Merge pull request #3037 from denpaforks/p0f

[Feature] Add p0f scanner

1 files changed, 46 insertions, 0 deletions

diff --git a/conf/modules.d/p0f.conf b/conf/modules.d/p0f.conf
new file mode 100644
index 000000000..efeab1a40
--- /dev/null
+++ b/conf/modules.d/p0f.conf
@@ -0,0 +1,46 @@
+# Please don't modify this file as your changes might be overwritten with
+# the next update.
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local.override' to redefine
+# parameters defined on the top level
+#
+# You can modify '$LOCAL_CONFDIR/rspamd.conf.local' to add
+# parameters defined on the top level
+#
+# For specific modules or configuration you can also modify
+# '$LOCAL_CONFDIR/local.d/file.conf' - to add your options or rewrite defaults
+# '$LOCAL_CONFDIR/override.d/file.conf' - to override the defaults
+#
+# See https://rspamd.com/doc/tutorials/writing_rules.html for details
+
+p0f {
+  # Disable module by default
+  enabled = false;
+
+  # Path to the unix socket that p0f listens on
+  socket = '/tmp/p0f.sock';
+
+  # Connection timeout
+  timeout = 5s;
+
+  # If defined, insert symbol with lookup results
+  symbol = 'P0F';
+
+  # Patterns to match against results returned by p0f
+  # Symbol will be yielded on OS string, link type or distance matches
+  patterns = {
+    WINDOWS = '^Windows.*';
+    #DSL = '^DSL$';
+    #DISTANCE10 = '^distance:10$';
+  }
+
+  # Cache lifetime in seconds (default - 2 hours)
+  expire = 7200;
+
+  # Cache key prefix
+  prefix = 'p0f';
+
+  .include(try=true,priority=5) "${DBDIR}/dynamic/p0f.conf"
+  .include(try=true,priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/p0f.conf"
+  .include(try=true,priority=10) "$LOCAL_CONFDIR/override.d/p0f.conf"
+}