S�e>���E���-G���{L�6p�e,8��������QI��h��a�Xa��U�A'���ʂ���s�+טIjP�-��y�8ۈZ?J$��W�P� ��R�s�]��|�l(�ԓ��sƊi��o(��S0��Y� 8�T97.�����WiL��c�~�dxc�E|�2!�X�K�Ƙਫ਼�$((�6�~|d9u+�qd�^3�89��Y�6L�.I�����?���iI�q���9�)O/뚅����O���X��X�V��ZF[�یgQ�L��K1���RҖr@v�#��X�l��F���Нy�S�8�7�kF!A��sM���^rkp�jP�DyS$N���q��nxҍ!U�f�!eh�i�2�m���`�Y�I�9r�6� �TF���C}/�y�^���Η���5d�'��9A-��J��>{�_l+�`��A���[�'��յ�ϛ#w:݅�%��X�}�&�PSt�Q�"�-��\縵�/����$Ɨh�Xb�*�y��BS����;W�ջ_mc�����vt?2}1�;qS�d�d~u:2k5�2�R�~�z+|HE!)�Ǟl��7`��0�<�,�2*���Hl-��x�^����'_TV�gZA�'j� ^�2Ϊ��N7t�����?w�� �x1��f��Iz�C-Ȗ��K�^q�;���-W�DvT�7��8�Z�������� hK�(P:��Q- �8�n�Z���܃e貾�<�1�YT<�,�����"�6{/ �?�͟��|1�:�#g��W�>$����d��J��d�B��=��jf[��%rE^��il:��B���x���Sּ�1հ��,�=��*�7 fcG��#q� �eh?��2�7�����,�!7x��6�n�LC�4x��},Geǝ�tC.��vS �F�43��zz\��;QYC,6����~;RYS/6���|2���5���v��T��i����������mlv��������&� �nRh^ejR�LG�f���? �ۉҬܦƩ��|��Ȱ����>3����!v��i�ʯ�>�v��オ�X3e���_1z�Kȗ\<������!�8���V��]��?b�k41�Re��T�q��mz��TiOʦ�Z��Xq���L������q"+���2ۨ��8}�&N7XU7Ap�d�X��~�׿��&4e�o�F��� �H����O���č�c�� 懴�6���͉��+)��v;j��ݷ�� �UV�� i��� j���Y9GdÒJ1��詞�����V?h��l����l�cGs�ځ�������y�Ac�����\V3�? �� ܙg�>qH�S,�E�W�[�㺨�uch�⍸�O�}���a��>�q�6�n6����N6�q������N ! 1AQaq�0@����"2BRb�#Pr���3C`��Scst���$4D���%Td�� ?���N����a��3��m���C���w��������xA�m�q�m���m������$����4n淿t'��C"w��zU=D�\R+w�p+Y�T�&�պ@��ƃ��3ޯ?�Aﶂ��aŘ���@-�����Q�=���9D��ռ�ѻ@��M�V��P��܅�G5�f�Y<�u=,EC)�<�Fy'�"�&�չ�X~f��l�KԆV��?�� �W�N����=(� �;���{�r����ٌ�Y���h{�١������jW����P���Tc�����X�K�r��}���w�R��%��?���E��m�� �Y�q|����\lEE4���r���}�lsI�Y������f�$�=�d�yO����p�����yBj8jU�o�/�S��?�U��*������ˍ�0������u�q�m [�?f����a�� )Q�>����6#������� ?����0UQ����,IX���(6ڵ[�DI�MNލ�c&���υ�j\��X�R|,4��� j������T�hA�e��^���d���b<����n�� �즇�=!���3�^�`j�h�ȓr��jẕ�c�,ٞX����-����a�ﶔ���#�$��]w�O��Ӫ�1y%��L�Y<�wg#�ǝ�̗`�x�xa�t�w��»1���o7o5��>�m뭛C���Uƃߜ}�C���y1Xνm�F8�jI���]����H���ۺиE@I�i;r�8ӭ����V�F�Շ| ��&?�3|x�B�MuS�Ge�=Ӕ�#BE5G�����Y!z��_e��q�р/W>|-�Ci߇�t�1ޯќd�R3�u��g�=0 5��[?�#͏��q�cf���H��{ ?u�=?�?ǯ���}Z��z���hmΔ�BFTW�����<�q�(v� ��!��z���iW]*�J�V�z��gX֧A�q�&��/w���u�gYӘa���; �i=����g:��?2�dž6�ى�k�4�>�Pxs����}������G�9��3 ���)gG�R<>r h�$��'nc�h�P��Bj��J�ҧH� -��N1���N��?��~��}-q!=��_2hc�M��l�vY%UE�@|�v����M2�.Y[|y�"Eï��K�ZF,�ɯ?,q�?v�M 80jx�"�;�9vk�����+ ֧�� �ȺU��?�%�vcV��mA�6��Qg^M����A}�3�nl� QRN�l8�kkn�'�����(��M�7m9و�q���%ޟ���*h$Zk"��$�9��: �?U8�Sl��,,|ɒ��xH(ѷ����Gn�/Q�4�P��G�%��Ա8�N��!� �&�7�;���eKM7�4��9R/%����l�c>�x;������>��C�:�����t��h?aKX�bhe�ᜋ^�$�Iհ �hr7%F$�E��Fd���t��5���+�(M6�t����Ü�UU|zW�=a�Ts�Tg������dqP�Q����b'�m���1{|Y����X�N��b �P~��F^F:����k6�"�j!�� �I�r�`��1&�-$�Bevk:y���#yw��I0��x��=D�4��tU���P�ZH��ڠ底taP��6����b>�xa����Q�#� WeF��ŮNj�p�J* mQ�N����*I�-*�ȩ�F�g�3 �5��V�ʊ�ɮ�a��5F���O@{���NX��?����H�]3��1�Ri_u��������ѕ�� ����0��� F��~��:60�p�͈�S��qX#a�5>���`�o&+�<2�D����: �������ڝ�$�nP���*)�N�|y�Ej�F�5ټ�e���ihy�Z �>���k�bH�a�v��h�-#���!�Po=@k̆IEN��@��}Ll?j�O������߭�ʞ���Q|A07x���wt!xf���I2?Z��<ץ�T���cU�j��]��陎Ltl �}5�ϓ��$�,��O�mˊ�;�@O��jE��j(�ا,��LX���LO���Ц�90�O �.����a��nA���7������j4 ��W��_ٓ���zW�jcB������y՗+EM�)d���N�g6�y1_x��p�$Lv:��9�"z��p���ʙ$��^��JԼ*�ϭ����o���=x�Lj�6�J��u82�A�H�3$�ٕ@�=Vv�]�'�qEz�;I˼��)��=��ɯ���x �/�W(V���p�����$ �m�������u�����񶤑Oqˎ�T����r��㠚x�sr�GC��byp�G��1ߠ�w e�8�$⿄����/�M{*}��W�]˷.�CK\�ުx���/$�WPw���r� |i���&�}�{�X� �>��$-��l���?-z���g����lΆ���(F���h�vS*���b���߲ڡn,|)mrH[���a�3�ר�[1��3o_�U�3�TC�$��(�=�)0�kgP���� ��u�^=��4 �WYCҸ:��vQ�ר�X�à��tk�m,�t*��^�,�}D*� �"(�I��9R����>`�`��[~Q]�#af��i6l��8���6�:,s�s�N6�j"�A4���IuQ��6E,�GnH��zS�HO�uk�5$�I�4��ؤ�Q9�@��C����wp�BGv[]�u�Ov���0I4���\��y�����Q�Ѹ��~>Z��8�T��a��q�ޣ;z��a���/��S��I:�ܫ_�|������>=Z����8:�S��U�I�J��"IY���8%b8���H��:�QO�6�;7�I�S��J��ҌAά3��>c���E+&jf$eC+�z�;��V����� �r���ʺ������my�e���aQ�f&��6�ND��.:��NT�vm�<- u���ǝ\MvZY�N�NT��-A�>jr!S��n�O 1�3�Ns�%�3D@���`������ܟ 1�^c<���� �a�ɽ�̲�Xë#�w�|y�cW�=�9I*H8�p�^(4���՗�k��arOcW�tO�\�ƍR��8����'�K���I�Q�����?5�>[�}��yU�ײ -h��=��% q�ThG�2�)���"ו3]�!kB��*p�FDl�A���,�eEi�H�f�Ps�����5�H:�Փ~�H�0Dت�D�I����h�F3�������c��2���E��9�H��5�zԑ�ʚ�i�X�=:m�xg�hd(�v����׊�9iS��O��d@0ڽ���:�p�5�h-��t�&���X�q�ӕ,��ie�|���7A�2���O%P��E��htj��Y1��w�Ѓ!����  ���� ࢽ��My�7�\�a�@�ţ�J �4�Ȼ�F�@o�̒?4�wx��)��]�P��~�����u�����5�����7X ��9��^ܩ�U;Iꭆ 5 �������eK2�7(�{|��Y׎ �V��\"���Z�1� Z�����}��(�Ǝ"�1S���_�vE30>���p;� ΝD��%x�W�?W?v����o�^V�i�d��r[��/&>�~`�9Wh��y�;���R��� ;;ɮT��?����r$�g1�K����A��C��c��K��l:�'��3 c�ﳯ*"t8�~l��)���m��+U,z��`(�>yJ�?����h>��]��v��ЍG*�{`��;y]��I�T� ;c��NU�fo¾h���/$���|NS���1�S�"�H��V���T���4��uhǜ�]�v;���5�͠x��'C\�SBpl���h}�N����� A�Bx���%��ޭ�l��/����T��w�ʽ]D�=����K���ž�r㻠l4�S�O?=�k �M:� ��c�C�a�#ha���)�ѐxc�s���gP�iG��{+���x���Q���I= �� z��ԫ+ �8"�k�ñ�j=|����c ��y��CF��/��*9ж�h{ �?4�o� ��k�m�Q�N�x��;�Y��4膚�a�w?�6�>e]�����Q�r�:����g�,i"�����ԩA�*M�<�G��b�if��l^M��5� �Ҩ�{����6J��ZJ�����P�*�����Y���ݛu�_4�9�I8�7���������,^ToR���m4�H��?�N�S�ѕw��/S��甍�@�9H�S�T��t�ƻ���ʒU��*{Xs�@����f�����֒Li�K{H�w^���������Ϥm�tq���s� ���ք��f:��o~s��g�r��ט� �S�ѱC�e]�x���a��) ���(b-$(�j>�7q�B?ӕ�F��hV25r[7 Y� }L�R��}����*sg+��x�r�2�U=�*'WS��ZDW]�WǞ�<��叓���{�$�9Ou4��y�90-�1�'*D`�c�^o?(�9��u���ݐ��'PI&� f�Jݮ�������:wS����jfP1F:X �H�9dԯ���˝[�_54 �}*;@�ܨ�� ð�yn�T���?�ןd�#���4rG�ͨ��H�1�|-#���Mr�S3��G�3�����)�.᧏3v�z֑��r����$G"�`j �1t��x0<Ɔ�Wh6�y�6��,œ�Ga��gA����y��b��)��h�D��ß�_�m��ü �gG;��e�v��ݝ�nQ� ��C����-�*��o���y�a��M��I�>�<���]obD��"�:���G�A��-\%LT�8���c�)��+y76���o�Q�#*{�(F�⽕�y����=���rW�\p���۩�c���A���^e6��K������ʐ�cVf5$�'->���ՉN"���F�"�UQ@�f��Gb~��#�&�M=��8�ט�JNu9��D��[̤�s�o�~������ G��9T�tW^g5y$b��Y'��س�Ǵ�=��U-2 #�MC�t(�i� �lj�@Q 5�̣i�*�O����s�x�K�f��}\��M{E�V�{�υ��Ƈ�����);�H����I��fe�Lȣr�2��>��W�I�Ȃ6������i��k�� �5�YOxȺ����>��Y�f5'��|��H+��98pj�n�.O�y�������jY��~��i�w'������l�;�s�2��Y��:'lg�ꥴ)o#'Sa�a�K��Z� �m��}�`169�n���"���x��I ��*+� }F<��cГ���F�P�������ֹ*�PqX�x۩��,� ��N�� �4<-����%����:��7����W���u�`����� $�?�I��&����o��o��`v�>��P��"��l���4��5'�Z�gE���8���?��[�X�7(��.Q�-��*���ތL@̲����v��.5���[��=�t\+�CNܛ��,g�SQnH����}*F�G16���&:�t��4ُ"A��̣��$�b �|����#rs��a�����T�� ]�<�j��BS�('$�ɻ� �wP;�/�n��?�ݜ��x�F��yUn�~mL*-�������Xf�wd^�a�}��f�,=t�׵i�.2/wpN�Ep8�OР���•��R�FJ� 55TZ��T �ɭ�<��]��/�0�r�@�f��V��V����Nz�G��^���7hZi����k��3�,kN�e|�vg�1{9]_i��X5y7� 8e]�U����'�-2,���e"����]ot�I��Y_��n�(JҼ��1�O ]bXc���Nu�No��pS���Q_���_�?i�~�x h5d'�(qw52] ��'ޤ�q��o1�R!���`ywy�A4u���h<קy���\[~�4�\ X�Wt/� 6�����n�F�a8��f���z �3$�t(���q��q�x��^�XWeN'p<-v�!�{�(>ӽDP7��ո0�y)�e$ٕv�Ih'Q�EA�m*�H��RI��=:��� ���4牢) �%_iN�ݧ�l]� �Nt���G��H�L��� ɱ�g<���1V�,�J~�ٹ�"K��Q�� 9�HS�9�?@��k����r�;we݁�]I�!{ �@�G�[�"��`���J:�n]�{�cA�E����V��ʆ���#��U9�6����j�#Y�m\��q�e4h�B�7��C�������d<�?J����1g:ٳ���=Y���D�p�ц� ׈ǔ��1�]26؜oS�'��9�V�FVu�P�h�9�xc�oq�X��p�o�5��Ա5$�9W�V(�[Ak�aY錎qf;�'�[�|���b�6�Ck��)��#a#a˙��8���=äh�4��2��C��4tm^ �n'c���]GQ$[Wҿ��i���vN�{Fu ��1�gx��1┷���N�m��{j-,��x�� Ūm�ЧS�[�s���Gna���䑴�� x�p 8<������97�Q���ϴ�v�aϚG��Rt�Һ׈�f^\r��WH�JU�7Z���y)�vg=����n��4�_)y��D'y�6�]�c�5̪�\� �PF�k����&�c;��cq�$~T�7j ���nç]�<�g ":�to�t}�159�<�/�8������m�b�K#g'I'.W�����6��I/��>v��\�MN��g���m�A�yQL�4u�Lj�j9��#44�t��l^�}L����n��R��!��t��±]��r��h6ٍ>�yҏ�N��fU�� ���� Fm@�8}�/u��jb9������he:A�y�ծw��GpΧh�5����l}�3p468��)U��d��c����;Us/�֔�YX�1�O2��uq�s��`hwg�r~�{ R��mhN��؎*q 42�*th��>�#���E����#��Hv�O����q�}�����6�e��\�,Wk�#���X��b>��p}�դ��3���T5��†��6��[��@�P�y*n��|'f�֧>�lư΂�̺����SU�'*�q�p�_S�����M�� '��c�6�����m�� ySʨ;M��r���Ƌ�m�Kxo,���Gm�P��A�G�:��i��w�9�}M(�^�V��$ǒ�ѽ�9���|���� �a����J�SQ�a���r�B;����}���ٻ֢�2�%U���c�#�g���N�a�ݕ�'�v�[�OY'��3L�3�;,p�]@�S��{ls��X�'���c�jw�k'a�.��}�}&�� �dP�*�bK=ɍ!����;3n�gΊU�ߴmt�'*{,=SzfD� A��ko~�G�aoq�_mi}#�m�������P�Xhύ����mxǍ�΂���巿zf��Q���c���|kc�����?���W��Y�$���_Lv����l߶��c���`?����l�j�ݲˏ!V��6����U�Ђ(A���4y)H���p�Z_�x��>���e��R��$�/�`^'3qˏ�-&Q�=?��CFVR �D�fV�9��{�8g�������n�h�(P"��6�[�D���< E�����~0<@�`�G�6����Hг�cc�� �c�K.5��D��d�B���`?�XQ��2��ٿyqo&+�1^� DW�0�ꊩ���G�#��Q�nL3��c���������/��x ��1�1[y�x�პCW��C�c�UĨ80�m�e�4.{�m��u���I=��f�����0QRls9���f���������9���~f�����Ǩ��a�"@�8���ȁ�Q����#c�ic������G��$���G���r/$W�(��W���V�"��m�7�[m�A�m����bo��D� j����۳� l���^�k�h׽����� ��#� iXn�v��eT�k�a�^Y�4�BN��ĕ��0 !01@Q"2AaPq3BR������?���@4�Q�����T3,���㺠�W�[=JK�Ϟ���2�r^7��vc�:�9 �E�ߴ�w�S#d���Ix��u��:��Hp��9E!�� V 2;73|F��9Y���*ʬ�F��D����u&���y؟��^EA��A��(ɩ���^��GV:ݜDy�`��Jr29ܾ�㝉��[���E;Fzx��YG��U�e�Y�C���� ����v-tx����I�sם�Ę�q��Eb�+P\ :>�i�C'�;�����k|z�رn�y]�#ǿb��Q��������w�����(�r|ӹs��[�D��2v-%��@;�8<a���[\o[ϧw��I!��*0�krs)�[�J9^��ʜ��p1)� "��/_>��o��<1����A�E�y^�C��`�x1'ܣn�p��s`l���fQ��):�l����b>�Me�jH^?�kl3(�z:���1ŠK&?Q�~�{�ٺ�h�y���/�[��V�|6��}�KbX����mn[-��7�5q�94�������dm���c^���h� X��5��<�eޘ>G���-�}�دB�ޟ� ��|�rt�M��V+�]�c?�-#ڛ��^ǂ}���Lkr���O��u�>�-D�ry� D?:ޞ�U��ǜ�7�V��?瓮�"�#���r��չģVR;�n���/_� ؉v�ݶe5d�b9��/O��009�G���5n�W����JpA�*�r9�>�1��.[t���s�F���nQ� V 77R�]�ɫ8����_0<՜�IF�u(v��4��F�k�3��E)��N:��yڮe��P�`�1}�$WS��J�SQ�N�j�ٺ��޵�#l���ј(�5=��5�lǏmoW�v-�1����v,W�mn��߀$x�<����v�j(����c]��@#��1������Ǔ���o'��u+����;G�#�޸��v-lη��/(`i⣍Pm^���ԯ̾9Z��F��������n��1��� ��]�[��)�'������:�֪�W��FC����� �B9،!?���]��V��A�Վ�M��b�w��G F>_DȬ0¤�#�QR�[V��kz���m�w�"��9ZG�7'[��=�Q����j8R?�zf�\a�=��O�U����*oB�A�|G���2�54 �p��.w7� �� ��&������ξxGHp� B%��$g�����t�Џ򤵍z���HN�u�Я�-�'4��0��;_��3 !01"@AQa2Pq#3BR������?��ʩca��en��^��8���<�u#��m*08r��y�N"�<�Ѳ0��@\�p��� �����Kv�D��J8�Fҽ� �f�Y��-m�ybX�NP����}�!*8t(�OqѢ��Q�wW�K��ZD��Δ^e��!� ��B�K��p~�����e*l}z#9ң�k���q#�Ft�o��S�R����-�w�!�S���Ӥß|M�l޶V��!eˈ�8Y���c�ЮM2��tk���� ������J�fS����Ö*i/2�����n]�k�\���|4yX�8��U�P.���Ы[���l��@"�t�<������5�lF���vU�����W��W��;�b�cД^6[#7@vU�xgZv��F�6��Q,K�v��� �+Ъ��n��Ǣ��Ft���8��0��c�@�!�Zq s�v�t�;#](B��-�nῃ~���3g������5�J�%���O������n�kB�ĺ�.r��+���#�N$?�q�/�s�6��p��a����a��J/��M�8��6�ܰ"�*������ɗud"\w���aT(����[��F��U՛����RT�b���n�*��6���O��SJ�.�ij<�v�MT��R\c��5l�sZB>F��<7�;EA��{��E���Ö��1U/�#��d1�a�n.1ě����0�ʾR�h��|�R��Ao�3�m3 ��%�� ���28Q� ��y��φ���H�To�7�lW>����#i`�q���c����a��� �m,B�-j����݋�'mR1Ήt�>��V��p���s�0IbI�C.���1R�ea�����]H�6����������4B>��o��](��$B���m�����a�!=��?�B� K�Ǿ+�Ծ"�n���K��*��+��[T#�{E�J�S����Q�����s�5�:�U�\wĐ�f�3����܆&�)����I���Ԇw��E T�lrTf6Q|R�h:��[K�� �z��c֧�G�C��%\��_�a�84��HcO�bi��ؖV��7H �)*ģK~Xhչ0��4?�0��� �E<���}3���#���u�?�� ��|g�S�6ꊤ�|�I#Hڛ� �ա��w�X��9��7���Ŀ%�SL��y6č��|�F�a 8���b��$�sק�h���b9RAu7�˨p�Č�_\*w��묦��F ����4D~�f����|(�"m���NK��i�S�>�$d7SlA��/�²����SL��|6N�}���S�˯���g��]6��; �#�.��<���q'Q�1|KQ$�����񛩶"�$r�b:���N8�w@��8$�� �AjfG|~�9F ���Y��ʺ��Bwؒ������M:I岎�G��`s�YV5����6��A �b:�W���G�q%l�����F��H���7�������Fsv7��k�� 403WebShell
403Webshell
Server IP : 97.74.90.209  /  Your IP : 216.73.216.15
Web Server : Apache
System : Linux live.indianstaffingfederation.org 4.18.0-553.54.1.el8_10.x86_64 #1 SMP Tue May 27 22:49:52 EDT 2025 x86_64
User : indianstaffing ( 1003)
PHP Version : 8.3.22
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /usr/src/csf/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /usr/src/csf/csf.conf
###############################################################################
# SECTION:Initial Settings
###############################################################################
# Testing flag - enables a CRON job that clears iptables incase of
# configuration problems when you start csf. This should be enabled until you
# are sure that the firewall works - i.e. incase you get locked out of your
# server! Then do remember to set it to 0 and restart csf when you're sure
# everything is OK. Stopping csf will remove the line from /etc/crontab
#
# lfd will not start while this is enabled
TESTING = "1"

