Provided by:
eurephia_1.0.1-3build1_i386 
NAME
eurephia-variables - eurephia configuration variables
DESCRIPTION
Overview over all eurephia configuration variables. These variables
are stored in the database and can be modified by the eurephiadm config
command.
PASSWORD HASH
These variables are related to the password hash configuration. All of
them must be set, but they can be changed over time without affecting
the functionality of the already stored passwords.
These parameters are the first to be set when eurephia_init is run.
The minimum and maximum hash rounds are bechmarked for you with this
tool to find more suitable numbers for the hardware eurephia will be
running on.
passwordhash_salt_length
Sets number of bytes to use for the password hash salt.
passwordhash_rounds_min
Sets the minimum number of hashing rounds to perform when
calculating new password hashes.
passwordhash_rounds_max
Sets the maximum number of hashing rounds to perform when
calculating new password hashes
ATTEMPTS SETTINGS
eurephia can blacklist user names, certificates and IP addresses based
on number of failed attempts. The following parameters defines the
limits of how many attempts you are willing to allow before
blacklisting them.
allow_cert_attempts
Defines the number of attempts of failed login attempts you
allow before you will blacklist the OpenVPN clients
cerrtificate. This number should normally be higher than
allow_username_attempts. Default is 5.
allow_username_attempts
Defines the number of failed ttempts for a user name can be
tried before you will blacklist the user name from further
attempts. Default is 3.
allow_ipaddr_attempts
Defines the number of failed attempts for an IP address to be
used before you will blacklist the IP address from further
attempts. This one should be the least strictest limit. You
also need to consider if your clients will log in via a proxy or
NATed network and how many of your clients will do so. If you
experience many users failing to log on and more of them are
behind the same proxy or NAT gateway, this may blacklist the IP
address quicker than intended. But if among many failing
attempts a valid authentication happens, the attempts counter
will be reset again, so this limit do not need to be too
forgiving. Default is 10.
FIREWALL INTEGRATION
If you are running the OpenVPN server with eurephia on a Linux server,
it is possible to let eurephia interact with the firewall as well.
These settings will enable the firewall integration and tell eurephia
how to interact with the firewall. These parameters are very iptables
oriented. The iptables firewall module must be enabled at compile time
and be installed to work.
firewall_interface
This is the variable which enables firewall integration. This
variable must point at the firewall driver, which is a shared
object file which eurephia will load dynamically. These drivers
are prefixed efw and will be found in the same lib or lib64
directory as the eurephia-auth and edb-sqlite modules. The
variable must contain the full path to the driver module.
firewall_command
This defines the binary the firewall module will execute to help
update the firewall. For iptables this defaults to
/sbin/iptables.
firewall_destination
Defines which predefined firewall rule to use when updating the
firewall. The default value is vpn_users.
firewall_blacklist_destination
This activates firewall based IP address blacklisting in
addition to the internal blacklist in eurephia. This variable
defines which firewall rule to use when wanting to blacklist an
IP address.
firewall_blacklist_send_to
This is an optional parameter. Normally when eurephia
blacklists an IP address it will default to drop the network
packets from that client. You can use this variable to send it
to a different firewall target. This is useful if you to, for
example, log the incident to the system log before dropping the
packets.
EUREPHIA UTILITIES
These settings are used by the eurephia administration utility,
eurephiadm.
eurephiadmin_autologout
This defines how long a eurephia administration utility may have
an open session before it is considered inactive. When
exceeding this limit, the administrator user will be out
automatically. The unit for this setting is minutes and the
default value is 10.
eurephiadm_xslt_path
The eurephiadm utility uses XSLT templates for generating the
output to the screen. This variable gives you the possibility
to have your own set of templates in a different directory
instead of using the system wide XSLT templates installed by
default. This variable is not set by default.
SEE ALSO
eurephiadm-config(7), eurephia_init(7),
Administrators Tutorial and Manual
AUTHOR
Copyright (C) 2008-2010 David Sommerseth <dazo@users.sourceforge.net>