-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdefender.conf.example
More file actions
199 lines (174 loc) · 9 KB
/
Copy pathdefender.conf.example
File metadata and controls
199 lines (174 loc) · 9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
# =============================================================================
# NetIRC Defender V3 — defender.conf.example
# Copy to defender.conf next to defender.pl (same directory; that path is $curdir).
# Policy files (deny_version.conf, dnsbl.conf, …) live under datadir= below. defender.conf is gitignored.
# Format: key=value | lines starting with # are comments | no spaces around =
# =============================================================================
# -----------------------------------------------------------------------------
# 1. Hub uplink (P10 / ircu — see C/N lines on the IRCd)
# -----------------------------------------------------------------------------
server=hub.example.org
port=4400
password=change-me
linktype=p10
# Local IP to bind (empty = all interfaces). Optional.
bind=
# -----------------------------------------------------------------------------
# 2. Service server identity (SERVER line / pseudoclient)
# -----------------------------------------------------------------------------
servername=Defender.example.org
numeric=ZZ
sid=0XX
serverdesc=Example IRC Network
# -----------------------------------------------------------------------------
# 3. Pseudoclient / control channel
# -----------------------------------------------------------------------------
botnick=D
domain=Defender.example.org
fullname=NetIRC Defender V3 - network security service
quitmsg=NetIRC Defender V3 - shutdown
channel=#console
# -----------------------------------------------------------------------------
# 4. Network, contact strings (G-lines, notices, etc.)
# -----------------------------------------------------------------------------
networkname=ExampleNet
supportchannel=#console
url=https://example.org/
mail=irc@example.org
# Optional (leave empty or omit if unused — read by Main.pm)
#nickserv=
#opername=
#operpass=
# -----------------------------------------------------------------------------
# 5. Scan modules (comma-separated list, no spaces)
# -----------------------------------------------------------------------------
# Suggested signup stack (each optional except as noted):
# conn_average — burst rate warning (GLOBOPS + optional duplicate on control channel; no auto G-line)
# verbose — "Signed on" on the control channel (put before dnsbl so RBL lookups do not delay it)
# version — CTCP VERSION + deny_version.conf (before dnsbl avoids waiting on RBL before CTCP)
# dnsbl — G-line if client IPv4 is listed (needs datadir/dnsbl.conf); gethostbyname per zone is synchronous
# regexp_akill is documented in README but not loaded here by default; add it to the list below if needed.
# CTCP VERSION is ON only if the name "version" appears below.
# version needs datadir/deny_version.conf (tab-separated rules) to enforce G/K policy.
# dnsbl — copy dnsbl.conf.example to datadir/dnsbl.conf (one RBL zone per block; see example file)
# Keep conn_average before dnsbl (and any scan_user G-line module) so join-rate stats stay correct.
modules=conn_average,verbose,version,dnsbl,flood,nickflood,killchan,message,gline,ipinfo,whois,seen