# The interval for the crontab in minutes. Since this uses the system clock the
# CRON job will run at the interval past the hour and not from when you issue
# the start command. Therefore an interval of 5 minutes means the firewall
# will be cleared in 0-5 minutes from the firewall start
TESTING_INTERVAL = "5"

# SECURITY WARNING
# ================
#
# Unfortunately, syslog and rsyslog allow end-users to log messages to some
# system logs via the same unix socket that other local services use. This 
# means that any log line shown in these system logs that syslog or rsyslog
# maintain can be spoofed (they are exactly the same as real log lines).
#
# Since some of the features of lfd rely on such log lines, spoofed messages
# can cause false-positive matches which can lead to confusion at best, or
# blocking of any innocent IP address or making the server inaccessible at
# worst.
#
# Any option that relies on the log entries in the files listed in
# /etc/syslog.conf and /etc/rsyslog.conf should therefore be considered
# vulnerable to exploitation by end-users and scripts run by end-users.
#
# NOTE: Not all log files are affected as they may not use syslog/rsyslog
#
# The option RESTRICT_SYSLOG disables all these features that rely on affected
# logs. These options are:
# LF_SSHD LF_FTPD LF_IMAPD LF_POP3D LF_BIND LF_SUHOSIN LF_SSH_EMAIL_ALERT
# LF_SU_EMAIL_ALERT LF_CONSOLE_EMAIL_ALERT LF_DISTATTACK LF_DISTFTP
# LT_POP3D LT_IMAPD PS_INTERVAL UID_INTERVAL WEBMIN_LOG LF_WEBMIN_EMAIL_ALERT
# PORTKNOCKING_ALERT LF_SUDO_EMAIL_ALERT
#
# This list of options use the logs but are not disabled by RESTRICT_SYSLOG:
# ST_ENABLE SYSLOG_CHECK LOGSCANNER CUSTOM*_LOG
#
# The following options are still enabled by default on new installations so
# that, on balance, csf/lfd still provides expected levels of security:
# LF_SSHD LF_FTPD LF_POP3D LF_IMAPD LF_SSH_EMAIL_ALERT LF_SU_EMAIL_ALERT
#
# If you set RESTRICT_SYSLOG to "0" or "2" and enable any of the options listed
# above, it should be done with the knowledge that any of the those options
# that are enabled could be triggered by spoofed log lines and lead to the
# server being inaccessible in the worst case. If you do not want to take that
# risk you should set RESTRICT_SYSLOG to "1" and those features will not work
# but you will not be protected from the exploits that they normally help block
#
# The recommended setting for RESTRICT_SYSLOG is "3" to restrict who can access
# the syslog/rsyslog unix socket.
#
# For further advice on how to help mitigate these issues, see
# /etc/csf/readme.txt
#
# 0 = Allow those options listed above to be used and configured
# 1 = Disable all the options listed above and prevent them from being used
# 2 = Disable only alerts about this feature and do nothing else
# 3 = Restrict syslog/rsyslog access to RESTRICT_SYSLOG_GROUP ** RECOMMENDED **
RESTRICT_SYSLOG = "0"

# The following setting is used if RESTRICT_SYSLOG is set to 3. It restricts
# write access to the syslog/rsyslog unix socket(s). The group must not already
# exists in /etc/group before setting RESTRICT_SYSLOG to 3, so set the option
# to a unique name for the server
#
# You can add users to this group by changing /etc/csf/csf.syslogusers and then
# restarting lfd afterwards. This will create the system group and add the
# users from csf.syslogusers if they exist to that group and will change the
# permissions on the syslog/rsyslog unix socket(s). The socket(s) will be
# monitored and the permissions re-applied should syslog/rsyslog be restarted
#
# Using this option will prevent some legitimate logging, e.g. end-user cron
# job logs
#
# If you want to revert RESTRICT_SYSLOG to another option and disable this
# feature, change the setting of RESTRICT_SYSLOG and then restart lfd and then
# syslog/rsyslog and the unix sockets will be reset
RESTRICT_SYSLOG_GROUP = "mysyslog"

# This options restricts the ability to modify settings within this file from
# the csf UI. Should the parent control panel be compromised, these restricted
# options could be used to further compromise the server. For this reason we
# recommend leaving this option set to at least "1" and if any of the
# restricted items need to be changed, they are done so from the root shell
#
# 0 = Unrestricted UI
# 1 = Restricted UI
# 2 = Disabled UI
RESTRICT_UI = "1"

# Enabling auto updates creates a cron job called /etc/cron.d/csf_update which
# runs once per day to see if there is an update to csf+lfd and upgrades if
# available and restarts csf and lfd
#
# You should check for new version announcements at http://blog.configserver.com
AUTO_UPDATES = "1"

###############################################################################
# SECTION:IPv4 Port Settings
###############################################################################
# Lists of ports in the following comma separated lists can be added using a
# colon (e.g. 30000:35000).

# Some kernel/iptables setups do not perform stateful connection tracking
# correctly (typically some virtual servers or custom compiled kernels), so a
# SPI firewall will not function correctly. If this happens, LF_SPI can be set
# to 0 to reconfigure csf as a static firewall.
#
# As connection tracking will not be configured, applications that rely on it
# will not function unless all outgoing ports are opened. Therefore, all
# outgoing connections will be allowed once all other tests have completed. So
# TCP_OUT, UDP_OUT and ICMP_OUT will not have any affect.
#
# If you allow incoming DNS lookups you may need to use the following
# directive in the options{} section of your named.conf:
#
#        query-source port 53;
#
# This will force incoming DNS traffic only through port 53
#
# Disabling this option will break firewall functionality that relies on
# stateful packet inspection (e.g. DNAT, PACKET_FILTER) and makes the firewall
# less secure
#
# This option should be set to "1" in all other circumstances
LF_SPI = "1"

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,853,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,8443"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,853,873,993,995,2086,2087,2089,2703"

# Allow incoming UDP ports
UDP_IN = "20,21,53,80,443,853"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list 
UDP_OUT = "20,21,53,113,123,853,873,6277,24441"

# Allow incoming PING. Disabling PING will likely break external uptime
# monitoring
ICMP_IN = "1"

# Set the per IP address incoming ICMP packet rate for PING requests. This
# ratelimits PING requests which if exceeded results in silently rejected
# packets. Disable or increase this value if you are seeing PING drops that you
# do not want
#
# To disable rate limiting set to "0", otherwise set according to the iptables
# documentation for the limit module. For example, "1/s" will limit to one
# packet per second
ICMP_IN_RATE = "1/s"

# Allow outgoing PING
#
# Unless there is a specific reason, this option should NOT be disabled as it
# could break OS functionality
ICMP_OUT = "1"

# Set the per IP address outgoing ICMP packet rate for PING requests. This
# ratelimits PING requests which if exceeded results in silently rejected
# packets. Disable or increase this value if you are seeing PING drops that you
# do not want
#
# Unless there is a specific reason, this option should NOT be enabled as it
# could break OS functionality
#
# To disable rate limiting set to "0", otherwise set according to the iptables
# documentation for the limit module. For example, "1/s" will limit to one
# packet per second
ICMP_OUT_RATE = "0"

# For those with PCI Compliance tools that state that ICMP timestamps (type 13)
# should be dropped, you can enable the following option. Otherwise, there
# appears to be little evidence that it has anything to do with a security risk
# and can impact network performance, so should be left disabled by everyone
# else
ICMP_TIMESTAMPDROP = "0"

###############################################################################
# SECTION:IPv6 Port Settings
###############################################################################
# IPv6: (Requires ip6tables)
#
# Pre v2.6.20 kernels do not perform stateful connection tracking, so a static
# firewall is configured as a fallback instead if IPV6_SPI is set to 0 below
#
# Supported:
# Temporary ACCEPT/DENY, GLOBAL_DENY, GLOBAL_ALLOW, SMTP_BLOCK, LF_PERMBLOCK,
# PACKET_FILTER, Advanced Allow/Deny Filters, RELAY_*, CLUSTER_*, CC6_LOOKUPS, 
# SYNFLOOD, LF_NETBLOCK
#
# Supported if CC6_LOOKUPS and CC_LOOKUPS are enabled
# CC_DENY, CC_ALLOW, CC_ALLOW_FILTER, CC_IGNORE, CC_ALLOW_PORTS, CC_DENY_PORTS,
# CC_ALLOW_SMTPAUTH
#
# Supported if ip6tables >= 1.4.3:
# PORTFLOOD, CONNLIMIT
#
# Supported if ip6tables >= 1.4.17 and perl module IO::Socket::INET6 is
# installed:
# MESSENGER DOCKER SMTP_REDIRECT
#
# Not supported:
# ICMP_IN, ICMP_OUT
#
IPV6 = "0"

# IPv6 uses icmpv6 packets very heavily. By default, csf will allow all icmpv6
# traffic in the INPUT and OUTPUT chains. However, this could increase the risk
# of icmpv6 attacks. To restrict incoming icmpv6, set to "1" but may break some
# connection types
IPV6_ICMP_STRICT = "0"

# Pre v2.6.20 kernel must set this option to "0" as no working state module is
# present, so a static firewall is configured as a fallback
#
# A workaround has been added for CentOS/RedHat v5 and custom kernels that do
# not support IPv6 connection tracking by opening ephemeral port range
# 32768:61000. This is only applied if IPV6_SPI is not enabled. This is the
# same workaround implemented by RedHat in the sample default IPv6 rules
#
# As connection tracking will not be configured, applications that rely on it
# will not function unless all outgoing ports are opened. Therefore, all
# outgoing connections will be allowed once all other tests have completed. So
# TCP6_OUT, UDP6_OUT and ICMP6_OUT will not have any affect.
#
# If you allow incoming ipv6 DNS lookups you may need to use the following
# directive in the options{} section of your named.conf:
#
#        query-source-v6 port 53;
#
# This will force ipv6 incoming DNS traffic only through port 53
#
# These changes are not necessary if the SPI firewall is used
IPV6_SPI = "1"

