Configuration

Customize HookProbe to match your deployment requirements.

Configuration Files

File	Purpose
`/etc/hookprobe/network-config.sh`	Network and XDP settings
`/etc/hookprobe/config.yaml`	Advanced configuration
`/etc/hookprobe/dnsxai.yaml`	DNS protection settings
`/etc/hookprobe/dsm.yaml`	Mesh configuration

Network Configuration

Primary Settings

# Primary network interface (auto-detected)
PRIMARY_NIC="eth0"

# XDP/eBPF DDoS mitigation
XDP_ENABLED=false
XDP_MODE="auto"  # auto, drv, skb

# Deployment role
DEPLOYMENT_ROLE="server"  # server, endpoint

# QSecBit thresholds
QSECBIT_AMBER_THRESHOLD=0.45
QSECBIT_RED_THRESHOLD=0.70

# Privacy settings
ANONYMIZE_IP_ADDRESSES=true
ANONYMIZE_MAC_ADDRESSES=true
COLLECT_FULL_PAYLOAD=false

Apply Changes

sudo systemctl restart hookprobe-provision.service
sudo systemctl restart hookprobe-agent.service

XDP Configuration

Enable XDP

XDP_ENABLED=true

XDP Mode

Mode	Description
`auto`	Select best available
`drv`	Native driver mode (fastest)
`skb`	Generic mode (all NICs)

Rate Limits

# DDoS mitigation settings
XDP_RATE_LIMIT_PPS=10000
XDP_SYN_RATE_LIMIT=1000
XDP_UDP_RATE_LIMIT=5000

Verify XDP

ip link show | grep xdp
hookprobe-ctl metrics | grep xdp

QSecBit Tuning

Thresholds

# Conservative (more alerts)
QSECBIT_AMBER_THRESHOLD=0.30
QSECBIT_RED_THRESHOLD=0.50

# Default
QSECBIT_AMBER_THRESHOLD=0.45
QSECBIT_RED_THRESHOLD=0.70

# Relaxed (fewer alerts)
QSECBIT_AMBER_THRESHOLD=0.60
QSECBIT_RED_THRESHOLD=0.85

Component Weights

Edit /etc/hookprobe/config.yaml:

qsecbit:
  weights:
    threats: 0.30
    mobile: 0.20
    ids: 0.25
    xdp: 0.15
    network: 0.02
    dnsxai: 0.08

dnsXai Configuration

Blocklists

dnsxai:
  blocklists:
    - "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
    - "https://blocklistproject.github.io/Lists/tracking.txt"
    - "https://blocklistproject.github.io/Lists/malware.txt"

  # Custom blocklist (local)
  custom_blocklist: "/etc/hookprobe/blocked-domains.txt"

Whitelist

dnsxai:
  whitelist:
    - "example.com"
    - "*.mycompany.com"

ML Settings

dnsxai:
  model: "hookprobe-dns-classifier-v3"
  confidence_threshold: 0.85
  entropy_threshold: 4.0
  enable_cname_uncloaking: true

Mesh Configuration

DSM Settings

dsm:
  node:
    id: "${HOOKPROBE_NODE_ID}"
    role: "edge"

  gossip:
    port: 7946
    bootstrap_nodes:
      - "validator1.hookprobe.mesh:7946"
      - "validator2.hookprobe.mesh:7946"

  consensus:
    epoch_duration: 300
    quorum_threshold: 0.67

HTP Settings

htp:
  port: 8144
  heartbeat_interval: 30
  session_timeout: 300

VLAN Configuration (Fortress)

VLAN Definitions

vlans:
  - id: 10
    name: "iot"
    policy: "internet_only"
    subnet: "192.168.10.0/24"

  - id: 20
    name: "cameras"
    policy: "nvr_only"
    subnet: "192.168.20.0/24"

  - id: 30
    name: "guest"
    policy: "isolated"
    subnet: "192.168.30.0/24"

  - id: 40
    name: "trusted"
    policy: "full_access"
    subnet: "192.168.40.0/24"

  - id: 99
    name: "quarantine"
    policy: "blocked"
    subnet: "192.168.99.0/24"

OpenFlow Rules

openflow:
  rules:
    - priority: 100
      match: "ct_state=+est"
      action: "normal"

    - priority: 50
      match: "dl_vlan=10,nw_dst=192.168.40.0/24"
      action: "drop"

    - priority: 50
      match: "dl_vlan=40"
      action: "normal"

Logging

Log Levels

logging:
  level: "INFO"  # DEBUG, INFO, WARNING, ERROR
  format: "json"
  max_size_mb: 100
  max_files: 10
  compress: true

Log Destinations

logging:
  destinations:
    - type: "file"
      path: "/var/log/hookprobe/agent.log"

    - type: "syslog"
      address: "localhost:514"

    - type: "victoria_logs"
      url: "http://localhost:9428"

Systemd Environment

Override Service Config

sudo systemctl edit hookprobe-agent.service

Example Overrides

[Service]
Environment="XDP_ENABLED=true"
Environment="LOG_LEVEL=DEBUG"
Environment="DEPLOYMENT_ROLE=endpoint"

Apply Overrides

sudo systemctl daemon-reload
sudo systemctl restart hookprobe-agent.service

Environment Variables

Variable	Default	Description
`PRIMARY_NIC`	auto	Network interface
`XDP_ENABLED`	false	Enable XDP
`DEPLOYMENT_ROLE`	server	server or endpoint
`LOG_LEVEL`	INFO	Log verbosity
`QSECBIT_AMBER`	0.45	Amber threshold
`QSECBIT_RED`	0.70	Red threshold

Validation

Check Configuration

hookprobe-ctl config validate

View Active Config

hookprobe-ctl config show

Test Changes

# Dry run
hookprobe-ctl config test --file /etc/hookprobe/config.yaml

Next Steps

CLI Reference - Management commands
Hot Shot Mode - Performance tuning
Debugging - Troubleshooting