-
Notifications
You must be signed in to change notification settings - Fork 1
/
fetch-ban.conf
55 lines (50 loc) · 2.05 KB
/
fetch-ban.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# Fetch-ban example config file
# Imperial College London, 2014
#
# See "fetch-ban -m" for a listing of all available input
# and output modules in this release / on this system.
# Host section
# This contains the input & system-wide parameters
[host]
## Standard grid authentication parameters
hostcert = /etc/grid-security/hostcert.pem
hostkey = /etc/grid-security/hostkey.pem
cadir = /etc/grid-security/certificates
## The maximum time to randomly wait before starting
delay = 360
## Audit by sending changes to stdout?
audit = true
## Some DNs frequently change (mainly test ones)
## DNs matching this regexp won't be printed to stdout even if
## audit = true above:
no_audit_re = /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=tsubject/CN=000001/CN=Test Subject/CN=.*
## Input modules
## Each input will be used as a source for banned DNs
## The total list from all inputs will be merged and sent to the output modules
input0 = argus:https://argusngi.gridpp.rl.ac.uk:8150/pap/services/XACMLPolicyManagementService#default
input1 = argus:https://argusngi.gridpp.rl.ac.uk:8150/pap/services/XACMLPolicyManagementService#alias1
input2 = static:/etc/fetch-ban.bans
## A database (simple LCAS ban_users.db format) of existing bans
## This will be overwritten on updates and shouldn't be changed manually.
ban_db = /var/lib/fetch-ban/fetch-ban.db
# Module sections
# Each section represents one destination for banning data
# Modules sections can be named anything (other than "host")
# [module]
## The module parameter sets the plugin to load
# module = <module>
## The file parameter sets the target to update but is
## otherwise plugin specific.
## Generally this is a config file
# file = <target>
## An example for banning on nodes with LCAS (CREAM-CE, WMS)
## file is a standard LCAS ban_users.db file to overwrite.
#[ce_ban]
#module = lcas
#file = /etc/lcas/ban_users.db
## An example for banning on nodes with GridSite (WMS)
## file is a standard GACL ACL file to update (existing bans
## will be removed and replaced).
#[wms_ban]
#module = gacl
#file = /etc/glite-wms/glite_wms_wmproxy.gacl