# Allow incoming IPv6 TCP ports
TCP6_IN = "20,21,22,25,53,80,110,143,443,465,587,853,993,995,2077,2078,2082,2083,2086,2087,2095,2096,8443"

# Allow outgoing IPv6 TCP ports
TCP6_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,853,873,993,995,2086,2087,2089,2703"

# Allow incoming IPv6 UDP ports
UDP6_IN = "20,21,53,80,443"

# Allow outgoing IPv6 UDP ports
# To allow outgoing traceroute add 33434:33523 to this list 
UDP6_OUT = "20,21,53,113,123,873,6277,24441"

###############################################################################
# SECTION:General Settings
###############################################################################
# By default, csf will auto-configure iptables to filter all traffic except on
# the loopback device. If you only want iptables rules applied to a specific
# NIC, then list it here (e.g. eth1, or eth+)
ETH_DEVICE = ""

# By adding a device to this option, ip6tables can be configured only on the
# specified device. Otherwise, ETH_DEVICE and then the default setting will be
# used
ETH6_DEVICE = ""

# If you don't want iptables rules applied to specific NICs, then list them in
# a comma separated list (e.g "eth1,eth2")
ETH_DEVICE_SKIP = ""

# This option should be enabled unless the kernel does not support the
# "conntrack" module
#
# To use the deprecated iptables "state" module, change this to 0
USE_CONNTRACK = "1"

# Enable ftp helper via the iptables CT target on supporting kernels (v2.6.34+)
# instead of the current method via /proc/sys/net/netfilter/nf_conntrack_helper
# This will also remove the RELATED target from the global state iptables rule
#
# This is not needed (and will be ignored) if LF_SPI/IPV6_SPI is disabled or
# the raw tables do not exist. The USE_CONNTRACK option should be enabled
#
# To enable this option, set it to your FTP server listening port number
# (normally 21), do NOT set it to "1"
USE_FTPHELPER = "0"

# Check whether syslog is running. Many of the lfd checks require syslog to be
# running correctly. This test will send a coded message to syslog every
# SYSLOG_CHECK seconds. lfd will check SYSLOG_LOG log lines for the coded
# message. If it fails to do so within SYSLOG_CHECK seconds an alert using
# syslogalert.txt is sent
#
# A value of between 300 and 3600 seconds is suggested. Set to 0 to disable
SYSLOG_CHECK = "0" 

# Enable this option if you do not wish to block all IP's that have 
# authenticated using POP before SMTP (i.e. are valid clients). This option
# checks for IP addresses in /etc/relayhosts, which last for 30 minutes in that
# file after a successful POP authentication.
# 
# Set the value to 0 to disable the feature
RELAYHOSTS = "0"

# Enable this option if you want lfd to ignore (i.e. don't block) IP addresses
# listed in csf.allow in addition to csf.ignore (the default). This option
# should be used with caution as it would mean that IP's allowed through the
# firewall from infected PC's could launch attacks on the server that lfd
# would ignore
IGNORE_ALLOW = "0"

# Enable the following option if you want to apply strict iptables rules to DNS
# traffic (i.e. relying on iptables connection tracking). Enabling this option
# could cause DNS resolution issues both to and from the server but could help
# prevent abuse of the local DNS server
DNS_STRICT = "0"

# Enable the following option if you want to apply strict iptables rules to DNS
# traffic between the server and the nameservers listed in /etc/resolv.conf
# Enabling this option could cause DNS resolution issues both to and from the
# server but could help prevent abuse of the local DNS server
DNS_STRICT_NS = "0"

# Limit the number of IP's kept in the /etc/csf/csf.deny file
#
# Care should be taken when increasing this value on servers with low memory
# resources or hard limits (such as Virtuozzo/OpenVZ) as too many rules (in the
# thousands) can sometimes cause network slowdown
#
# The value set here is the maximum number of IPs/CIDRs allowed
# if the limit is reached, the entries will be rotated so that the oldest
# entries (i.e. the ones at the top) will be removed and the latest is added.
# The limit is only checked when using csf -d (which is what lfd also uses)
# Set to 0 to disable limiting
#
# For implementations wishing to set this value significantly higher, we
# recommend using the IPSET option
DENY_IP_LIMIT = "200"

# Limit the number of IP's kept in the temprary IP ban list. If the limit is
# reached the oldest IP's in the ban list will be removed and allowed
# regardless of the amount of time remaining for the block
# Set to 0 to disable limiting
DENY_TEMP_IP_LIMIT = "100"

# Enable login failure detection daemon (lfd). If set to 0 none of the
# following settings will have any effect as the daemon won't start.
LF_DAEMON = "1"

# Check whether csf appears to have been stopped and restart if necessary,
# unless TESTING is enabled above. The check is done every 300 seconds
LF_CSF = "1"

# This option uses IPTABLES_SAVE, IPTABLES_RESTORE and IP6TABLES_SAVE,
# IP6TABLES_RESTORE in two ways:
#
# 1. On a clean server reboot the entire csf iptables configuration is saved
#    and then restored where possible to provide a near instant firewall
#    startup[*]
#
# 2. On csf restart or lfd reloading tables, CC_* as well as SPAMHAUS, DSHIELD,
#    BOGON, TOR are loaded using this method in a fraction of the time than if
#    this setting is disabled
#
# [*]Not supported on all OS platforms
#
# Set to "0" to disable this functionality
FASTSTART = "1"

# This option allows you to use ipset v6+ for the following csf options:
# CC_* and /etc/csf/csf.blocklist, /etc/csf/csf.allow, /etc/csf/csf.deny,
# GLOBAL_DENY, GLOBAL_ALLOW, DYNDNS, GLOBAL_DYNDNS, MESSENGER
#
# ipset will only be used with the above options when listing IPs and CIDRs.
# Advanced Allow Filters and temporary blocks use traditional iptables
#
# Using ipset moves the onus of ip matching against large lists away from
# iptables rules and to a purpose built and optimised database matching
# utility. It also simplifies the switching in of updated lists
#
# To use this option you must have a fully functioning installation of ipset
# installed either via rpm or source from http://ipset.netfilter.org/
# 
# Note: Using ipset has many advantages, some disadvantages are that you will
# no longer see packet and byte counts against IPs and it makes identifying
# blocked/allowed IPs that little bit harder
#
# Note: If you mainly use IP address only entries in csf.deny, you can increase
# the value of DENY_IP_LIMIT significantly if you wish
# 
# Note: It's highly unlikely that ipset will function on Virtuozzo/OpenVZ
# containers even if it has been installed
#
# If you find any problems, please post on forums.configserver.com with full
# details of the issue
LF_IPSET = "0"

# Versions of iptables greater or equal to v1.4.20 should support the --wait
# option. This forces iptables commands that use the option to wait until a
# lock by any other process using iptables completes, rather than simply
# failing
#
# Enabling this feature will add the --wait option to iptables commands
#
# NOTE: The disadvantage of using this option is that any iptables command that
# uses it will hang until the lock is released. This could cause a cascade of
# hung processes trying to issue iptables commands. To try and avoid this issue
# csf uses a last ditch timeout, WAITLOCK_TIMEOUT in seconds, that will trigger
# a failure if reached
WAITLOCK = "0"
WAITLOCK_TIMEOUT = "300"

# The following sets the hashsize for ipset sets, which must be a power of 2.
#
# Note: Increasing this value will consume more memory for all sets
# Default: "1024"
LF_IPSET_HASHSIZE = "1024"

# The following sets the maxelem for ipset sets.
#
# Note: Increasing this value will consume more memory for all sets
# Default: "65536"
LF_IPSET_MAXELEM = "65536"

# If you enable this option then whenever a CLI request to restart csf is used
# lfd will restart csf instead within LF_PARSE seconds
#
# This feature can be helpful for restarting configurations that cannot use
# FASTSTART
LFDSTART = "0"

# Enable verbose output of iptables commands
VERBOSE = "1"

# Drop out of order packets and packets in an INVALID state in iptables
# connection tracking
PACKET_FILTER = "1"

# Perform reverse DNS lookups on IP addresses. See also CC_LOOKUPS
LF_LOOKUPS = "1"

# Custom styling is possible in the csf UI. See the readme.txt for more
# information under "UI skinning and Mobile View"
#
# This option enables the use of custom styling. If the styling fails to work
# correctly, e.g. custom styling does not take into account a change in the
# standard csf UI, then disabling this option will return the standard UI
STYLE_CUSTOM = "0"

# This option disables the presence of the Mobile View in the csf UI
STYLE_MOBILE = "1"

###############################################################################
# SECTION:SMTP Settings
###############################################################################
# Block outgoing SMTP except for root, exim and mailman (forces scripts/users
# to use the exim/sendmail binary instead of sockets access). This replaces the
# protection as WHM > Tweak Settings > SMTP Tweaks
#
# This option uses the iptables ipt_owner/xt_owner module and must be loaded
# for it to work. It may not be available on some VPS platforms
#
# Note: Run /etc/csf/csftest.pl to check whether this option will function on
# this server
SMTP_BLOCK = "0"

# If SMTP_BLOCK is enabled but you want to allow local connections to port 25
# on the server (e.g. for webmail or web scripts) then enable this option to
# allow outgoing SMTP connections to the loopback device
SMTP_ALLOWLOCAL = "1"

# This option redirects outgoing SMTP connections destined for remote servers
# for non-bypass users to the local SMTP server to force local relaying of
# email. Such email may require authentication (SMTP AUTH)
SMTP_REDIRECT = "0"

# This is a comma separated list of the ports to block. You should list all
# ports that exim is configured to listen on
SMTP_PORTS = "25,465,587"

# Always allow the following comma separated users and groups to bypass
# SMTP_BLOCK
#
# Note: root (UID:0) is always allowed
SMTP_ALLOWUSER = "cpanel"
SMTP_ALLOWGROUP = "mail,mailman"

# This option will only allow SMTP AUTH to be advertised to the IP addresses
# listed in /etc/csf/csf.smtpauth on EXIM mail servers
#
# The additional option CC_ALLOW_SMTPAUTH can be used with this option to
# additionally restrict access to specific countries
#
# This is to help limit attempts at distributed attacks against SMTP AUTH which
# are difficult to achieve since port 25 needs to be open to relay email
#
# The reason why this works is that if EXIM does not advertise SMTP AUTH on a
# connection, then SMTP AUTH will not accept logins, defeating the attacks
# without restricting mail relaying
#
# Note: csf and lfd must be restarted if /etc/csf/csf.smtpauth is modified so
# that the lookup file in /etc/exim.smtpauth is regenerated from the
# information from /etc/csf/csf.smtpauth plus any countries listed in
# CC_ALLOW_SMTPAUTH
#
# NOTE: To make this option work you MUST make the modifications to exim.conf
# as explained in "Exim SMTP AUTH Restriction" section in /etc/csf/readme.txt
# after enabling the option here, otherwise this option will not work
#
# To enable this option, set to 1 and make the exim configuration changes
# To disable this option, set to 0 and undo the exim configuration changes
SMTPAUTH_RESTRICT = "0"

###############################################################################
# SECTION:Port Flood Settings
###############################################################################
# Enable SYN Flood Protection. This option configures iptables to offer some
# protection from tcp SYN packet DOS attempts. You should set the RATE so that
# false-positives are kept to a minimum otherwise visitors may see connection
# issues (check /var/log/messages for *SYNFLOOD Blocked*). See the iptables
# man page for the correct --limit rate syntax
#
# Note: This option should ONLY be enabled if you know you are under a SYN
# flood attack as it will slow down all new connections from any IP address to
# the server if triggered
SYNFLOOD = "0"
SYNFLOOD_RATE = "100/s"
SYNFLOOD_BURST = "150"

# Connection Limit Protection. This option configures iptables to offer more
# protection from DOS attacks against specific ports. It can also be used as a
# way to simply limit resource usage by IP address to specific server services.
# This option limits the number of concurrent new connections per IP address
# that can be made to specific ports
#
# This feature does not work on servers that do not have the iptables module
# xt_connlimit loaded. Typically, this will be with MONOLITHIC kernels. VPS
# server admins should check with their VPS host provider that the iptables
# module is included
#
# For further information and syntax refer to the Connection Limit Protection
# section of the csf readme.txt
#
# Note: Run /etc/csf/csftest.pl to check whether this option will function on
# this server
CONNLIMIT = ""

# Port Flood Protection. This option configures iptables to offer protection
# from DOS attacks against specific ports. This option limits the number of
# new connections per time interval that can be made to specific ports
#
# This feature does not work on servers that do not have the iptables module
# ipt_recent loaded. Typically, this will be with MONOLITHIC kernels. VPS
# server admins should check with their VPS host provider that the iptables
# module is included
#
# For further information and syntax refer to the Port Flood Protection
# section of the csf readme.txt
#
# Note: Run /etc/csf/csftest.pl to check whether this option will function on
# this server
PORTFLOOD = ""

# Outgoing UDP Flood Protection. This option limits outbound UDP packet floods.
# These typically originate from exploit scripts uploaded through vulnerable
# web scripts. Care should be taken on servers that use services that utilise
# high levels of UDP outbound traffic, such as SNMP, so you may need to alter
# the UDPFLOOD_LIMIT and UDPFLOOD_BURST options to suit your environment
#
# We recommend enabling User ID Tracking (UID_INTERVAL) with this feature
UDPFLOOD = "0"
UDPFLOOD_LIMIT = "100/s"
UDPFLOOD_BURST = "500"

# This is a list of usernames that should not be rate limited, such as "named"
# to prevent bind traffic from being limited.
#
# Note: root (UID:0) is always allowed
UDPFLOOD_ALLOWUSER = "named"

###############################################################################
# SECTION:Logging Settings
###############################################################################
# Log lfd messages to SYSLOG in addition to /var/log/lfd.log. You must have the
# perl module Sys::Syslog installed to use this feature
SYSLOG = "0"

# Drop target for incoming iptables rules. This can be set to either DROP or
# REJECT. REJECT will send back an error packet, DROP will not respond at all.
# REJECT is more polite, however it does provide extra information to a hacker
# and lets them know that a firewall is blocking their attempts. DROP hangs
# their connection, thereby frustrating attempts to port scan the server
DROP = "DROP"

# Drop target for outgoing iptables rules. This can be set to either DROP or
# REJECT as with DROP, however as such connections are from this server it is
# better to REJECT connections to closed ports rather than to DROP them. This
# helps to immediately free up server resources rather than tying them up until
# a connection times out. It also tells the process making the connection that
# it has immediately failed
#
# It is possible that some monolithic kernels may not support the REJECT
# target. If this is the case, csf checks before using REJECT and falls back to
# using DROP, issuing a warning to set this to DROP instead
DROP_OUT = "REJECT"

# Enable logging of dropped connections to blocked ports to syslog, usually
# /var/log/messages. This option needs to be enabled to use Port Scan Tracking
DROP_LOGGING = "1"

# Enable logging of dropped incoming connections from blocked IP addresses
#
# This option will be disabled if you enable Port Scan Tracking (PS_INTERVAL)
DROP_IP_LOGGING = "0"

# Enable logging of dropped outgoing connections
#
# Note: Only outgoing SYN packets for TCP connections are logged, other
# protocols log all packets
#
# We recommend that you enable this option
DROP_OUT_LOGGING = "1"

# Together with DROP_OUT_LOGGING enabled, this option logs the UID connecting
# out (where available) which can help track abuse
DROP_UID_LOGGING = "1"

# Only log incoming reserved port dropped connections (0:1023). This can reduce
# the amount of log noise from dropped connections, but will affect options
# such as Port Scan Tracking (PS_INTERVAL)
DROP_ONLYRES = "0"

# Commonly blocked ports that you do not want logging as they tend to just fill
# up the log file. These ports are specifically blocked (applied to TCP and UDP
# protocols) for incoming connections
DROP_NOLOG = "23,67,68,111,113,135:139,445,500,513,520"

# Log packets dropped by the packet filtering option PACKET_FILTER
DROP_PF_LOGGING = "0"

# Log packets dropped by the Connection Limit Protection option CONNLIMIT. If
# this is enabled and Port Scan Tracking (PS_INTERVAL) is also enabled, IP
# addresses breaking the Connection Limit Protection will be blocked
CONNLIMIT_LOGGING = "0"