# -----------------------------------------------------------------------------
# 6. Paths and persistent counters
# -----------------------------------------------------------------------------
datadir=/home/YOURUSER/defender-master
# 1 = persist all-time totals in datadir/defender_persistent_counters.v1 (survive restart).
# File stores since=<unix epoch> for the “cumulative since” line in status.
# 0 = session counters only
persistent_counters=1
# Flush interval for persistent counters file writes (seconds; lower = fresher, higher = faster under burst)
persistent_counters_flush_sec=5
# -----------------------------------------------------------------------------
# 7. File logging (logto=Text) — size rotation / retention
# -----------------------------------------------------------------------------
logto=Text
logpath=/home/YOURUSER/defender-master/defender.log
log_rotate_mb=10
log_rotate_keep=7
log_rotate_interval_sec=300
# -----------------------------------------------------------------------------
# 8. General behaviour
# -----------------------------------------------------------------------------
paranoia=7
authtype=client
# -----------------------------------------------------------------------------
# 9. Control-channel output (verbose module and formatted lines)
# -----------------------------------------------------------------------------
# ugly=1 = plain text (no mIRC colour codes) | ugly=0 = colour-formatted
ugly=0
OneWord=0
# 1 = log each CTCP VERSION reply on the control channel | 0 = hide those lines (deny_version still applies)
version_verbose=0
# Optional: delay between consecutive PRIVMSG to the control channel and globops (WA).
# (ms; 0 = off; max 5000). Unset = off. Only applies if the previous send was within ~1.5s.
control_channel_line_delay_ms=300
# -----------------------------------------------------------------------------
# 10. Scan module thresholds and options
# -----------------------------------------------------------------------------
# gline — extra nicks (comma-separated, case-insensitive) that cannot be G-lined by nick.
# Built-in defaults include Undernet-style X, C and E, plus ChanServ, NickServ, MemoServ, etc.
#gline_protect_nicks=Global,MyCustomService
# conn_average — max sign-ons per minute before GLOBOPS (+ optional duplicate on control channel); 0 = disabled
conn_average_max=30
# attack mode — automatic global profile switch
# 1 = enable auto switch to aggressive profile when flood threshold is hit
attack_mode_auto=1
# Enter attack mode when conn_average sees at least this many connects/minute
attack_mode_enter_conn_per_min=35
# Keep attack mode active for this many seconds (extended if re-triggered)
attack_mode_hold_sec=600
# conn_average — repeat the same warning on the control channel (0 = GLOBOPS only)
conn_average_mirror_console=1
# conn_average — emergency auto-block mode: when threshold is exceeded, new clients are G-lined.
# 0 = disabled, 1 = enabled
conn_average_autoblock=1
# How long the emergency block stays active once triggered (seconds)
conn_average_autoblock_duration_sec=300
# While attack mode is ON, force conn_average autoblock even if conn_average_autoblock=0
conn_average_autoblock_attack_mode=1
# attack-mode override for conn_average_autoblock_duration_sec
attack_conn_average_autoblock_duration_sec=900
# Reason used for auto G-lines in emergency mode
conn_average_autoblock_reason=Connection flood emergency block
# dnsbl — IPv4 lookup cache TTL (seconds; 0 = disable cache)
dnsbl_cache_ttl=300
# dnsbl — max seconds per zone lookup (0 = no timeout)
dnsbl_query_timeout_sec=2
# dnsbl circuit breaker — when connect or timeout rate is too high, DNSBL is
# temporarily skipped to keep the service responsive.
dnsbl_cb_trigger_conn_per_min=80
dnsbl_cb_trigger_timeouts_per_min=20
dnsbl_cb_cooldown_sec=120
# dnsbl — when parser has pending input, skip expensive DNSBL lookups and
# cache temporary clean result for this many seconds (0 = disable soft-cache).
dnsbl_backlog_skip_ttl_sec=3
# attack-mode overrides (used only while attack mode is ON)
attack_dnsbl_query_timeout_sec=1
attack_dnsbl_cb_trigger_conn_per_min=40
attack_dnsbl_cb_trigger_timeouts_per_min=10
attack_dnsbl_cb_cooldown_sec=300
# --- ipinfo (all keys read from defender.conf) ---
# API token from ipinfo.io (recommended: full geo / mobile / proxy fields)
ipinfo_token=
# In-memory cache for API JSON (seconds; 0 = no cache)
ipinfo_cache_ttl_sec=300
# At most this many API calls per sliding window (abuse guard)
ipinfo_burst_limit=20
# Sliding window for ipinfo_burst_limit (seconds)
ipinfo_burst_window_sec=60
# HTTP timeout per request to ipinfo.io (seconds)
ipinfo_http_timeout_sec=10
# version — global CTCP VERSION output limiter (scan_user path)
# If burst is exceeded inside the window, outgoing CTCP VERSION is muted for mute_sec.
version_ctcp_global_burst=120
version_ctcp_global_window_sec=10
version_ctcp_global_mute_sec=30
# attack-mode overrides (used only while attack mode is ON)
attack_version_ctcp_global_burst=50
attack_version_ctcp_global_window_sec=10
attack_version_ctcp_global_mute_sec=120
# regexp_akill_alarm_sec is not used in this profile; keep regexp_akill disabled unless explicitly enabled in modules=
# flood — per-channel message thresholds, temporary +f lock
flood_log=1
flood_globops=2
flood_lock=3
flood_interval=5
flood_lock_seconds=60
flood_mode_double=1
flood_lock_channel_a=1
# flood_mode= — optional: +f mode letters (see flood.pm for allowed set)
# nickflood — rapid nick changes
nickflood_limit=3
# killchan — seconds to wait after JOIN before G-line / oper notice (0 = immediate). Cancelled if they PART the channel first. Max 300.
killchan_join_grace_sec=20
# killchan — pause (seconds) after the "timer expired" NOTICE before G-line / oper follow-up (0 = none). Max 5.
killchan_post_notice_delay_sec=1
# seen — last-seen storage (Storable) in datadir/seen_state.sto; pruned to at most this many nicks
#seen_max_entries=10000
# Optional, not used by current core:
#servregexp=