zorpctl.conf

zorpctl.conf — zorpctl(8) configuration file.

Description

The zorpctl.conf file describes various global options ifluencing the behavior of zorpctl(8) . zorpctl(8) processes the file line by line, each line having the structure described below. Empty lines and lines beginning with '#' are comments and are ignored.

Structure

variable name = variable value

Each non-empty line specifies a variable name and its value separated by the equal sign ('='). The following variables are available:

AUTO_RESTART

Enable the automatic restart feature of zorpctl. Instances in auto-restart mode are restarted automatically when they exit. Default value: 1 (TRUE).

AUTO_RESTART_TIME_THRESHOLD

If a restarted instance exits within this interval (specified in seconds), the restart attempt is considered a failure. Default value: 60 seconds.

AUTO_RESTART_MAX_COUNT

Maximum number of restart attempts. If the instance is not successfully restarted from AUTO_RESTART_MAX_COUNT attempts, the event is logged. Default value: 3.

AUTO_RESTART_DELAY

Wait AUTO_RESTART_DELAY seconds before attempting to restart the Zorp instance.

STOP_CHECK_DELAY

The rate (delay in seconds) to check a stopping Zorp instance at. Default value: 1.

STOP_CHECK_TIMEOUT

The number of seconds to wait for a stopping Zorp instance. Default value: 3.

START_CHECK_TIMEOUT

In auto-restart mode there is no real way to detect whether Zorp failed to load or not. Zorpctl waits START_CHECK_TIMEOUT seconds and assumes that Zorp loaded successfully if it did not exit within this interval. Default value: 5 seconds.

START_WAIT_TIMEOUT

In no-auto-restart mode the successful loading of a Zorp instance can be verified by instructing Zorp to daemonize itself and waiting for the parent to exit. This parameter specifies the number of seconds to wait for Zorp to daemonize itself. Default value: 60 seconds.

FD_LIMIT_THRESHOLD

The expected maximal number of file descriptors openened by the threads. The global fd limit is FD_LIMIT_THRESHOLD multiplied by the thread limit. Default value: 64.

FD_LIMIT_MIN

The minimum fd limit (ulimit -n) used by Zorp in the case when the process limit (calculated from the --threads and FD_LIMIT_THRESHOLD parameters) would result a lower value. Default value: 1024.

ZORP_APPEND_ARGS

Zorp-specific arguments to be appended to the command line of each Zorp instance. Also recognised as APPEND_ARGS (deprecated). Default value: "".

ZORPCTL_APPEND_ARGS

Zorpctl-specific arguments to be appended to the command line of each instance. Default value: "".

CHECK_PERMS

Specifies whether to check the permissions of the Zorp configuration directory. If set, Zorp refuses to run if the /etc/zorp directory can be written by user other then zorp Default value: 1 (TRUE).

CONFIG_DIR

The path to the Zorp configuration directory to check if CHECK_PERMS is enabled. NOTE: it does not change the Zorp policy file argument, this parameter is only used by the permission validating code. Default value: ${prefix}/etc/zorp .

CONFIG_DIR_OWNER, CONFIG_DIR_GROUP, CONFIG_DIR_MODE

The owner/group/permissions values considered valid for the configuration directory. zorpctl fails if the actual owner/group/permissions values conflict the ones set here. Default values: root.zorp, 0750 .

PIDFILE_DIR

The path to the Zorp pid file directory. The directory is created automatically prior to starting Zorp if it does not already exist.It is created if it does not exist, before NOTE: No --pidfile argument is passed to Zorp, only texistance of the directory is verified. Default value: /var/run/zorp.

PIDFILE_DIR_OWNER, PIDFILE_DIR_GROUP, PIDFILE_DIR_MODE

The owner/group/permission values the pidfile directory is created with if it does not exist. Default values: root.root, 0700.

Files

The default location for zorpctl.conf is /etc/zorp/zorpctl.conf.

Author

This manual page was written by the BalaSys Documentation Team <documentation@balasys.hu>.

Copyright

Copyright © 2006-2015 BalaBit IT Security, 2015-2017 BalaSys IT Security. All rights reserved.