# Enable logging of UDP floods. This should be enabled, especially with User ID
# Tracking enabled
UDPFLOOD_LOGGING = "1"

# Send an alert if log file flooding is detected which causes lfd to skip log
# lines to prevent lfd from looping. If this alert is sent you should check the
# reported log file for the reason for the flooding
LOGFLOOD_ALERT = "0"

###############################################################################
# SECTION:Reporting Settings
###############################################################################
# By default, lfd will send alert emails using the relevant alert template to
# the To: address configured within that template. Setting the following
# option will override the configured To: field in all lfd alert emails
#
# Leave this option empty to use the To: field setting in each alert template
LF_ALERT_TO = ""

# By default, lfd will send alert emails using the relevant alert template from
# the From: address configured within that template. Setting the following
# option will override the configured From: field in all lfd alert emails
#
# Leave this option empty to use the From: field setting in each alert template
LF_ALERT_FROM = ""

# By default, lfd will send all alerts using the SENDMAIL binary. To send using
# SMTP directly, you can set the following to a relaying SMTP server, e.g.
# "127.0.0.1". Leave this setting blank to use SENDMAIL
LF_ALERT_SMTP = ""

# Block Reporting. lfd can run an external script when it performs and IP
# address block following for example a login failure. The following setting
# is to the full path of the external script which must be executable. See
# readme.txt for format details
#
# Leave this setting blank to disable
BLOCK_REPORT = ""

# To also run an external script when a temporary block is unblocked: the
# following setting can be the full path of the external script which must be
# executable. See readme.txt for format details
#
# Leave this setting blank to disable
UNBLOCK_REPORT = ""

# In addition to the standard lfd email alerts, you can additionally enable the
# sending of X-ARF reports (see http://www.xarf.org/specification.html). Only
# block alert messages will be sent. The reports use our schema at:
# https://download.configserver.com/abuse_login-attack_0.2.json
#
# These reports are in a format accepted by many Netblock owners and should
# help them investigate abuse. This option is not designed to automatically
# forward these reports to the Netblock owners and should be checked for
# false-positive blocks before reporting
#
# If available, the report will also include the abuse contact for the IP from
# the Abusix Contact DB: https://abusix.com/contactdb.html
#
# Note: The following block types are not reported through this feature:
# LF_PERMBLOCK, LF_NETBLOCK, LF_DISTATTACK, LF_DISTFTP, RT_*_ALERT
X_ARF = "0"

# By default, lfd will send emails from the root forwarder. Setting the
# following option will override this
X_ARF_FROM = ""

# By default, lfd will send emails to the root forwarder. Setting the following
# option will override this
X_ARF_TO = ""

# If you want to automatically send reports to the abuse contact where found,
# you can enable the following option
#
# Note: You MUST set X_ARF_FROM to a valid email address for this option to
# work. This is so that the abuse contact can reply to the report
#
# However, you should be aware that without manual checking you could be
# reporting innocent IP addresses, including your own clients, yourself and
# your own servers
#
# Additionally, just because a contact address is found, does not mean that
# there is anyone on the end of it reading, processing or acting on such
# reports and you could conceivably reported for sending spam
#
# We do not recommend enabling this option. Abuse reports should be checked and
# verified before being forwarded to the abuse contact
X_ARF_ABUSE = "0"

###############################################################################
# SECTION:Temp to Perm/Netblock Settings
###############################################################################
# Temporary to Permanent IP blocking. The following enables this feature to
# permanently block IP addresses that have been temporarily blocked more than
# LF_PERMBLOCK_COUNT times in the last LF_PERMBLOCK_INTERVAL seconds. Set
# LF_PERMBLOCK  to "1" to enable this feature
#
# Care needs to be taken when setting LF_PERMBLOCK_INTERVAL as it needs to be
# at least LF_PERMBLOCK_COUNT multiplied by the longest temporary time setting
# (TTL) for blocked IPs, to be effective
#
# Set LF_PERMBLOCK to "0" to disable this feature
LF_PERMBLOCK = "1"
LF_PERMBLOCK_INTERVAL = "86400"
LF_PERMBLOCK_COUNT = "4"
LF_PERMBLOCK_ALERT = "1"

# Permanently block IPs by network class. The following enables this feature
# to permanently block classes of IP address where individual IP addresses
# within the same class LF_NETBLOCK_CLASS have already been blocked more than
# LF_NETBLOCK_COUNT times in the last LF_NETBLOCK_INTERVAL seconds. Set
# LF_NETBLOCK  to "1" to enable this feature
#
# This can be an affective way of blocking DDOS attacks launched from within
# the same network class
#
# Valid settings for LF_NETBLOCK_CLASS are "A", "B" and "C", care and
# consideration is required when blocking network classes A or B
#
# Set LF_NETBLOCK to "0" to disable this feature
LF_NETBLOCK = "0"
LF_NETBLOCK_INTERVAL = "86400"
LF_NETBLOCK_COUNT = "4"
LF_NETBLOCK_CLASS = "C"
LF_NETBLOCK_ALERT = "1"

# Valid settings for LF_NETBLOCK_IPV6 are "/64", "/56", "/48", "/32" and "/24"
# Great care should be taken with IPV6 netblock ranges due to the large number
# of addresses involved
#
# To disable IPv6 netblocks set to ""
LF_NETBLOCK_IPV6 = ""

###############################################################################
# SECTION:Global Lists/DYNDNS/Blocklists
###############################################################################
# Safe Chain Update. If enabled, all dynamic update chains (GALLOW*, GDENY*,
# SPAMHAUS, DSHIELD, BOGON, CC_ALLOW, CC_DENY, ALLOWDYN*) will create a new
# chain when updating, and insert it into the relevant LOCALINPUT/LOCALOUTPUT
# chain, then flush and delete the old dynamic chain and rename the new chain.
#
# This prevents a small window of opportunity opening when an update occurs and
# the dynamic chain is flushed for the new rules.
#
# This option should not be enabled on servers with long dynamic chains (e.g.
# CC_DENY/CC_ALLOW lists) and low memory. It should also not be enabled on
# Virtuozzo VPS servers with a restricted numiptent value. This is because each
# chain will effectively be duplicated while the update occurs, doubling the
# number of iptables rules
SAFECHAINUPDATE = "0"

# If you wish to allow access from dynamic DNS records (for example if your IP
# address changes whenever you connect to the internet but you have a dedicated
# dynamic DNS record from the likes of dyndns.org) then you can list the FQDN
# records in csf.dyndns and then set the following to the number of seconds to
# poll for a change in the IP address. If the IP address has changed iptables
# will be updated.
#
# If the FQDN has multiple A records then all of the IP addresses will be
# processed. If IPV6 is enabled, then all IPv6 AAAA IP address records will
# also be allowed.
# 
# A setting of 600 would check for IP updates every 10 minutes. Set the value
# to 0 to disable the feature
DYNDNS = "0"

# To always ignore DYNDNS IP addresses in lfd blocking, set the following
# option to 1
DYNDNS_IGNORE = "0"

# The follow Global options allow you to specify a URL where csf can grab a
# centralised copy of an IP allow or deny block list of your own. You need to
# specify the full URL in the following options, i.e.:
# http://www.somelocation.com/allow.txt
#
# The actual retrieval of these IP's is controlled by lfd, so you need to set
# LF_GLOBAL to the interval (in seconds) when you want lfd to retrieve. lfd
# will perform the retrieval when it runs and then again at the specified
# interval. A sensible interval would probably be every 3600 seconds (1 hour).
# A minimum value of 300 is enforced for LF_GLOBAL if enabled
#
# You do not have to specify both an allow and a deny file
#
# You can also configure a global ignore file for IP's that lfd should ignore
LF_GLOBAL = "0"

GLOBAL_ALLOW = ""
GLOBAL_DENY = ""
GLOBAL_IGNORE = ""

# Provides the same functionality as DYNDNS but with a GLOBAL URL file. Set
# this to the URL of the file containing DYNDNS entries
GLOBAL_DYNDNS = ""

# Set the following to the number of seconds to poll for a change in the IP
# address resoved from GLOBAL_DYNDNS
GLOBAL_DYNDNS_INTERVAL = "600"

# To always ignore GLOBAL_DYNDNS IP addresses in lfd blocking, set the following
# option to 1
GLOBAL_DYNDNS_IGNORE = "0"

# Blocklists are controlled by modifying /etc/csf/csf.blocklists
#
# If you don't want BOGON rules applied to specific NICs, then list them in
# a comma separated list (e.g "eth1,eth2")
LF_BOGON_SKIP = ""

# The following option can be used to select the method csf will use to
# retrieve URL data and files
#
# This can be set to use:
#
# 1. Perl module HTTP::Tiny
# 2. Perl module LWP::UserAgent
# 3. CURL/WGET (set location at the bottom of csf.conf if installed)
#
# HTTP::Tiny is much faster than LWP::UserAgent and is included in the csf
# distribution. LWP::UserAgent may have to be installed manually, but it can
# better support https:// URL's which also needs the LWP::Protocol::https perl
# module
#
# CURL/WGET uses the system binaries if installed but does not always provide
# good feedback when it fails. The script will first look for CURL, if that
# does not exist at the configured location it will then look for WGET
#
# Additionally, 1 or 2 are used and the retrieval fails, then if either CURL or
# WGET are available, an additional attempt will be using CURL/WGET. This is
# useful if the perl distribution has outdated modules that do not support
# modern SSL/TLS implementations
#
# To install the LWP perl modules required:
#
# On rpm based systems:
# 
#   yum install perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch
#
# On APT based systems:
#
#   apt-get install libwww-perl liblwp-protocol-https-perl
#
# Via cpan:
#
#   perl -MCPAN -eshell
#   cpan> install LWP LWP::Protocol::https
#
# We recommend setting this set to "2" or "3" as upgrades to csf will be
# performed over SSL as well as other URLs used when retrieving external data
#
# "1" = HTTP::Tiny
# "2" = LWP::UserAgent
# "3" = CURL/WGET (set location at the bottom of csf.conf)
URLGET = "2"

# If you need csf/lfd to use a proxy, then you can set this option to the URL
# of the proxy. The proxy provided will be used for both HTTP and HTTPS
# connections
URLPROXY = ""

###############################################################################
# SECTION:Country Code Lists and Settings
###############################################################################
# Country Code to CIDR allow/deny. In the following options you can allow or
# deny whole country CIDR ranges. The CIDR blocks are obtained from a selected
# source below. They also display Country Code Country and City for reported IP
# addresses and lookups
#
# There are a number of sources for these databases, before utilising them you
# need to visit each site and ensure you abide by their license provisions
# where stated:

# 1. MaxMind
#
# MaxMind GeoLite2 Country/City and ASN databases at:
# https://dev.MaxMind.com/geoip/geoip2/geolite2/
# This feature relies entirely on that service being available
#
# Advantages: This is a one stop shop for all of the databases required for
# these features. They provide a consistent dataset for blocking and reporting
# purposes
#
# Disadvantages: MaxMind require a license key to download their databases.
# This is free of charge, but requires the user to create an account on their
# website to generate the required key:
#
# WARNING: As of 2019-12-29, MaxMind REQUIRES you to create an account on their
# site and to generate a license key to use their databases. See:
# https://www.maxmind.com/en/geolite2/signup
# https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/
# 
# You MUST set the following to continue using the IP lookup features of csf,
# otherwise an error will be generated and the features will not work.
# Alternatively set CC_SRC below to a different provider
#
# MaxMind License Key:
MM_LICENSE_KEY = ""

# 2. DB-IP, ipdeny.com, iptoasn.com
#
# Advantages: The ipdeny.com databases form CC blocking are better optimised
# and so are quicker to process and create fewer iptables entries. All of these
# databases are free to download without requiring login or key
#
# Disadvantages: Multiple sources mean that any one of the three could
# interrupt the provision of these features. It may also mean that there are
# inconsistences between them
#
# https://db-ip.com/db/lite.php
# http://ipdeny.com/
# https://iptoasn.com/
# http://download.geonames.org/export/dump/readme.txt

# Set the following to your preferred source:
#
# "1" - MaxMind
# "2" - db-ip, ipdeny, iptoasn
#
# The default is "2" on new installations of csf, or set to "1" to use the
# MaxMind databases after obtaining a license key
CC_SRC = "2"

# In the following options, specify the the two-letter ISO Country Code(s).
# The iptables rules are for incoming connections only
#
# Additionally, ASN numbers can also be added to the comma separated lists
# below that also list Country Codes. The same WARNINGS for Country Codes apply
# to the use of ASNs. More about Autonomous System Numbers (ASN):
# http://www.iana.org/assignments/as-numbers/as-numbers.xhtml
# ASNs must be listed as ASnnnn (where nnnn is the ASN number)
#
# You should consider using LF_IPSET when using any of the following options
#
# WARNING: These lists are never 100% accurate and some ISP's (e.g. AOL) use
# non-geographic IP address designations for their clients
#
# WARNING: Some of the CIDR lists are huge and each one requires a rule within
# the incoming iptables chain. This can result in significant performance
# overheads and could render the server inaccessible in some circumstances. For
# this reason (amongst others) we do not recommend using these options
#
# WARNING: Due to the resource constraints on VPS servers this feature should
# not be used on such systems unless you choose very small CC zones
#
# WARNING: CC_ALLOW allows access through all ports in the firewall. For this
# reason CC_ALLOW probably has very limited use and CC_ALLOW_FILTER is
# preferred
#
# Each option is a comma separated list of CC's, e.g. "US,GB,DE"
CC_DENY = ""
CC_ALLOW = ""

# An alternative to CC_ALLOW is to only allow access from the following
# countries but still filter based on the port and packets rules. All other
# connections are dropped
CC_ALLOW_FILTER = ""

# This option allows access from the following countries to specific ports
# listed in CC_ALLOW_PORTS_TCP and CC_ALLOW_PORTS_UDP
#
# Note: The rules for this feature are inserted after the allow and deny
# rules to still allow blocking of IP addresses
#
# Each option is a comma separated list of CC's, e.g. "US,GB,DE"
CC_ALLOW_PORTS = ""

# All listed ports should be removed from TCP_IN/UDP_IN to block access from
# elsewhere. This option uses the same format as TCP_IN/UDP_IN
#
# An example would be to list port 21 here and remove it from TCP_IN/UDP_IN
# then only countries listed in CC_ALLOW_PORTS can access FTP
CC_ALLOW_PORTS_TCP = ""
CC_ALLOW_PORTS_UDP = ""

# This option denies access from the following countries to specific ports
# listed in CC_DENY_PORTS_TCP and CC_DENY_PORTS_UDP
#
# Note: The rules for this feature are inserted after the allow and deny
# rules to still allow allowing of IP addresses
#
# Each option is a comma separated list of CC's, e.g. "US,GB,DE"
CC_DENY_PORTS = ""

# This option uses the same format as TCP_IN/UDP_IN. The ports listed should
# NOT be removed from TCP_IN/UDP_IN
#
# An example would be to list port 21 here then countries listed in
# CC_DENY_PORTS cannot access FTP
CC_DENY_PORTS_TCP = ""
CC_DENY_PORTS_UDP = ""

# This Country Code list will prevent lfd from blocking IP address hits for the
# listed CC's
#
# CC_LOOKUPS must be enabled to use this option
CC_IGNORE = ""

# This Country Code list will only allow SMTP AUTH to be advertised to the
# listed countries in EXIM. This is to help limit attempts at distributed
# attacks against SMTP AUTH which are difficult to achive since port 25 needs
# to be open to relay email
#
# The reason why this works is that if EXIM does not advertise SMTP AUTH on a
# connection, then SMTP AUTH will not accept logins, defeating the attacks
# without restricting mail relaying
#
# This option can generate a very large list of IP addresses that could easily
# severely impact on SMTP (mail) performance, so care must be taken when
# selecting countries and if performance issues ensue
#
# The option SMTPAUTH_RESTRICT must be enabled to use this option
CC_ALLOW_SMTPAUTH = ""

# These options can control which IP blocks are redirected to the MESSENGER
# service, if it is enabled
#
# If Country Codes are listed in CC_MESSENGER_ALLOW, then only a blocked IP
# that resolves to one of those Country Codes will be redirected to the
# MESSENGER service
#
# If Country Codes are listed in CC_MESSENGER_DENY, then a blocked IP that
# resolves to one of those Country Codes will NOT be redirected to the
# MESSENGER service
#
CC_MESSENGER_ALLOW = ""
CC_MESSENGER_DENY = ""

