zorp 3.9.5-4 / usr / share / zorp / pylib / Zorp / Config.py

This file is indexed.

/usr/share/zorp/pylib/Zorp/Config.py is in zorp 3.9.5-4.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
############################################################################
##
## Copyright (c) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
## 2010, 2011 BalaBit IT Ltd, Budapest, Hungary
##
## This program is free software; you can redistribute it and/or modify
## it under the terms of the GNU General Public License as published by
## the Free Software Foundation; either version 2 of the License, or
## (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
## GNU General Public License for more details.
##
## You should have received a copy of the GNU General Public License
## along with this program; if not, write to the Free Software
## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
##
##
############################################################################

"""
<module maturity="stable">
  <summary>
    The Config module defines global options of Zorp.
  </summary>
  <description>
    <para>
      This module defines global options of Zorp.
      For a detailed description of the options, see <xref
      linkend="appendix_globaloptions"/>.
    </para>
  </description>
</module>
"""
import new, sys

TRUE = 1
FALSE = 0

config = sys.modules[__name__]

def addConfigContainer(cont):
	"""
	<function internal="yes">
	  <summary>
	    Create a container for global configuration variables.
	  </summary>
	</function>
	"""
	setattr(config, cont, new.module(cont))

addConfigContainer('blob')
# The directory where blobs are swapped out
config.blob.temp_directory = '/var/lib/zorp/tmp/'

# Maximum disk usage (1G)
config.blob.max_disk_usage = 1024*0x100000

# Maximum memory usage (256M)
config.blob.max_mem_usage = 256*0x100000

# Low water mark for blob swapout, it stops when reaching this amount in memory
config.blob.lowat = 96*0x100000

# High water mark for blob swapout, swapout starts when having this amount of memory used
config.blob.hiwat = 128*0x100000

# The maximum size for blobs that are never swapped.
config.blob.noswap_max = 16384

addConfigContainer('audit')

# Whether each session has a separate audit trail file.
config.audit.per_session = FALSE

## Session level options, controlling what to do when auditing is enabled
## for a session.

# whether to write records to audit trail file (if you disable this and
# config.audit.ids, then initializing the audit trail will fail)
config.audit.audit = TRUE

# Whether audit trail encryption is enabled
config.audit.encrypt = FALSE

# Whether to compress audit trails
config.audit.compress = TRUE

# Sign the digest record
config.audit.sign = FALSE

# Timestamp the digest record
config.audit.timestamp = FALSE

config.audit.ids = FALSE

## Compression options

# The compression level for audit trail files
config.audit.compress_level = 1

## Encryption options

# List of X.509 PEM certificates. to encrypt the audit trail with
config.audit.encrypt_certificate_list = None

# File names which contain an X.509 PEM certificate to encrypt the audit
# trail file, overrides the setting for config.audit.encrypt_certificate_list
#config.audit.encrypt_certificate_list_file = [ ["", "" ], ]
# by default empty:
config.audit.encrypt_certificate_list_file = None

# X.509 PEM certificate to encrypt the audit trail file for. Fallback if config.audit.encrypt_certifiace_list is empty
config.audit.encrypt_certificate = None

# File name which contains an X.509 PEM certificate to encrypt the audit
# trail file, overrides the setting for config.audit.encrypt_certificate
config.audit.encrypt_certificate_file = None

## Sign related options

# Seconds between audit trail digest record is written
# Optionally the digest can be timestamped by a server and sign by an RSA key
# This whole record is the digital sign of the trail
config.audit.sign_interval = 30

# RSA or DSA  private key to sign the digest calculated for the sign record
config.audit.sign_private_key = None

# Certificate to sign the digest calculated for the sign record
config.audit.sign_certificate = None

# File of private key to sign the digest calculated for the sign record
config.audit.sign_private_key_file = None

# File of the certificate to sign the digest calculated for the sign record
config.audit.sign_certificate_file = None

## Timestamping options

# Timestamping URL for the digest record
config.audit.timestamp_url = ""

# Policy of the timestamping server (ASN1)
# in form of "1.2.4.3.124.7"
config.audit.timestamp_policy = ""

# Max length of the timestamp field of the digest record
config.audit.timestamp_length = 3072

## IDS options

# Interface to use towards the IDS sensor
config.audit.ids_interface = ""

# IDS source MAC address
config.audit.ids_src_mac = ""

# IDS destination MAC address
config.audit.ids_dst_mac = ""

## Misc parameters

# Audit trail files are reopened (and a new one started) when they reach this number
config.audit.reopen_size_threshold = 2000000000L

# Audit trail files are reopened after this amount of time has elapsed
config.audit.reopen_time_threshold = 28800

# Rate of filling the bucket in byte/sec
config.audit.rate_limit = 2*1024*1024 

# Interval between two notifications, if bucket is empty, in seconds
config.audit.rate_notification_interval = 300

# Maximum size of audit trail files in bytes
config.audit.write_size_max = 50*1024*1024

# Terminate proxy if cannot write audit trail (max size exceeded)
config.audit.terminate_on_max_size = FALSE

addConfigContainer('options')

# The timeout used when establishing server side connection.
config.options.timeout_server_connect = 30000

# The default language used for user messages in various proxies.
config.options.language = "en"

# Zone and CSZoneDispatcher shift cache parameter
config.options.zone_dispatcher_shift_threshold = 1000

# Zone lookup shift cache parameter
config.options.zone_cache_shift_threshold = 1000

# Inbound DAC shift cache parameter
config.options.inbound_service_cache_threshold = 1000

# Outbound DAC shift cache parameter
config.options.outbound_service_cache_threshold = 1000

# DSCP -> thread priority mapping
config.options.dscp_prio_mapping = {}

# KZorp enabled or not. If KZorp is not present in the kernel and this is
# enabled, Zorp startup/shutdown/reload will be delayed by about 5sec
config.options.kzorp_enabled = TRUE

APT Browse - Built by Thomas Orozco.