/usr/share/zorp/pylib/Zorp/Config.py is in zorp 3.9.5-4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 | ############################################################################
##
## Copyright (c) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
## 2010, 2011 BalaBit IT Ltd, Budapest, Hungary
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
##
##
############################################################################
"""
<module maturity="stable">
<summary>
The Config module defines global options of Zorp.
</summary>
<description>
<para>
This module defines global options of Zorp.
For a detailed description of the options, see <xref
linkend="appendix_globaloptions"/>.
</para>
</description>
</module>
"""
import new, sys
TRUE = 1
FALSE = 0
config = sys.modules[__name__]
def addConfigContainer(cont):
"""
<function internal="yes">
<summary>
Create a container for global configuration variables.
</summary>
</function>
"""
setattr(config, cont, new.module(cont))
addConfigContainer('blob')
# The directory where blobs are swapped out
config.blob.temp_directory = '/var/lib/zorp/tmp/'
# Maximum disk usage (1G)
config.blob.max_disk_usage = 1024*0x100000
# Maximum memory usage (256M)
config.blob.max_mem_usage = 256*0x100000
# Low water mark for blob swapout, it stops when reaching this amount in memory
config.blob.lowat = 96*0x100000
# High water mark for blob swapout, swapout starts when having this amount of memory used
config.blob.hiwat = 128*0x100000
# The maximum size for blobs that are never swapped.
config.blob.noswap_max = 16384
addConfigContainer('audit')
# Whether each session has a separate audit trail file.
config.audit.per_session = FALSE
## Session level options, controlling what to do when auditing is enabled
## for a session.
# whether to write records to audit trail file (if you disable this and
# config.audit.ids, then initializing the audit trail will fail)
config.audit.audit = TRUE
# Whether audit trail encryption is enabled
config.audit.encrypt = FALSE
# Whether to compress audit trails
config.audit.compress = TRUE
# Sign the digest record
config.audit.sign = FALSE
# Timestamp the digest record
config.audit.timestamp = FALSE
config.audit.ids = FALSE
## Compression options
# The compression level for audit trail files
config.audit.compress_level = 1
## Encryption options
# List of X.509 PEM certificates. to encrypt the audit trail with
config.audit.encrypt_certificate_list = None
# File names which contain an X.509 PEM certificate to encrypt the audit
# trail file, overrides the setting for config.audit.encrypt_certificate_list
#config.audit.encrypt_certificate_list_file = [ ["", "" ], ]
# by default empty:
config.audit.encrypt_certificate_list_file = None
# X.509 PEM certificate to encrypt the audit trail file for. Fallback if config.audit.encrypt_certifiace_list is empty
config.audit.encrypt_certificate = None
# File name which contains an X.509 PEM certificate to encrypt the audit
# trail file, overrides the setting for config.audit.encrypt_certificate
config.audit.encrypt_certificate_file = None
## Sign related options
# Seconds between audit trail digest record is written
# Optionally the digest can be timestamped by a server and sign by an RSA key
# This whole record is the digital sign of the trail
config.audit.sign_interval = 30
# RSA or DSA private key to sign the digest calculated for the sign record
config.audit.sign_private_key = None
# Certificate to sign the digest calculated for the sign record
config.audit.sign_certificate = None
# File of private key to sign the digest calculated for the sign record
config.audit.sign_private_key_file = None
# File of the certificate to sign the digest calculated for the sign record
config.audit.sign_certificate_file = None
## Timestamping options
# Timestamping URL for the digest record
config.audit.timestamp_url = ""
# Policy of the timestamping server (ASN1)
# in form of "1.2.4.3.124.7"
config.audit.timestamp_policy = ""
# Max length of the timestamp field of the digest record
config.audit.timestamp_length = 3072
## IDS options
# Interface to use towards the IDS sensor
config.audit.ids_interface = ""
# IDS source MAC address
config.audit.ids_src_mac = ""
# IDS destination MAC address
config.audit.ids_dst_mac = ""
## Misc parameters
# Audit trail files are reopened (and a new one started) when they reach this number
config.audit.reopen_size_threshold = 2000000000L
# Audit trail files are reopened after this amount of time has elapsed
config.audit.reopen_time_threshold = 28800
# Rate of filling the bucket in byte/sec
config.audit.rate_limit = 2*1024*1024
# Interval between two notifications, if bucket is empty, in seconds
config.audit.rate_notification_interval = 300
# Maximum size of audit trail files in bytes
config.audit.write_size_max = 50*1024*1024
# Terminate proxy if cannot write audit trail (max size exceeded)
config.audit.terminate_on_max_size = FALSE
addConfigContainer('options')
# The timeout used when establishing server side connection.
config.options.timeout_server_connect = 30000
# The default language used for user messages in various proxies.
config.options.language = "en"
# Zone and CSZoneDispatcher shift cache parameter
config.options.zone_dispatcher_shift_threshold = 1000
# Zone lookup shift cache parameter
config.options.zone_cache_shift_threshold = 1000
# Inbound DAC shift cache parameter
config.options.inbound_service_cache_threshold = 1000
# Outbound DAC shift cache parameter
config.options.outbound_service_cache_threshold = 1000
# DSCP -> thread priority mapping
config.options.dscp_prio_mapping = {}
# KZorp enabled or not. If KZorp is not present in the kernel and this is
# enabled, Zorp startup/shutdown/reload will be delayed by about 5sec
config.options.kzorp_enabled = TRUE
|