# Set this option to a valid CIDR (i.e. 1 to 32) to ignore CIDR blocks smaller
# than this value when implementing CC_DENY/CC_ALLOW/CC_ALLOW_FILTER. This can
# help reduce the number of CC entries and may improve iptables throughput.
# Obviously, this will deny/allow fewer IP addresses depending on how small you
# configure the option
#
# For example, to ignore all CIDR (and single IP) entries small than a /16, set
# this option to "16". Set to "" to block all CC IP addresses
CC_DROP_CIDR = ""

# Display Country Code and Country for reported IP addresses. This option can
# be configured to use the databases enabled at the top of this section. An
# additional option is also available if you cannot use those databases:
#
# "0" - disable
# "1" - Reports: Country Code and Country
# "2" - Reports: Country Code and Country and Region and City
# "3" - Reports: Country Code and Country and Region and City and ASN
# "4" - Reports: Country Code and Country and Region and City (db-ip.com)
#
# Note: "4" does not use the databases enabled at the top of this section
# directly for lookups. Instead it uses a URL-based lookup from
# https://db-ip.com and so avoids having to download and process the large
# databases. Please visit the https://db-ip.com and read their limitations and
# understand that this option will either cease to function or be removed by us
# if that site is abused or overloaded. ONLY use this option if you have
# difficulties using the databases enabled at the top of this section. This
# option is ONLY for IP lookups, NOT when using the CC_* options above, which
# will continue to use the databases enabled at the top of this section
#
CC_LOOKUPS = "1"

# Display Country Code and Country for reported IPv6 addresses using the
# databases enabled at the top of this section
#
# "0" - disable
# "1" - enable and report the detail level as specified in CC_LOOKUPS
#
# This option must also be enabled to allow IPv6 support to CC_*, MESSENGER and
# PORTFLOOD
CC6_LOOKUPS = "0"

# This option tells lfd how often to retrieve the databases for CC_ALLOW,
# CC_ALLOW_FILTER, CC_DENY, CC_IGNORE and CC_LOOKUPS (in days)
CC_INTERVAL = "14"

###############################################################################
# SECTION:Login Failure Blocking and Alerts
###############################################################################
# The following[*] triggers are application specific. If you set LF_TRIGGER to
# "0" the value of each trigger is the number of failures against that
# application that will trigger lfd to block the IP address
#
# If you set LF_TRIGGER to a value greater than "0" then the following[*]
# application triggers are simply on or off ("0" or "1") and the value of
# LF_TRIGGER is the total cumulative number of failures that will trigger lfd
# to block the IP address
#
# Setting the application trigger to "0" disables it
LF_TRIGGER = "0"

# If LF_TRIGGER is > "0" then LF_TRIGGER_PERM can be set to "1" to permanently
# block the IP address, or LF_TRIGGER_PERM can be set to a value greater than
# "1" and the IP address will be blocked temporarily for that value in seconds.
# For example:
# LF_TRIGGER_PERM = "1" => the IP is blocked permanently
# LF_TRIGGER_PERM = "3600" => the IP is blocked temporarily for 1 hour
#
# If LF_TRIGGER is "0", then the application LF_[application]_PERM value works
# in the same way as above and LF_TRIGGER_PERM serves no function
LF_TRIGGER_PERM = "1"

# To only block access to the failed application instead of a complete block
# for an ip address, you can set the following to "1", but LF_TRIGGER must be
# set to "0" with specific application[*] trigger levels also set appropriately
#
# The ports that are blocked can be configured by changing the PORTS_* options
LF_SELECT = "0"

# Send an email alert if an IP address is blocked by one of the [*] triggers
LF_EMAIL_ALERT = "1"

# Send an email alert if an IP address is only temporarily blocked by one of
# the [*] triggers
#
# Note: LF_EMAIL_ALERT must still be enabled to get permanent block emails
LF_TEMP_EMAIL_ALERT = "1"

# [*]Enable login failure detection of sshd connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SSHD = "5"
LF_SSHD_PERM = "1"

# [*]Enable login failure detection of ftp connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_FTPD = "10"
LF_FTPD_PERM = "1"

# [*]Enable login failure detection of SMTP AUTH connections
LF_SMTPAUTH = "5"
LF_SMTPAUTH_PERM = "1"

# [*]Enable syntax failure detection of Exim connections
LF_EXIMSYNTAX = "10"
LF_EXIMSYNTAX_PERM = "1"

# [*]Enable login failure detection of pop3 connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_POP3D = "10"
LF_POP3D_PERM = "1"

# [*]Enable login failure detection of imap connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_IMAPD = "10"
LF_IMAPD_PERM = "1"

# [*]Enable login failure detection of Apache .htpasswd connections
# Due to the often high logging rate in the Apache error log, you might want to
# enable this option only if you know you are suffering from attacks against
# password protected directories
LF_HTACCESS = "5"
LF_HTACCESS_PERM = "1"

# [*]Enable login failure detection of cpanel, webmail and whm connections
LF_CPANEL = "5"
LF_CPANEL_PERM = "1"

# [*]Enable failure detection of repeated Apache mod_security rule triggers
LF_MODSEC = "5"
LF_MODSEC_PERM = "1"

# [*]Enable detection of repeated BIND denied requests
# This option should be enabled with care as it will prevent blocked IPs from
# resolving any domains on the server. You might want to set the trigger value
# reasonably high to avoid this
# Example: LF_BIND = "100"
LF_BIND = "0"
LF_BIND_PERM = "1"

# [*]Enable detection of repeated suhosin ALERTs
# Example: LF_SUHOSIN = "5"
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SUHOSIN = "0"
LF_SUHOSIN_PERM = "1"

# [*]Enable detection of repeated cxs ModSecurity mod_security rule triggers
# This option will block IP addresses if cxs detects a hits from the
# ModSecurity rule associated with it
#
# Note: This option takes precedence over LF_MODSEC and removes any hits
# counted towards LF_MODSEC for the cxs rule
#
# This setting should probably set very low, perhaps to 1, if you want to
# effectively block IP addresses for this trigger option
LF_CXS = "0"
LF_CXS_PERM = "1"

# [*]Enable detection of repeated Apache mod_qos rule triggers
LF_QOS = "0"
LF_QOS_PERM = "1"

# [*]Enable detection of repeated Apache symlink race condition triggers from
# the Apache patch provided by:
# http://www.mail-archive.com/dev@httpd.apache.org/msg55666.html
# This patch has also been included by cPanel via the easyapache option:
# "Symlink Race Condition Protection"
LF_SYMLINK = "0"
LF_SYMLINK_PERM = "1"

# [*]Enable login failure detection of webmin connections
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_WEBMIN = "0"
LF_WEBMIN_PERM = "1"

# Send an email alert if anyone logs in successfully using SSH
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SSH_EMAIL_ALERT = "1"

# Send an email alert if anyone uses su to access another account. This will
# send an email alert whether the attempt to use su was successful or not
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SU_EMAIL_ALERT = "1"

# Send an email alert if anyone uses sudo to access another account. This will
# send an email alert whether the attempt to use sudo was successful or not
#
# NOTE: This option could become onerous if sudo is used extensively for root
# access by administrators or control panels. It is provided for those where
# this is not the case
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_SUDO_EMAIL_ALERT = "0"

# Send an email alert if anyone accesses webmin
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_WEBMIN_EMAIL_ALERT = "1"

# Send an email alert if anyone logs in successfully to root on the console
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_CONSOLE_EMAIL_ALERT = "1"

# This option will keep track of the number of "File does not exist" errors in
# HTACCESS_LOG. If the number of hits is more than LF_APACHE_404 in LF_INTERVAL
# seconds then the IP address will be blocked
#
# Care should be used with this option as it could generate many
# false-positives, especially Search Bots (use csf.rignore to ignore such bots)
# so only use this option if you know you are under this type of attack
#
# A sensible setting for this would be quite high, perhaps 200
#
# To disable set to "0"
LF_APACHE_404 = "0"

# If this option is set to 1 the blocks will be permanent
# If this option is > 1, the blocks will be temporary for the specified number
# of seconds
LF_APACHE_404_PERM = "3600"

# This option will keep track of the number of "client denied by server
# configuration" errors in HTACCESS_LOG. If the number of hits is more than
# LF_APACHE_403 in LF_INTERVAL seconds then the IP address will be blocked
#
# Care should be used with this option as it could generate many
# false-positives, especially Search Bots (use csf.rignore to ignore such bots)
# so only use this option if you know you are under this type of attack
#
# To disable set to "0"
LF_APACHE_403 = "0"

# If this option is set to 1 the blocks will be permanent
# If this option is > 1, the blocks will be temporary for the specified number
# of seconds
LF_APACHE_403_PERM = "3600"

# This option will keep track of the number of 401 failures in HTACCESS_LOG.
# If the number of hits is more than LF_APACHE_401 in LF_INTERVAL seconds then
# the IP address will be blocked
#
# To disable set to "0"
LF_APACHE_401 = "0"

# If this option is set to 1 the blocks will be permanent
# If this option is > 1, the blocks will be temporary for the specified number
# of seconds
LF_APACHE_401_PERM = "3600"

# This option is used to determine if the Apache error_log format contains the
# client port after the client IP. In Apache prior to v2.4, this was not the
# case. In Apache v2.4+ the error_log format can be configured using
# ErrorLogFormat, making the port directive optional
#
# Unfortunately v2.4 ErrorLogFormat places the port number after a colon next
# to the client IP by default. This makes determining client IPv6 addresses
# difficult unless we know whether the port is being appended or not
#
# lfd will attempt to autodetect the correct value if this option is set to "0"
# from the httpd binary found in common locations. If it fails to find a binary
# it will be set to "2", unless specified here
#
# The value can be set here explicitly if the autodetection does not work:
# 0 - autodetect
# 1 - no port directive after client IP
# 2 - port directive after client IP
LF_APACHE_ERRPORT = "0"

# Send an email alert if anyone accesses WHM/cPanel via an account listed in
# LF_CPANEL_ALERT_USERS. An IP address will be reported again 1 hour after the
# last tracked access (or if lfd is restarted)
LF_CPANEL_ALERT = "1"

# If a LF_CPANEL_ALERT event is triggered, then if the following contains the
# path to a script, it will run the script and passed the ip and username and
# the DNS IP lookup result as 3 arguments
#
# The action script must have the execute bit and interpreter (shebang) set
LF_CPANEL_ALERT_ACTION = ""

# This is a comma separated list of accounts to send alerts for. To send an
# alert for all accounts set this to "all"
LF_CPANEL_ALERT_USERS = "root"

# Enable scanning of the exim mainlog for repeated emails sent from scripts.
# To use this feature the exim log_selector option must at least be set to:
#
# log_selector = +arguments +subject +received_recipients
#
# If you already use extended exim logging, then you need to either include
# +arguments +received_recipients or use +all
#
# This setting will then send an alert email if more than LF_SCRIPT_LIMIT lines
# appear with the same cwd= path in them within an hour. This can be useful in
# identifying spamming scripts on a server, especially PHP scripts running
# under the nobody account. The email that is sent includes the exim log lines
# and also attempts to find scripts that send email in the path that may be the
# culprit
LF_SCRIPT_ALERT = "0"

# The limit afterwhich the email alert for email scripts is sent. Care should
# be taken with this value if you allow clients to use web scripts to maintain
# pseudo-mailing lists which have large recipients
LF_SCRIPT_LIMIT = "100"

# If an LF_SCRIPT_ALERT event is triggered, then if the following can contain
# the path to a script, it will be run in a child process and passed the
# following information as parameters which also appears in the email alert:
#   Path to the directory containing the script that is sending the email
#   Count of emails sent
#   Sample of the first 10 emails
#   List of possible email scripts within Path
#
# The action script must have the execute bit and interpreter (shebang) set
LF_SCRIPT_ACTION = ""

# If this option is enabled, the directory identified by LF_SCRIPT_ALERT will
# be chmod 0 and chattr +i to prevent it being accessed. Set the option to 1
# to enable.
#
# WARNING: This option could cause serious system problems if the identified
# directory is within the OS directory hierarchy. For this reason we do not
# recommend enabling it unless absolutely necessary.
LF_SCRIPT_PERM = "0"

# Checks the length of the exim queue and sends an alert email if the value of
# settings is exceeded. If the ConfigServer MailScanner configuration is used
# then both the pending and delivery queues will be checked.
#
# Note: If there are problems sending out email, this alert may not be received
# To disable set to "0"
LF_QUEUE_ALERT = "2000"

# The interval between mail queue checks in seconds. This should not be set too
# low on servers that often have long queues as the exim binary can use
# significant resources when checking its queue length
LF_QUEUE_INTERVAL = "300"

# This option will send an alert if the ModSecurity IP persistent storage grows
# excessively large: https://goo.gl/rGh5sF
#
# More information on cPanel servers here: https://goo.gl/vo6xTE
#
# The check is performed at lfd startup and then once per hour, the template
# used is modsecipdbalert.txt
#
# LF_MODSECIPDB_FILE must be set to the correct location of the database file
#
# Set to "0" to disable this option, otherwise it is the threshold size of the
# file to report in gigabytes, e.g. set to 5 for 5GB
LF_MODSECIPDB_ALERT = "5"

# This is the location of the persistent IP storage file on the server, e.g.:
# /var/run/modsecurity/data/ip.pag
# /var/cpanel/secdatadir/ip.pag
# /var/cache/modsecurity/ip.pag
# /usr/local/apache/conf/modsec/data/msa/ip.pag
# /var/tmp/ip.pag
# /tmp/ip.pag
LF_MODSECIPDB_FILE = "/var/cpanel/secdatadir/ip.pag"

# System Exploit Checking. This option is designed to perform a series of tests
# to send an alert in case a possible server compromise is detected
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 300 would seem sensible).
#
# To disable set to "0"
LF_EXPLOIT = "300"

# This comma separated list allows you to ignore tests LF_EXPLOIT performs
#
# For the SUPERUSER check, you can list usernames in csf.suignore to have them
# ignored for that test
#
# Valid tests are:
# SUPERUSER
#
# If you want to ignore a test add it to this as a comma separated list, e.g.
# "SUPERUSER"
LF_EXPLOIT_IGNORE = ""

# Set the time interval to track login and other LF_ failures within (seconds),
# i.e. LF_TRIGGER failures within the last LF_INTERVAL seconds
LF_INTERVAL = "3600"

# This is how long the lfd process sleeps (in seconds) before processing the
# log file entries and checking whether other events need to be triggered
LF_PARSE = "5"

# This is the interval that is used to flush reports of usernames, files and
# pids so that persistent problems continue to be reported, in seconds.
# A value of 3600 seems sensible
LF_FLUSH = "3600"

# Under some circumstances iptables can fail to include a rule instruction,
# especially if more than one request is made concurrently. In this event, a
# permanent block entry may exist in csf.deny, but not in iptables.
#
# This option instructs csf to deny an already blocked IP address the number
# of times set. The downside, is that there will be multiple entries for an IP
# address in csf.deny and possibly multiple rules for the same IP address in
# iptables. This needs to be taken into consideration when unblocking such IP
# addresses.
#
# Set to "0" to disable this feature. Do not set this too high for the reasons
# detailed above (e.g. "5" should be more than enough)
LF_REPEATBLOCK = "0"

# By default csf will create both an inbound and outbound blocks from/to an IP
# unless otherwise specified in csf.deny and GLOBAL_DENY. This is the most
# effective way to block IP traffic. This option instructs csf to only block
# inbound traffic from those IP's and so reduces the number of iptables rules,
# but at the expense of less effectiveness. For this reason we recommend
# leaving this option disabled
# 
# Set to "0" to disable this feature - the default
LF_BLOCKINONLY = "0"

