Configure email alert and X-ARF report settings.
juggernaut --task=lfd:reporting
Option |
Value | Default | Description |
---|---|---|---|
--LF_ALERT_TO |
<string> | This option will override the configured To: field in all login failure daemon alert emails. Leave this option empty to use the To: field setting in each alert template. | |
--LF_ALERT_FROM |
<string> | This option will override the configured From: field in all lfd alert emails. Leave this option empty to use the From: field setting in each alert template. | |
--LF_ALERT_SMTP |
<string> | Normally the login failure daemon will send all alerts using the default MTA binary. To send using SMTP directly, you can set the following to a relaying SMTP server, e.g. 127.0.0.1. Leave this setting blank to use the default MTA. | |
--BLOCK_REPORT |
<string> | The login failure daemon can run an external script when it performs an IP address block. This option is the full path of the external script which must be executable. | |
--UNBLOCK_REPORT |
<string> | The login failure daemon can run an external script when a temporary block is unblocked. The following setting can be the full path of the external script which must be executable. | |
--X_ARF |
<1|0> | 0 | Enable the sending of X-ARF reports. Only block alert messages will be sent. These reports are in a format accepted by many Netblock owners and should help them investigate abuse. Only enable this option after you have checked for false-positive block reports. |
--X_ARF_FROM |
<string> | Set the email From: for X-ARF reports. | |
--X_ARF_TO |
<string> | Set the email To: for X-ARF reports. | |
--X_ARF_ABUSE |
<1|0> | 0 | Automatically send reports to the abuse contact where found. Note: You MUST set X_ARF_FROM to a valid email address for this option to work. This is so that the abuse contact can reply to the report. However, you should be aware that without manual checking you could be reporting innocent IP addresses, including your own clients, yourself and your own servers. We do not recommend enabling this option. Abuse reports should be checked and verified before being forwarded to the abuse contact. |
--LF_EMAIL_ALERT |
<1|0> | 0 | Send an email alert if an IP address is blocked by one of the application triggers. |
--LF_TEMP_EMAIL_ALERT |
<1|0> | 0 | Send an email alert if an IP address is only temporarily blocked by one of the application triggers. Note: LF_EMAIL_ALERT must still be enabled to get permanent block emails. |
--LF_SSH_EMAIL_ALERT |
<1|0> | 1 | Send an email alert if anyone logs in successfully using SSH. |
--LF_SU_EMAIL_ALERT |
<1|0> | 1 | Send an email alert if anyone uses su to access another account. |
--LF_SUDO_EMAIL_ALERT |
<1|0> | 0 | Send an email alert if anyone uses sudo to access another account. |
--LF_CONSOLE_EMAIL_ALERT |
<1|0> | 1 | Send an email alert if anyone logs in successfully to root on the console. |
--LF_PERMBLOCK_ALERT |
<1|0> | 1 | Enable or disable email alerts for permanent blocks. |
--LF_NETBLOCK_ALERT |
<1|0> | 1 | Enable or disable email alerts for permanent blocks by network class. |
--RECAPTCHA_ALERT |
<1|0> | 1 | Send an email when an IP address successfully attempts to unblock themselves. This does not necessarily mean the IP was unblocked, only that the post-recaptcha unblock request was attempted. |
--LOGFLOOD_ALERT |
<1|0> | 0 | Send an email alert if log file flooding is detected. You should investigate the reported log file for the reason for the flooding if you receive this alert. |
--PORTKNOCKING_ALERT |
<1|0> | 0 | Send an email alert if the PORTKNOCKING port is opened. PORTKNOCKING_LOG must also be enabled. |
--LF_DISTFTP_ALERT |
<1|0> | 1 | Send an email alert if LF_DISTFTP is triggered. |
--LF_DISTSMTP_ALERT |
<1|0> | 1 | Send an email alert if LF_DISTSMTP is triggered. |
--LT_EMAIL_ALERT |
<1|0> | 1 | Send an email alert if an account exceeds LT_POP3D or LT_IMAPD logins per hour. |
--CT_EMAIL_ALERT |
<1|0> | 1 | Send an email alert if an IP address is blocked due to connection tracking. |
--PT_USERKILL_ALERT |
<1|0> | 1 | Email an alert if PT_USERKILL is triggered. |
--PS_EMAIL_ALERT |
<1|0> | 1 | Enable port scan tracking email alerts. |
--AT_NEW |
<1|0> | 1 | Send alert if a new account is created. |
--AT_OLD |
<1|0> | 1 | Send alert if an existing account is deleted. |
--AT_PASSWD |
<1|0> | 1 | Send alert if an account password has changed. |
--AT_UID |
<1|0> | 1 | Send alert if an account uid has changed. |
--AT_GID |
<1|0> | 1 | Send alert if an account gid has changed. |
--AT_DIR |
<1|0> | 1 | Send alert if an account login directory has changed. |
--AT_SHELL |
<1|0> | 1 | Send alert if an account login shell has changed. |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// set the LF_ALERT_TO
juggernaut --task=lfd:reporting --LF_ALERT_TO='admin@yourdomain.com' --restart=yes
// reset LF_ALERT_TO back to default
juggernaut --task=lfd:reporting --default_option=LF_ALERT_TO --restart=yes
// reset all settings back to default
juggernaut --task=lfd:reporting --default=yes --restart=yes