# LF_SSHD LF_FTPD LF_IMAPD LF_POP3D LF_BIND LF_SUHOSIN LF_SSH_EMAIL_ALERT
# LF_SU_EMAIL_ALERT LF_CONSOLE_EMAIL_ALERT LF_DISTATTACK LF_DISTFTP
# LT_POP3D LT_IMAPD PS_INTERVAL UID_INTERVAL WEBMIN_LOG LF_WEBMIN_EMAIL_ALERT
# PORTKNOCKING_ALERT LF_SUDO_EMAIL_ALERT
# LF_SSHD LF_FTPD LF_POP3D LF_IMAPD LF_SSH_EMAIL_ALERT LF_SU_EMAIL_ALERT
# 2 = Disable only alerts about this feature and do nothing else
# message. If it fails to do so within SYSLOG_CHECK seconds an alert using
# syslogalert.txt is sent
# Send an alert if log file flooding is detected which causes lfd to skip log
# lines to prevent lfd from looping. If this alert is sent you should check the
LOGFLOOD_ALERT = "0"
# By default, lfd will send alert emails using the relevant alert template to
# option will override the configured To: field in all lfd alert emails
# Leave this option empty to use the To: field setting in each alert template
LF_ALERT_TO = ""
# By default, lfd will send alert emails using the relevant alert template from
# option will override the configured From: field in all lfd alert emails
# Leave this option empty to use the From: field setting in each alert template
LF_ALERT_FROM = ""
# By default, lfd will send all alerts using the SENDMAIL binary. To send using
LF_ALERT_SMTP = ""
# In addition to the standard lfd email alerts, you can additionally enable the
# block alert messages will be sent. The reports use our schema at:
# LF_PERMBLOCK, LF_NETBLOCK, LF_DISTATTACK, LF_DISTFTP, RT_*_ALERT
LF_PERMBLOCK_ALERT = "1"
LF_NETBLOCK_ALERT = "1"
# SECTION:Login Failure Blocking and Alerts
# Send an email alert if an IP address is blocked by one of the [*] triggers
LF_EMAIL_ALERT = "1"
# Send an email alert if an IP address is only temporarily blocked by one of
# Note: LF_EMAIL_ALERT must still be enabled to get permanent block emails
LF_TEMP_EMAIL_ALERT = "1"
# [*]Enable detection of repeated suhosin ALERTs
# Send an email alert if anyone logs in successfully using SSH
LF_SSH_EMAIL_ALERT = "1"
# Send an email alert if anyone uses su to access another account. This will
# send an email alert whether the attempt to use su was successful or not
LF_SU_EMAIL_ALERT = "1"
# Send an email alert if anyone uses sudo to access another account. This will
# send an email alert whether the attempt to use sudo was successful or not
LF_SUDO_EMAIL_ALERT = "0"
# Send an email alert if anyone accesses webmin
LF_WEBMIN_EMAIL_ALERT = "1"
# Send an email alert if anyone logs in successfully to root on the console
LF_CONSOLE_EMAIL_ALERT = "1"
# Send an email alert if anyone accesses WHM/cPanel via an account listed in
# LF_CPANEL_ALERT_USERS. An IP address will be reported again 1 hour after the
LF_CPANEL_ALERT = "1"
# If a LF_CPANEL_ALERT event is triggered, then if the following contains the
LF_CPANEL_ALERT_ACTION = ""
# This is a comma separated list of accounts to send alerts for. To send an
# alert for all accounts set this to "all"
LF_CPANEL_ALERT_USERS = "root"
# This setting will then send an alert email if more than LF_SCRIPT_LIMIT lines
LF_SCRIPT_ALERT = "0"
# The limit afterwhich the email alert for email scripts is sent. Care should
# If an LF_SCRIPT_ALERT event is triggered, then if the following can contain
# following information as parameters which also appears in the email alert:
# If this option is enabled, the directory identified by LF_SCRIPT_ALERT will
# Checks the length of the exim queue and sends an alert email if the value of
# Note: If there are problems sending out email, this alert may not be received
LF_QUEUE_ALERT = "2000"
# This option will send an alert if the ModSecurity IP persistent storage grows
# used is modsecipdbalert.txt
LF_MODSECIPDB_ALERT = "5"
# to send an alert in case a possible server compromise is detected
# file is found an email alert is sent. One alert per file per LF_FLUSH
# changes and should they change and email alert using watchalert.txt is sent
# md5sum of a monitored file changes an alert is sent. This option is intended
# Send an email alert if LF_DISTFTP is triggered
LF_DISTFTP_ALERT = "1"
# Send an email alert if LF_DISTSMTP is triggered
LF_DISTSMTP_ALERT = "1"
# Send an email alert if an account exceeds LT_POP3D/LT_IMAPD logins per hour
LT_EMAIL_ALERT = "1"
# server. There are also options to send alerts and block external IP addresses
# RT_[relay type]_ALERT: 0 = disable, 1 = enable
# RT_[relay type]_LIMIT: the limit/hour afterwhich an email alert will be sent
RT_RELAY_ALERT = "1"
RT_AUTHRELAY_ALERT = "1"
RT_POPRELAY_ALERT = "1"
RT_LOCALRELAY_ALERT = "1"
RT_LOCALHOSTRELAY_ALERT = "1"
# information as parameters which also appears in the email alert:
# Send an email alert if an IP address is blocked due to connection tracking
CT_EMAIL_ALERT = "1"
# suspicious process is found an alert email is sent with relevant information.
# exceeds the value of the following setting an email alert is sent with
# This User Process Tracking option sends an alert if any user process exceeds
# This User Process Tracking option sends an alert if any user process exceeds
# This User Process Tracking option sends an alert if any cPanel user process
# If you want to disable email alerts if PT_USERKILL is triggered, then set
PT_USERKILL_ALERT = "1"
# load average is greater than or equal to PT_LOAD_LEVEL then an email alert is
# This is the Apache Server Status URL used in the email alert. Requires the
# terminated and an alert sent
# Set the following to "1" to enable Port Scan Tracking email alerts, set to
PS_EMAIL_ALERT = "1"
# times within UID_INTERVAL seconds, an alert will be sent
# a modifications to an account, an alert email is sent. Only the modification
# You can set AT_ALERT to the following:
AT_ALERT = "2"
# Send alert if a new account is created
# Send alert if an existing account is deleted
# Send alert if an account password has changed
# Send alert if an account uid has changed
# Send alert if an account gid has changed
# Send alert if an account login directory has changed
# Send alert if an account login shell has changed
# This controls what email alerts are sent with regards to logins to the UI. It
# uses the uialert.txt template
UI_ALERT = "4"
RECAPTCHA_ALERT = "1"
# Send an email alert if the PORTKNOCKING port is opened. PORTKNOCKING_LOG must
PORTKNOCKING_ALERT = "0"
# This is the interval each report will be sent based on the logalert.txt