###############################################################################
# SECTION:CloudFlare
###############################################################################
# This features provides interaction with the CloudFlare Firewall
#
# As CloudFlare is a reverse proxy, any attacking IP addresses (so far as 
# iptables is concerned) come from the CloudFlare IP's. To counter this, an
# Apache module (mod_cloudflare) is available that obtains the true attackers
# IP from a custom HTTP header record (similar functionality is available
# for other HTTP daemons
#
# However, despite now knowing the true attacking IP address, iptables cannot
# be used to block that IP as the traffic is still coming from the CloudFlare
# servers
#
# CloudFlare have provided a Firewall feature within the user account where
# rules can be added to block, challenge or whitelist IP addresses
#
# Using the CloudFlare API, this feature adds and removes attacking IPs from
# that firewall and provides CLI (and via the UI) additional commands
#
# See /etc/csf/readme.txt for more information about this feature and the
# restrictions for its use BEFORE enabling this feature
CF_ENABLE = "0"

# If the CloudFlare user plugin has been installed, enable this setting to use
# per cPanel account settings rather than listing each account in
# /etc/csf/csf.cloudflare
CF_CPANEL = ""

# This can be set to either "block" or "challenge" (see CloudFlare docs)
CF_BLOCK = "block"

# This setting determines how long the temporary block will apply within csf
# and CloudFlare, keeping them in sync
#
# Block duration in seconds - overrides perm block or time of individual blocks
# in lfd for block triggers
CF_TEMP = "3600"

###############################################################################
# SECTION:Directory Watching & Integrity 
###############################################################################
# Enable Directory Watching. This enables lfd to check /tmp and /dev/shm
# directories for suspicious files, i.e. script exploits. If a suspicious
# file is found an email alert is sent. One alert per file per LF_FLUSH
# interval is sent
#
# To enable this feature set the following to the checking interval in seconds.
# To disable set to "0"
LF_DIRWATCH = "300"

# To remove any suspicious files found during directory watching, enable the
# following. These files will be appended to a tarball in
# /var/lib/suspicious.tar
LF_DIRWATCH_DISABLE = "0"

# This option allows you to have lfd watch a particular file or directory for
# changes and should they change and email alert using watchalert.txt is sent
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 60 would seem sensible) and add your entries to csf.dirwatch
#
# Set to disable set to "0"
LF_DIRWATCH_FILE = "0"

# System Integrity Checking. This enables lfd to compare md5sums of the
# servers OS binary application files from the time when lfd starts. If the
# md5sum of a monitored file changes an alert is sent. This option is intended
# as an IDS (Intrusion Detection System) and is the last line of detection for
# a possible root compromise.
#
# There will be constant false-positives as the servers OS is updated or
# monitored application binaries are updated. However, unexpected changes
# should be carefully inspected.
#
# Modified files will only be reported via email once.
#
# To enable this feature set the following to the checking interval in seconds
# (a value of 3600 would seem sensible). This option may increase server I/O
# load onto the server as it checks system binaries.
#
# To disable set to "0"
LF_INTEGRITY = "3600"

###############################################################################
# SECTION:Distributed Attacks
###############################################################################
# Distributed Account Attack. This option will keep track of login failures
# from distributed IP addresses to a specific application account. If the
# number of failures matches the trigger value above, ALL of the IP addresses
# involved in the attack will be blocked according to the temp/perm rules above
#
# Tracking applies to LF_SSHD, LF_FTPD, LF_SMTPAUTH, LF_POP3D, LF_IMAPD, 
# LF_HTACCESS
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_DISTATTACK = "0"

# Set the following to the minimum number of unique IP addresses that trigger
# LF_DISTATTACK
LF_DISTATTACK_UNIQ = "2"

# Distributed FTP Logins. This option will keep track of successful FTP logins.
# If the number of successful logins to an individual account is at least
# LF_DISTFTP in LF_DIST_INTERVAL from at least LF_DISTFTP_UNIQ IP addresses,
# then all of the IP addresses will be blocked
#
# This option can help mitigate the common FTP account compromise attacks that
# use a distributed network of zombies to deface websites
#
# A sensible setting for this might be 5, depending on how many different
# IP addresses you expect to an individual FTP account within LF_DIST_INTERVAL
#
# To disable set to "0"
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LF_DISTFTP = "0"

# Set the following to the minimum number of unique IP addresses that trigger
# LF_DISTFTP. LF_DISTFTP_UNIQ must be <= LF_DISTFTP for this to work
LF_DISTFTP_UNIQ = "3"

# If this option is set to 1 the blocks will be permanent
# If this option is > 1, the blocks will be temporary for the specified number
# of seconds
LF_DISTFTP_PERM = "1"

# Send an email alert if LF_DISTFTP is triggered
LF_DISTFTP_ALERT = "1"

# Distributed SMTP Logins. This option will keep track of successful SMTP
# logins. If the number of successful logins to an individual account is at
# least LF_DISTSMTP in LF_DIST_INTERVAL from at least LF_DISTSMTP_UNIQ IP
# addresses, then all of the IP addresses will be blocked. These options only
# apply to the exim MTA
#
# This option can help mitigate the common SMTP account compromise attacks that
# use a distributed network of zombies to send spam
#
# A sensible setting for this might be 5, depending on how many different
# IP addresses you expect to an individual SMTP account within LF_DIST_INTERVAL
#
# To disable set to "0"
LF_DISTSMTP = "0"

# Set the following to the minimum number of unique IP addresses that trigger
# LF_DISTSMTP. LF_DISTSMTP_UNIQ must be <= LF_DISTSMTP for this to work
LF_DISTSMTP_UNIQ = "3"

# If this option is set to 1 the blocks will be permanent
# If this option is > 1, the blocks will be temporary for the specified number
# of seconds
LF_DISTSMTP_PERM = "1"

# Send an email alert if LF_DISTSMTP is triggered
LF_DISTSMTP_ALERT = "1"

# This is the interval during which a distributed FTP or SMTP attack is
# measured
LF_DIST_INTERVAL = "300"

# If LF_DISTFTP or LF_DISTSMTP is triggered, then if the following contains the
# path to a script, it will run the script and pass the following as arguments:
#
# LF_DISTFTP/LF_DISTSMTP
# account name
# log file text
#
# The action script must have the execute bit and interpreter (shebang) set
LF_DIST_ACTION = ""

###############################################################################
# SECTION:Login Tracking
###############################################################################
# Block POP3 logins if greater than LT_POP3D times per hour per account per IP
# address (0=disabled)
#
# This is a temporary block for the rest of the hour, afterwhich the IP is
# unblocked
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LT_POP3D = "0"

# Block IMAP logins if greater than LT_IMAPD times per hour per account per IP
# address (0=disabled) - not recommended for IMAP logins due to the ethos
# within which IMAP works. If you want to use this, setting it quite high is
# probably a good idea
#
# This is a temporary block for the rest of the hour, afterwhich the IP is
# unblocked
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
LT_IMAPD = "0"

# Send an email alert if an account exceeds LT_POP3D/LT_IMAPD logins per hour
# per IP
LT_EMAIL_ALERT = "1"

# If LF_PERMBLOCK is enabled but you do not want this to apply to
# LT_POP3D/LT_IMAPD, then enable this option
LT_SKIPPERMBLOCK = "0"

###############################################################################
# SECTION:Relay Tracking
###############################################################################
# Relay Tracking. This allows you to track email that is relayed through the
# server. There are also options to send alerts and block external IP addresses
# if the number of emails relayed per hour exceeds configured limits. The
# blocks can be either permanent or temporary.
#
# The following information applies to each of the following types of relay
# check:
# RT_[relay type]_ALERT: 0 = disable, 1 = enable
# RT_[relay type]_LIMIT: the limit/hour afterwhich an email alert will be sent
# RT_[relay type]_BLOCK: 0 = no block;1 = perm block;nn=temp block for nn secs

# This option triggers for external email
RT_RELAY_ALERT = "1"
RT_RELAY_LIMIT = "100"
RT_RELAY_BLOCK = "0"

# This option triggers for email authenticated by SMTP AUTH
RT_AUTHRELAY_ALERT = "1"
RT_AUTHRELAY_LIMIT = "100"
RT_AUTHRELAY_BLOCK = "0"

# This option triggers for email authenticated by POP before SMTP
RT_POPRELAY_ALERT = "1"
RT_POPRELAY_LIMIT = "100"
RT_POPRELAY_BLOCK = "0"

# This option triggers for email sent via /usr/sbin/sendmail or /usr/sbin/exim
RT_LOCALRELAY_ALERT = "1"
RT_LOCALRELAY_LIMIT = "100"

# This option triggers for email sent via a local IP addresses
RT_LOCALHOSTRELAY_ALERT = "1"
RT_LOCALHOSTRELAY_LIMIT = "100"

# If an RT_* event is triggered, then if the following contains the path to
# a script, it will be run in a child process and passed the following:
# information as parameters which also appears in the email alert:
#   IP Address
#   Relay Type (RELAY/AUTHRELAY/POPRELAY/LOCALRELAY/LOCALHOSTRELAY)
#   Block Message (Temporary/Permanent Block)
#   Count of emails relayed
#   Sample of the first 10 emails
#
# The action script must have the execute bit and interpreter (shebang) set
RT_ACTION = ""

###############################################################################
# SECTION:Connection Tracking
###############################################################################
# Connection Tracking. This option enables tracking of all connections from IP
# addresses to the server. If the total number of connections is greater than
# this value then the offending IP address is blocked. This can be used to help
# prevent some types of DOS attack.
#
# Care should be taken with this option. It's entirely possible that you will
# see false-positives. Some protocols can be connection hungry, e.g. FTP, IMAPD
# and HTTP so it could be quite easy to trigger, especially with a lot of
# closed connections in TIME_WAIT. However, for a server that is prone to DOS
# attacks this may be very useful. A reasonable setting for this option might
# be around 300
#
# To disable this feature, set this to 0
CT_LIMIT = "0"

# Connection Tracking interval. Set this to the the number of seconds between
# connection tracking scans
CT_INTERVAL = "30"

# Send an email alert if an IP address is blocked due to connection tracking
CT_EMAIL_ALERT = "1"

# If you want to make IP blocks permanent then set this to 1, otherwise blocks
# will be temporary and will be cleared after CT_BLOCK_TIME seconds
CT_PERMANENT = "0"

# If you opt for temporary IP blocks for CT, then the following is the interval
# in seconds that the IP will remained blocked for (e.g. 1800 = 30 mins)
CT_BLOCK_TIME = "1800"

# If you don't want to count the TIME_WAIT state against the connection count
# then set the following to "1"
CT_SKIP_TIME_WAIT = "0"

# If you only want to count specific states (e.g. SYN_RECV) then add the states
# to the following as a comma separated list. E.g. "SYN_RECV,TIME_WAIT"
#
# Leave this option empty to count all states against CT_LIMIT
CT_STATES = ""

# If you only want to count specific ports (e.g. 80,443) then add the ports
# to the following as a comma separated list. E.g. "80,443"
#
# Leave this option empty to count all ports against CT_LIMIT
CT_PORTS = ""

# If the total number of connections from a class C subnet is greater than this
# value then the offending subnet is blocked according to the other CT_*
# settings
#
# This option can be used to help prevent some types of DOS attack where a
# range of IP's between x.y.z.1-255 has connected to the server
#
# If you use a reverse proxy service such as Cloudflare you should not enable
# this option, or should exclude the ports that you have proxied in CT_PORTS
#
# To disable this feature, set this to 0
CT_SUBNET_LIMIT = "0"

###############################################################################
# SECTION:Process Tracking
###############################################################################
# Process Tracking. This option enables tracking of user and nobody processes
# and examines them for suspicious executables or open network ports. Its
# purpose is to identify potential exploit processes that are running on the
# server, even if they are obfuscated to appear as system services. If a
# suspicious process is found an alert email is sent with relevant information.
# It is then the responsibility of the recipient to investigate the process
# further as the script takes no further action
#
# The following is the number of seconds a process has to be active before it
# is inspected. If you set this time too low, then you will likely trigger
# false-positives with CGI or PHP scripts.
# Set the value to 0 to disable this feature
PT_LIMIT = "60"

# How frequently processes are checked in seconds
PT_INTERVAL = "60"

# If you want process tracking to highlight php or perl scripts that are run
# through apache then disable the following,
# i.e. set it to 0
#
# While enabling this setting will reduce false-positives, having it set to 0
# does provide better checking for exploits running on the server
PT_SKIP_HTTP = "0"

# If you want to track all linux accounts on a cPanel server, not just users
# that are part of cPanel, then enable this option. This is recommended to
# improve security from compromised accounts
#
# Set to 0 to disable the feature, 1 to enable it
PT_ALL_USERS = "0"

# lfd will report processes, even if they're listed in csf.pignore, if they're
# tagged as (deleted) by Linux. This information is provided in Linux under
# /proc/PID/exe. A (deleted) process is one that is running a binary that has
# the inode for the file removed from the file system directory. This usually
# happens when the binary has been replaced due to an upgrade for it by the OS
# vendor or another third party (e.g. cPanel). You need to investigate whether
# this is indeed the case to be sure that the original binary has not been
# replaced by a rootkit or is running an exploit.
#
# Note: If a deleted executable process is detected and reported then lfd will
# not report children of the parent (or the parent itself if a child triggered
# the report) if the parent is also a deleted executable process
#
# To stop lfd reporting such process you need to restart the daemon to which it
# belongs and therefore run the process using the replacement binary (presuming
# one exists). This will normally mean running the associated startup script in
# /etc/init.d/
#
# If you do want lfd to report deleted binary processes, set to 1
PT_DELETED = "0"

# If a PT_DELETED event is triggered, then if the following contains the path to
# a script, it will be run in a child process and passed the executable, pid,
# account for the process, and parent pid
#
# The action script must have the execute bit and interpreter (shebang) set. An
# example is provided in /usr/local/csf/bin/pt_deleted_action.pl
#
# WARNING: Make sure you read and understand the potential security
# implications of such processes in PT_DELETED above before simply restarting
# such processes with a script
PT_DELETED_ACTION = ""

# User Process Tracking. This option enables the tracking of the number of
# process any given account is running at one time. If the number of processes
# exceeds the value of the following setting an email alert is sent with
# details of those processes. If you specify a user in csf.pignore it will be
# ignored
#
# Set to 0 to disable this feature
PT_USERPROC = "10"

# This User Process Tracking option sends an alert if any user process exceeds
# the virtual memory usage set (MB). To ignore specific processes or users use
# csf.pignore
#
# Set to 0 to disable this feature
PT_USERMEM = "512"

# This User Process Tracking option sends an alert if any user process exceeds
# the RSS memory usage set (MB) - RAM used, not virtual. To ignore specific
# processes or users use csf.pignore
#
# Set to 0 to disable this feature
PT_USERRSS = "256"

# This User Process Tracking option sends an alert if any cPanel user process
# exceeds the time usage set (seconds). To ignore specific processes or users
# use csf.pignore
#
# Set to 0 to disable this feature
PT_USERTIME = "1800"

# If this option is set then processes detected by PT_USERMEM, PT_USERTIME or
# PT_USERPROC are killed
#
# Warning: We don't recommend enabling this option unless absolutely necessary
# as it can cause unexpected problems when processes are suddenly terminated.
# It can also lead to system processes being terminated which could cause
# stability issues. It is much better to leave this option disabled and to
# investigate each case as it is reported when the triggers above are breached
#
# Note: Processes that are running deleted excecutables (see PT_DELETED) will
# not be killed by lfd
PT_USERKILL = "0"

# If you want to disable email alerts if PT_USERKILL is triggered, then set
# this option to 0
PT_USERKILL_ALERT = "1"

# If a PT_* event is triggered, then if the following contains the path to
# a script, it will be run in a child process and passed the PID(s) of the
# process(es) in a comma separated list.
#
# The action script must have the execute bit and interpreter (shebang) set
PT_USER_ACTION = ""

# Check the PT_LOAD_AVG minute Load Average (can be set to 1 5 or 15 and
# defaults to 5 if set otherwise) on the server every PT_LOAD seconds. If the
# load average is greater than or equal to PT_LOAD_LEVEL then an email alert is
# sent. lfd then does not report subsequent high load until PT_LOAD_SKIP
# seconds has passed to prevent email floods.
#
# Set PT_LOAD to "0" to disable this feature
PT_LOAD = "30"
PT_LOAD_AVG = "5"
PT_LOAD_LEVEL = "6"
PT_LOAD_SKIP = "3600"

# This is the Apache Server Status URL used in the email alert. Requires the
# Apache mod_status module to be installed and configured correctly
PT_APACHESTATUS = "http://127.0.0.1/whm-server-status"

