To: field for all alert emails - LF_ALERT_TO
This option will override the configured To: field in all login failure daemon alert emails. Leave this option empty to
use the To: field setting in each alert template.
Default: empty
From: field for all alert emails - LF_ALERT_FROM
This option will override the configured From: field in all lfd alert emails. Leave this option empty to use the From:
field setting in each alert template.
Default: empty
Relaying SMTP server - LF_ALERT_SMTP
Normally the login failure daemon will send all alerts using the default MTA binary. To send using SMTP directly, you
can set the following to a relaying SMTP server, e.g. 127.0.0.1. Leave this setting blank to use the default MTA.
Default: empty
Block reporting script - BLOCK_REPORT
The login failure daemon can run an external script when it performs an IP address block. This option is the full path
of the external script which must be executable.
Default: empty
Unblock reporting script - UNBLOCK_REPORT
The login failure daemon can run an external script when a temporary block is unblocked. The following
setting can be the full path of the external script which must be executable.
Default: empty
X-ARF reports - X_ARF
Enable the sending of X-ARF reports. Only block alert messages will be sent. These reports are in a format accepted by
many Netblock owners and should help them investigate abuse. Only enable this option after you have checked for
false-positive block reports.
Default: 0 Range: 0-1
From: field for X-ARF reports - X_ARF_FROM
Set the email From: for X-ARF reports.
Default: empty
To: field for X-ARF reports - X_ARF_TO
Set the email To: for X-ARF reports.
Default: empty
X-ARF reports sent to abuse - X_ARF_ABUSE
Automatically send reports to the abuse contact where found. Note: You MUST set X_ARF_FROM to a valid email address for
this option to work. This is so that the abuse contact can reply to the report. However, you should be aware that
without manual checking you could be reporting innocent IP addresses, including your own clients, yourself and your own
servers. We do not recommend enabling this option. Abuse reports should be checked and verified before being forwarded
to the abuse contact.
Default: 0
Login failure blocking alerts - LF_EMAIL_ALERT
Send an email alert if an IP address is blocked by one of the application triggers.
Default: 0 Range: 0-1
Login failure temp blocking alerts - LF_TEMP_EMAIL_ALERT
Send an email alert if an IP address is only temporarily blocked by one of the application triggers. Note: LF_EMAIL_ALERT must still be enabled to get permanent block emails.
Default: 0 Range: 0-1
SSH login alerts - LF_SSH_EMAIL_ALERT
Send an email alert if anyone logs in successfully using SSH.
Default: 1 Range: 0-1
SU alerts - LF_SU_EMAIL_ALERT
Send an email alert if anyone uses su to access another account.
Default: 1 Range: 0-1
Root console login alerts - LF_CONSOLE_EMAIL_ALERT
Send an email alert if anyone logs in successfully to root on the console.
Default: 0 Range: 0-1
Permblock blocking alerts - LF_PERMBLOCK_ALERT
Enable or disable email alerts for permanent blocks.
Default: 1 Range: 0-1
Netblock blocking alerts - LF_NETBLOCK_ALERT
Enable or disable email alerts for permanent blocks by network class.
Default: 1 Range: 0-1
Recaptcha alert - RECAPTCHA_ALERT
Send an email when an IP address successfully attempts to unblock themselves. This does not necessarily mean the IP was unblocked, only that the post-recaptcha unblock request was attempted.
Default: 1
Log file flooding alerts - LOGFLOOD_ALERT
Send an email alert if log file flooding is detected. You should investigate the reported log file for the reason for
the flooding if you receive this alert.
Default: 0 Range: 0-1
Portknocking alerts - PORTKNOCKING_ALERT
Send an email alert if the PORTKNOCKING port is opened. PORTKNOCKING_LOG must also be enabled.
Default: 0 Range: 0-1
Distributed FTP alerts - LF_DISTFTP_ALERT
Send an email alert if LF_DISTFTP is triggered.
Default: 1 Range: 0-1
Distributed FTP alerts - LF_DISTSMTP_ALERTT
Send an email alert if LF_DISTSMTP is triggered.
Default: 1 Range: 0-1
Login tracking alerts - LT_EMAIL_ALERT
Send an email alert if an account exceeds LT_POP3D or LT_IMAPD logins per hour.
Default: 1 Range: 0-1
Connection tracking alerts - CT_EMAIL_ALERT
Send an email alert if an IP address is blocked due to connection tracking.
Default: 1 Range: 0-1
User process killing alerts - PT_USERKILL_ALERT
Email an alert if PT_USERKILL is triggered.
Default: 1 Range: 0-1
Port scan tracking alerts - PS_EMAIL_ALERT
Enable port scan tracking email alerts.
Default: 1 Range: 0-1
Account creation alerts - AT_NEW
Send alert if a new account is created.
Default: 1 Range: 0-1
Account deletion alerts - AT_OLD
Send alert if an existing account is deleted.
Default: 1 Range: 0-1
Account password change alerts - AT_PASSWD
Send alert if an account password has changed.
Default: 1 Range: 0-1
Account UID change alerts - AT_UID
Send alert if an account uid has changed.
Default: 1 Range: 0-1
Account GID change alerts - AT_GID
Send alert if an account gid has changed.
Default: 1 Range: 0-1
Account directory change alerts - AT_DIR
Send alert if an account login directory has changed.
Default: 1 Range: 0-1
Account shell change alerts - AT_SHELL
Send alert if an account login shell has changed.
Default: 1 Range: 0-1