# If a PT_LOAD event is triggered, then if the following contains the path to
# a script, it will be run in a child process. For example, the script could
# contain commands to terminate and restart httpd, php, exim, etc incase of
# looping processes. The action script must have the execute bit an 
# interpreter (shebang) set
PT_LOAD_ACTION = ""

# Fork Bomb Protection. This option checks the number of processes with the
# same session id and if greater than the value set, the whole session tree is
# terminated and an alert sent
#
# You can see an example of common session id processes on most Linux systems
# using: "ps axf -O sid"
#
# On cPanel servers, PT_ALL_USERS should be enabled to use this option
# effectively
#
# This option will check root owned processes. Session id 0 and 1 will always
# be ignored as they represent kernel and init processes. csf.pignore will be
# honoured, but bear in mind that a session tree can contain a variety of users
# and executables
#
# Care needs to be taken to ensure that this option only detects runaway fork
# bombs, so should be set higher than any session tree is likely to get (e.g.
# httpd could have 100s of legitimate children on very busy systems). A
# sensible starting point on most servers might be 250
PT_FORKBOMB = "0"

# Terminate hung SSHD sessions. When under an SSHD login attack, SSHD processes
# are often left hanging after their connecting IP addresses have been blocked
#
# This option will terminate the SSH processes created by the blocked IP. This
# option is preferred over PT_SSHDHUNG
PT_SSHDKILL = "0"

# This option will terminate all processes with the cmdline of "sshd: unknown
# [net]" or "sshd: unknown [priv]" if they have been running for more than 60
# seconds
#
# This option is now deprecated and will be removed in the future. PT_SSHDKILL
# should be used instead
PT_SSHDHUNG = "0"

###############################################################################
# SECTION:Port Scan Tracking
###############################################################################
# Port Scan Tracking. This feature tracks port blocks logged by iptables to
# syslog. If an IP address generates a port block that is logged more than
# PS_LIMIT within PS_INTERVAL seconds, the IP address will be blocked.
#
# This feature could, for example, be useful for blocking hackers attempting
# to access the standard SSH port if you have moved it to a port other than 22
# and have removed 22 from the TCP_IN list so that connection attempts to the
# old port are being logged
#
# This feature blocks all iptables blocks from the iptables logs, including
# repeated attempts to one port or SYN flood blocks, etc
#
# Note: This feature will only track iptables blocks from the log file set in
# IPTABLES_LOG below and if you have DROP_LOGGING enabled. However, it will
# cause redundant blocking with DROP_IP_LOGGING enabled
#
# Warning: It's possible that an elaborate DDOS (i.e. from multiple IP's)
# could very quickly fill the iptables rule chains and cause a DOS in itself.
# The DENY_IP_LIMIT should help to mitigate such problems with permanent blocks
# and the DENY_TEMP_IP_LIMIT with temporary blocks
#
# Set PS_INTERVAL to "0" to disable this feature. A value of between 60 and 300
# would be sensible to enable this feature
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
PS_INTERVAL = "0"
PS_LIMIT = "10"

# You can specify the ports and/or port ranges that should be tracked by the
# Port Scan Tracking feature. The following setting is a comma separated list
# of those ports and uses the same format as TCP_IN. The setting of
# 0:65535,ICMP,INVALID,OPEN,BRD covers all ports
#
# Special values are:
#   ICMP    - include ICMP blocks (see ICMP_*)
#   INVALID - include INVALID blocks (see PACKET_FILTER)
#   OPEN    - include TCP_IN and UDP_IN open port blocks - *[proto]_IN Blocked*
#   BRD     - include UDP Broadcast IPs, otherwise they are ignored
PS_PORTS = "0:65535,ICMP"

# To specify how many different ports qualifies as a Port Scan you can increase
# the following from the default value of 1. The risk in doing so will mean
# that persistent attempts to attack a specific closed port will not be
# detected and blocked
PS_DIVERSITY = "1"

# You can select whether IP blocks for Port Scan Tracking should be temporary
# or permanent. Set PS_PERMANENT to "0" for temporary and "1" for permanent
# blocking. If set to "0" PS_BLOCK_TIME is the amount of time in seconds to
# temporarily block the IP address for
PS_PERMANENT = "0"
PS_BLOCK_TIME = "3600"

# Set the following to "1" to enable Port Scan Tracking email alerts, set to
# "0" to disable them
PS_EMAIL_ALERT = "1"

###############################################################################
# SECTION:User ID Tracking
###############################################################################
# User ID Tracking. This feature tracks UID blocks logged by iptables to
# syslog. If a UID generates a port block that is logged more than UID_LIMIT
# times within UID_INTERVAL seconds, an alert will be sent
#
# Note: This feature will only track iptables blocks from the log file set in
# IPTABLES_LOG and if DROP_OUT_LOGGING and DROP_UID_LOGGING are enabled.
#
# To ignore specific UIDs list them in csf.uidignore and then restart lfd
#
# Set UID_INTERVAL to "0" to disable this feature. A value of between 60 and 300
# would be sensible to enable this feature
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
UID_INTERVAL = "0"
UID_LIMIT = "10"

# You can specify the ports and/or port ranges that should be tracked by the
# User ID Tracking feature. The following setting is a comma separated list
# of those ports and uses the same format as TCP_OUT. The default setting of
# 0:65535,ICMP covers all ports
UID_PORTS = "0:65535,ICMP"

###############################################################################
# SECTION:Account Tracking
###############################################################################
# Account Tracking. The following options enable the tracking of modifications
# to the accounts on a server. If any of the enabled options are triggered by
# a modifications to an account, an alert email is sent. Only the modification
# is reported. The cause of the modification will have to be investigated
# manually
#
# You can set AT_ALERT to the following:
# 0 = disable this feature
# 1 = enable this feature for all accounts
# 2 = enable this feature only for superuser accounts (UID = 0, e.g. root, etc)
# 3 = enable this feature only for the root account
AT_ALERT = "2"

# This options is the interval between checks in seconds
AT_INTERVAL = "60"

# Send alert if a new account is created
AT_NEW = "1"

# Send alert if an existing account is deleted
AT_OLD = "1"

# Send alert if an account password has changed
AT_PASSWD = "1"

# Send alert if an account uid has changed
AT_UID = "1"

# Send alert if an account gid has changed
AT_GID = "1"

# Send alert if an account login directory has changed
AT_DIR = "1"

# Send alert if an account login shell has changed
AT_SHELL = "1"

###############################################################################
# SECTION:Integrated User Interface
###############################################################################
# Integrated User Interface. This feature provides a HTML UI to csf and lfd,
# without requiring a control panel or web server. The UI runs as a sub process
# to the lfd daemon
#
# As it runs under the root account and successful login provides root access
# to the server, great care should be taken when configuring and using this
# feature. There are additional restrictions to enhance secure access to the UI
#
# See readme.txt for more information about using this feature BEFORE enabling
# it for security and access reasons
# 
# 1 to enable, 0 to disable
UI = "0"

# Set this to the port that want to bind this service to. You should configure
# this port to be >1023 and different from any other port already being used
#
# Do NOT enable access to this port in TCP_IN, instead only allow trusted IP's
# to the port using Advanced Allow Filters (see readme.txt)
UI_PORT = "6666"

# Optionally set the IP address to bind to. Normally this should be left blank
# to bind to all IP addresses on the server.
#
# If the server is configured for IPv6 but the IP to bind to is IPv4, then the
# IP address MUST use the IPv6 representation. For example 1.2.3.4 must use
# ::ffff:1.2.3.4
#
# Leave blank to bind to all IP addresses on the server
UI_IP = ""

# This should be a secure, hard to guess username
# 
# This must be changed from the default
UI_USER = "username"

# This should be a secure, hard to guess password. That is, at least 8
# characters long with a mixture of upper and lowercase characters plus 
# numbers and non-alphanumeric characters
#
# This must be changed from the default
UI_PASS = "password"

# This is the login session timeout. If there is no activity for a logged in
# session within this number of seconds, the session will timeout and a new
# login will be required
#
# For security reasons, you should always keep this option low (i.e 60-300)
UI_TIMEOUT = "300"

# This is the maximum concurrent connections allowed to the server. The default
# value should be sufficient
UI_CHILDREN = "5"

# The number of login retries allowed within a 24 hour period. A successful
# login from the IP address will clear the failures
#
# For security reasons, you should always keep this option low (i.e 0-10)
UI_RETRY = "5"

# If enabled, this option will add the connecting IP address to the file 
# /etc/csf/ui/ui.ban after UI_RETRY login failures. The IP address will not be
# able to login to the UI while it is listed in this file. The UI_BAN setting
# does not refer to any of the csf/lfd allow or ignore files, e.g. csf.allow,
# csf.ignore, etc.
#
# For security reasons, you should always enable this option
UI_BAN = "1"

# If enabled, only IPs (or CIDR's) listed in the file /etc/csf/ui/ui.allow will
# be allowed to login to the UI. The UI_ALLOW setting does not refer to any of
# the csf/lfd allow or ignore files, e.g. csf.allow, csf.ignore, etc.
#
# For security reasons, you should always enable this option and use ui.allow
UI_ALLOW = "1"

# If enabled, this option will trigger an iptables block through csf after
# UI_RETRY login failures
#
# 0 = no block;1 = perm block;nn=temp block for nn secs
UI_BLOCK = "1"

# This controls what email alerts are sent with regards to logins to the UI. It
# uses the uialert.txt template
#
# 4 = login success + login failure/ban/block + login attempts
# 3 = login success + login failure/ban/block
# 2 = login failure/ban/block
# 1 = login ban/block
# 0 = disabled
UI_ALERT = "4"

# This is the SSL cipher list that the Integrated UI will negotiate from
UI_CIPHER = "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP:!kEDH"

# This is the SSL protocol version used. See IO::Socket::SSL if you wish to
# change this and to understand the implications of changing it
UI_SSL_VERSION = "SSLv23:!SSLv3:!SSLv2"

# If cxs is installed then enabling this option will provide a dropdown box to
# switch between applications
UI_CXS = "0"

# There is a modified installation of ConfigServer Explorer (cse) provided with
# the csf distribution. If this option is enabled it will provide a dropdown
# box to switch between applications
UI_CSE = "0"

###############################################################################
# SECTION:Messenger service
###############################################################################
# Messenger service. This feature allows the display of a message to a blocked
# connecting IP address to inform the user that they are blocked in the
# firewall. This can help when users get themselves blocked, e.g. due to
# multiple login failures. The service is provided by two daemons running on
# ports providing either an HTML or TEXT message
#
# This feature does not work on servers that do not have the iptables module
# ipt_REDIRECT loaded. Typically, this will be with MONOLITHIC kernels. VPS
# server admins should check with their VPS host provider that the iptables
# module is included
#
# IPv6 will need the IO::Socket::INET6 perl module
#
# For further information on features and limitations refer to the csf
# readme.txt
#
# Note: Run /etc/csf/csftest.pl to check whether this option will function on
# this server
#
# 1 to enable, 0 to disable
MESSENGER = "0"

# Provide this service to temporary IP address blocks
MESSENGER_TEMP = "1"

# Provide this service to permanent IP address blocks
MESSENGER_PERM = "1"

# User account to run the service servers under. We recommend creating a
# specific non-priv, non-shell account for this purpose
#
# Note: When using MESSENGERV2, this account must NOT be a valid control panel
# account, it must be created manually as explained in the csf readme.txt
MESSENGER_USER = "csf"

# This option points to the file(s) containing the Apache VirtualHost SSL
# definitions. This can be a file glob if there are multiple files to search.
# Only Apache v2 SSL VirtualHost definitions are supported
#
# This is used by MESSENGERV1 and MESSENGERV2 only
MESSENGER_HTTPS_CONF = "/usr/local/apache/conf/httpd.conf"

# The following options can be specified to provide a default fallback
# certificate to be used if either SNI is not supported or a hosted domain does
# not have an SSL certificate. If a fallback is not provided, one of the certs
# obtained from MESSENGER_HTTPS_CONF will be used
#
# This is used by MESSENGERV1 and MESSENGERV2 only
MESSENGER_HTTPS_KEY = "/var/cpanel/ssl/cpanel/mycpanel.pem"
MESSENGER_HTTPS_CRT = "/var/cpanel/ssl/cpanel/mycpanel.pem"

# Set this to the port that will receive the HTTPS HTML message. You should
# configure this port to be >1023 and different from the TEXT and HTML port. Do
# NOT enable access to this port in TCP_IN. This option requires the perl
# module IO::Socket::SSL at a version level that supports SNI (1.83+).
# Additionally the version of openssl on the server must also support SNI
#
# The option uses existing SSL certificates on the server for each domain to
# maintain a secure connection without browser warnings. It uses SNI to choose
# the correct certificate to use for each client connection
#
# Warning: On some servers the amount of memory used by the HTTPS MESSENGER
# service can become significant depending on various factors associated with
# the use of IO::Socket::SSL including the number of domains and certificates
# served. This is normally only an issue if using MESSENGERV1
MESSENGER_HTTPS = "8887"

# This comma separated list are the HTTPS HTML ports that will be redirected
# for the blocked IP address. If you are using per application blocking
# (LF_TRIGGER) then only the relevant block port will be redirected to the
# messenger port
#
# Recommended setting "443" plus any end-user control panel SSL ports. So, for
# cPanel: "443,2083,2096"
MESSENGER_HTTPS_IN = "443,2083,2096"

# Set this to the port that will receive the HTML message. You should configure
# this port to be >1023 and different from the TEXT port. Do NOT enable access
# to this port in TCP_IN
MESSENGER_HTML = "8888"

# This comma separated list are the HTML ports that will be redirected for the
# blocked IP address. If you are using per application blocking (LF_TRIGGER)
# then only the relevant block port will be redirected to the messenger port
MESSENGER_HTML_IN = "80,2082,2095"

# Set this to the port that will receive the TEXT message. You should configure
# this port to be >1023 and different from the HTML port. Do NOT enable access
# to this port in TCP_IN
MESSENGER_TEXT = "8889"

# This comma separated list are the TEXT ports that will be redirected for the
# blocked IP address. If you are using per application blocking (LF_TRIGGER)
# then only the relevant block port will be redirected to the messenger port
MESSENGER_TEXT_IN = "21"

# These settings limit the rate at which connections can be made to the
# messenger service servers. Its intention is to provide protection from
# attacks or excessive connections to the servers. If the rate is exceeded then
# iptables will revert for the duration to the normal blocking activity
#
# See the iptables man page for the correct --limit rate syntax
MESSENGER_RATE = "100/s"
MESSENGER_BURST = "150"

# MESSENGERV1 only:
#------------------------------------------------------------------------------
# This is the maximum concurrent connections allowed to each service server
#
# Note: This number should be increased to cater for the number of local images
# served by this page, including one for favicon.ico. This is because each
# image displayed counts as an additional connection
MESSENGER_CHILDREN = "20"

# This options ignores ServerAlias definitions that begin with "mail.". This
# can help reduce memory usage on systems that do not require the use of
# MESSENGER_HTTPS on those subdomains
#
# Set to 0 to include these ServerAlias definitions
MESSENGER_HTTPS_SKIPMAIL = "1"

# MESSENGERV2 only:
#------------------------------------------------------------------------------
# MESSENGERV2. This option is available on cPanel servers running Apache v2.4+
# under EA4.
#
# This uses the Apache http daemon to provide the web server functionality for
# the MESSENGER HTML and HTTPS services. It uses a fraction of the resources
# that the lfd inbuilt service uses and overcomes the memory overhead of using
# the MESSENGER HTTPS service
#
# For more information consult readme.txt before enabling this option
MESSENGERV2 = "0"

# MESSENGERV3 only:
#------------------------------------------------------------------------------
# MESSENGERV3. This option is available on any server running Apache v2.4+,
# Litespeed or Openlitespeed
#
# This uses the web server http daemon to provide the web server functionality
# for the MESSENGER HTML and HTTPS services. It uses a fraction of the
# resources that the lfd inbuilt service uses and overcomes the memory overhead
# of using the MESSENGER HTTPS service
#
# For more information consult readme.txt before enabling this option
MESSENGERV3 = "0"

# This is the file or directory where the additional web server configuration
# file should be included
MESSENGERV3LOCATION = "/etc/apache2/conf.d/"

# This is the command to restart the web server
MESSENGERV3RESTART = "/scripts/restartsrv_httpd"

# This is the command to test the validity of the web server configuration. If
# using Litespeed, set to ""
MESSENGERV3TEST = "/usr/sbin/apachectl -t"

# This must be set to the main httpd.conf file for either Apache or Litespeed
MESSENGERV3HTTPS_CONF = "/usr/local/apache/conf/httpd.conf"

# This can be set to either:
# "apache" - for servers running Apache v2.4+ or Litespeed using Apache
# configuration
# "litespeed" - for Litespeed or Openlitespeed
MESSENGERV3WEBSERVER = "apache"

# On creation, set the MESSENGER_USER public_html directory permissions to
# Note: If you precreate this directory the following setting will be ignored
MESSENGERV3PERMS = "711"

# On creation, set the MESSENGER_USER public_html directory group user to
# Note: If you precreate this directory the following setting will be ignored
MESSENGERV3GROUP = "nobody"

# This is the web server configuration to allow PHP scripts to run. If left
# empty, the MESSENGER service will try to configure this. If this does not
# work, this should be set as an "Include /path/to/csf_php.conf" or similar
# file which must contain appropriate web server configuration to allow PHP
# scripts to run. This line will be included within each MESSENGER VirtualHost
# container. This will replace the [MESSENGERV3PHPHANDLER] line from the csf
# webserver template files
MESSENGERV3PHPHANDLER = ""

# RECAPTCHA:
#------------------------------------------------------------------------------
# The RECAPTCHA options provide a way for end-users that have blocked
# themselves in the firewall to unblock themselves.
#
# A valid Google ReCAPTCHA (v2) key set is required for this feature from:
# https://www.google.com/recaptcha/intro/index.html
#
# When configuring a new reCAPTCHA API key set you must ensure that the option
# for "Domain Name Validation" is unticked so that the same reCAPTCHA can be
# used for all domains hosted on the server. lfd then checks that the hostname
# of the request resolves to an IP on this server
#
# This feature requires the installation of the LWP::UserAgent perl module (see
# option URLGET for more details)
#
# The template used for this feature is /etc/csf/messenger/index.recaptcha.html
#
# Note: An unblock will fail if the end-users IP is located in a netblock,
# blocklist or CC_* deny entry
RECAPTCHA_SITEKEY = ""
RECAPTCHA_SECRET = ""

# Send an email when an IP address successfully attempts to unblock themselves.
# This does not necessarily mean the IP was unblocked, only that the
# post-recaptcha unblock request was attempted
#
# Set to "0" to disable
RECAPTCHA_ALERT = "1"

# If the server uses NAT then resolving the hostname to hosted IPs will likely
# not succeed. In that case, the external IP addresses must be listed as comma
# separated list here
RECAPTCHA_NAT = ""

###############################################################################
# SECTION:lfd Clustering
###############################################################################
# lfd Clustering. This allows the configuration of an lfd cluster environment
# where a group of servers can share blocks and configuration option changes.
# Included are CLI and UI options to send requests to the cluster.
#
# See the readme.txt file for more information and details on setup and
# security risks.
#
# Set this to a comma separated list of cluster member IP addresses to send
# requests to. Alternatively, it can be set to the full path of a file that
# will read in one IP per line, e.g.:
# "/etc/csf/cluster_sendto.txt"
CLUSTER_SENDTO = ""

# Set this to a comma separated list of cluster member IP addresses to receive
# requests from. Alternatively, it can be set to the full path of a file that
# will read in one IP per line, e.g.:
# "/etc/csf/cluster_recvfrom.txt"
CLUSTER_RECVFROM = ""

# IP address of the master node in the cluster allowed to send CLUSTER_CONFIG
# changes
CLUSTER_MASTER = ""

# If this is a NAT server, set this to the public IP address of this server
CLUSTER_NAT = ""

# If a cluster member should send requests on an IP other than the default IP,
# set it here
CLUSTER_LOCALADDR = ""

# Cluster communication port (must be the same on all member servers). There
# is no need to open this port in the firewall as csf will automatically add
# in and out bound rules to allow communication between cluster members
CLUSTER_PORT = "7777"

# This is a secret key used to encrypt cluster communications using the
# Blowfish algorithm. It should be between 8 and 56 characters long,
# preferably > 20 random characters
# 56 chars:    01234567890123456789012345678901234567890123456789012345
CLUSTER_KEY = ""

# Automatically send lfd blocks to all members of CLUSTER_SENDTO. Those
# servers must have this servers IP address listed in their CLUSTER_RECVFROM
#
# Set to 0 to disable this feature
CLUSTER_BLOCK = "1"

# This option allows the enabling and disabling of the Cluster configuration
# changing options --cconfig, --cconfigr, --cfile, --ccfile sent from the
# CLUSTER_MASTER server
#
# Set this option to 1 to allow Cluster configurations to be received
CLUSTER_CONFIG = "0"

# Maximum number of child processes to listen on. High blocking rates or large
# clusters may need to increase this
CLUSTER_CHILDREN = "10"

###############################################################################
# SECTION:Port Knocking
###############################################################################
# Port Knocking. This feature allows port knocking to be enabled on multiple
# ports with a variable number of knocked ports and a timeout. There must be a
# minimum of 3 ports to knock for an entry to be valid
#
# See the following for information regarding Port Knocking:
# http://www.portknocking.org/
#
# This feature does not work on servers that do not have the iptables module
# ipt_recent loaded. Typically, this will be with MONOLITHIC kernels. VPS
# server admins should check with their VPS host provider that the iptables
# module is included
#
# For further information and syntax refer to the Port Knocking section of the
# csf readme.txt
#
# Note: Run /etc/csf/csftest.pl to check whether this option will function on
# this server
#
# openport;protocol;timeout;kport1;kport2;kport3[...;kportN],...
# e.g.: 22;TCP;20;100;200;300;400
PORTKNOCKING = ""

# Enable PORTKNOCKING logging by iptables
PORTKNOCKING_LOG = "1"

# Send an email alert if the PORTKNOCKING port is opened. PORTKNOCKING_LOG must
# also be enabled to use this option
#
# SECURITY NOTE: This option is affected by the RESTRICT_SYSLOG option. Read
# this file about RESTRICT_SYSLOG before enabling this option:
PORTKNOCKING_ALERT = "0"

###############################################################################
# SECTION:Log Scanner
###############################################################################
# Log Scanner. This feature will send out an email summary of the log lines of
# each log listed in /etc/csf/csf.logfiles. All lines will be reported unless
# they match a regular expression in /etc/csf/csf.logignore
#
# File globbing is supported for logs listed in /etc/csf/csf.logfiles. However,
# be aware that the more files lfd has to track, the greater the performance
# hit. Note: File globs are only evaluated when lfd is started
#
# Note: lfd builds the report continuously from lines logged after lfd has
# started, so any lines logged when lfd is not running will not be reported
# (e.g. during reboot). If lfd is restarted, then the report will include any
# lines logged during the previous lfd logging period that weren't reported
#
# 1 to enable, 0 to disable
LOGSCANNER = "0"

# This is the interval each report will be sent based on the logalert.txt
# template
#
# The interval can be set to:
# "hourly" - sent on the hour
# "daily"  - sent at midnight (00:00)
# "manual" - sent whenever "csf --logrun" is run. This allows for scheduling
#            via cron job
LOGSCANNER_INTERVAL = "hourly"

# Report Style
# 1 = Separate chronological log lines per log file
# 2 = Simply chronological log of all lines
LOGSCANNER_STYLE = "1"

# Send the report email even if no log lines reported
# 1 to enable, 0 to disable
LOGSCANNER_EMPTY = "1"

# Maximum number of lines in the report before it is truncated. This is to
# prevent log lines flooding resulting in an excessively large report. This
# might need to be increased if you choose a daily report
LOGSCANNER_LINES = "5000"

###############################################################################
# SECTION:Statistics Settings
###############################################################################
# Statistics
#
# Some of the Statistics output requires the gd graphics library and the
# GD::Graph perl module with all dependent modules to be installed for the UI
# for them to be displayed
#
# This option enabled statistical data gathering
ST_ENABLE = "1"

# This option determines how many iptables log lines to store for reports
ST_IPTABLES = "100"

# This option indicates whether rDNS and CC lookups are performed at the time
# the log line is recorded (this is not performed when viewing the reports)
#
# Warning: If DROP_IP_LOGGING is enabled and there are frequent iptables hits,
# then enabling this setting could cause serious performance problems
ST_LOOKUP = "0"

# This option will gather basic system statstics. Through the UI it displays
# various graphs for disk, cpu, memory, network, etc usage over 4 intervals:
#  . Hourly (per minute)
#  . 24 hours (per minute)
#  . 7 days (per minute averaged over an hour)
#  . 30 days (per minute averaged over an hour) - user definable
# The data is stored in /var/lib/csf/stats/system and the option requires the
# perl GD::Graph module
#
# Note: Disk graphs do not show on Virtuozzo/OpenVZ servers as the kernel on
# those systems do not store the required information in /proc/diskstats
# On new installations or when enabling this option it will take time for these
# graphs to be populated
ST_SYSTEM = "1"

# Set the maximum days to collect statistics for. The default is 30 days, the
# more data that is collected the longer it will take for each of the graphs to
# be generated
ST_SYSTEM_MAXDAYS = "30"

# If ST_SYSTEM is enabled, then these options can collect MySQL statistical
# data. To use this option the server must have the perl modules DBI and
# DBD::mysql installed.
#
# Set this option to "0" to disable MySQL data collection
ST_MYSQL = "0"

# The following options are for authentication for MySQL data collection. If
# the password is left blank and the user set to "root" then the procedure will
# look for authentication data in /root/.my.cnf. Otherwise, you will need to
# provide a MySQL username and password to collect the data. Any MySQL user
# account can be used
ST_MYSQL_USER = "root"
ST_MYSQL_PASS = ""
ST_MYSQL_HOST = "localhost"

# If ST_SYSTEM is enabled, then this option can collect Apache statistical data
# The value for PT_APACHESTATUS must be correctly set
ST_APACHE = "0"

# The following options measure disk write performance using dd (location set
# via the DD setting). It creates a 64MB file called /var/lib/dd_write_test and
# the statistics will plot the MB/s response time of the disk. As this is an IO
# intensive operation, it may not be prudent to run this test too often, so by
# default it is only run every 5 minutes and the result duplicated for each
# intervening minute for the statistics
#
# This is not necessrily a good measure of disk performance, primarily because
# the measurements are for relatively small amounts of data over a small amount
# of time. To properly test disk performance there are a variety of tools
# available that should be run for extended periods of time to obtain an
# accurate measurement. This metric is provided to give an idea of how the disk
# is performing over time
#
# Note: There is a 15 second timeout performing the check
#
# Set to 0 to disable, 1 to enable
ST_DISKW = "0"

# The number of minutes that elapse between tests. Default is 5, minimum is 1.
ST_DISKW_FREQ = "5"

# This is the command line passed to dd. If you are familiar with dd, or wish
# to move the output file (of) to a different disk, then you can alter this
# command. Take great care when making any changes to this command as it is
# very easy to overwrite a disk using dd if you make a mistake
ST_DISKW_DD = "if=/dev/zero of=/var/lib/csf/dd_test bs=1MB count=64 conv=fdatasync"

###############################################################################
# SECTION:Docker Settings
###############################################################################
# This section provides the configuration of iptables rules to allow Docker
# containers to communicate through the host. If the generated rules do not
# work with your setup you will have to use a /etc/csf/csfpost.sh file and add
# your own iptables configuration instead
#
# 1 to enable, 0 to disable
DOCKER = "0"

# The network device on the host
DOCKER_DEVICE = "docker0"

# Docker container IPv4 range
DOCKER_NETWORK4 = "172.17.0.0/16"

# Docker container IPv6 range. IPV6 must be enabled and the IPv6 nat table
# available (see IPv6 section). Leave blank to disable
DOCKER_NETWORK6 = "2001:db8:1::/64"

###############################################################################
# SECTION:OS Specific Settings
###############################################################################
# Binary locations
IPTABLES = "/sbin/iptables"
IPTABLES_SAVE = "/sbin/iptables-save"
IPTABLES_RESTORE = "/sbin/iptables-restore"
IP6TABLES = "/sbin/ip6tables"
IP6TABLES_SAVE = "/sbin/ip6tables-save"
IP6TABLES_RESTORE = "/sbin/ip6tables-restore"
MODPROBE = "/sbin/modprobe"
IFCONFIG = "/sbin/ifconfig"
SENDMAIL = "/usr/sbin/sendmail"
PS = "/bin/ps"
VMSTAT = "/usr/bin/vmstat"
NETSTAT = "/bin/netstat"
LS = "/bin/ls"
MD5SUM = "/usr/bin/md5sum"
TAR = "/bin/tar"
CHATTR = "/usr/bin/chattr"
UNZIP = "/usr/bin/unzip"
GUNZIP = "/bin/gunzip"
DD = "/bin/dd"
TAIL = "/usr/bin/tail"
GREP = "/bin/grep"
ZGREP = "/usr/bin/zgrep"
IPSET = "/usr/sbin/ipset"
SYSTEMCTL = "/usr/bin/systemctl"
HOST = "/usr/bin/host"
IP = "/sbin/ip"
CURL = "/usr/bin/curl"
WGET = "/usr/bin/wget"

# Log file locations
#
# File globbing is allowed for the following logs. However, be aware that the
# more files lfd has to track, the greater the performance hit
#
# Note: File globs are only evaluated when lfd is started
#
HTACCESS_LOG = "/usr/local/apache/logs/error_log"
MODSEC_LOG = "/usr/local/apache/logs/error_log"
SSHD_LOG = "/var/log/secure"
SU_LOG = "/var/log/secure"
SUDO_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/messages"
SMTPAUTH_LOG = "/var/log/exim_mainlog"
SMTPRELAY_LOG = "/var/log/exim_mainlog"
POP3D_LOG = "/var/log/maillog"
IMAPD_LOG = "/var/log/maillog"
CPANEL_LOG = "/usr/local/cpanel/logs/login_log"
CPANEL_ACCESSLOG = "/usr/local/cpanel/logs/access_log"
SCRIPT_LOG = "/var/log/exim_mainlog"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
SYSLOG_LOG = "/var/log/messages"
WEBMIN_LOG = "/var/log/secure"

CUSTOM1_LOG = "/var/log/customlog"
CUSTOM2_LOG = "/var/log/customlog"
CUSTOM3_LOG = "/var/log/customlog"
CUSTOM4_LOG = "/var/log/customlog"
CUSTOM5_LOG = "/var/log/customlog"
CUSTOM6_LOG = "/var/log/customlog"
CUSTOM7_LOG = "/var/log/customlog"
CUSTOM8_LOG = "/var/log/customlog"
CUSTOM9_LOG = "/var/log/customlog"

# The following are comma separated lists used if LF_SELECT is enabled,
# otherwise they are not used. They are derived from the application returned
# from a regex match in /usr/local/csf/bin/regex.pm
#
# All ports default to tcp blocks. To specify udp or tcp use the format:
# port;protocol,port;protocol,... For example, "53;udp,53;tcp"
PORTS_pop3d = "110,995"
PORTS_imapd = "143,993"
PORTS_htpasswd = "80,443"
PORTS_mod_security = "80,443"
PORTS_mod_qos = "80,443"
PORTS_symlink = "80,443"
PORTS_suhosin = "80,443"
PORTS_cxs = "80,443"
PORTS_bind = "53;udp,53;tcp"
PORTS_ftpd = "20,21"
PORTS_webmin = "10000"
PORTS_cpanel = "2077,2078,2082,2083,2086,2087,2095,2096"
# This list is extended, if present, by the ports defined by
# /etc/chkservd/exim-*
PORTS_smtpauth = "25,465,587"
PORTS_eximsyntax = "25,465,587"
# This list is replaced, if present, by "Port" definitions in
# /etc/ssh/sshd_config
PORTS_sshd = "22"

# For internal use only. You should not enable this option as it could cause
# instability in csf and lfd
DEBUG = "0"
###############################################################################

Youez - 2016 - github.com/yon3zu
LinuXploit