Configuration

Config file reference, port management, tarpit tuning, and advanced settings.

Config File Location

Platform	Path
Linux	~/.tarpit-pro/config.yaml
macOS	~/.tarpit-pro/config.yaml
Windows	%APPDATA%\tarpit-pro\config.yaml

Override the config path with the --config flag:

tarpit-pro start --config /etc/tarpit-pro/config.yaml

Full YAML Reference

# TarPit.pro Configuration
# All values shown are defaults unless noted otherwise

ports:
  - 21    # FTP
  - 22    # SSH
  - 23    # Telnet
  - 3306  # MySQL
  - 5432  # PostgreSQL
  - 6379  # Redis

tarpit:
  enabled: true              # Enable/disable the tarpit (slow response)
  delay: 3s                  # Delay between response bytes
  max_response_bytes: 1024   # Maximum bytes to send to attacker

storage:
  max_attacks: 100           # Max attacks stored locally (tier default)
  # db_path: /custom/path/attacks.db  # Custom SQLite path

license:
  key: ""                    # License key (set via tarpit-pro activate)
  tier: "free"               # Current tier: free, basic, pro

api:
  port: 9999                 # Local API port for the agent
  cloud_url: https://api.tarpit.pro  # Cloud API endpoint

logging:
  level: info                # Log level: debug, info, warn, error
  file: ""                   # Log to file (empty = stdout only)

ban:
  enabled: true              # Enable automatic banning
  duration: 24h              # Default ban duration
  max_bans: 10000            # Maximum concurrent bans

fleet:
  propagate_bans: true       # Share bans with fleet members
  receive_bans: true         # Accept bans from fleet
  sync_interval: 60s         # Fleet sync interval

Port Management

Add and remove honeypot ports via CLI. Changes take effect immediately without restarting the service.

# List current ports
tarpit-pro port list

# Add ports
tarpit-pro port add 8080
tarpit-pro port add 27017    # MongoDB
tarpit-pro port add 11211    # Memcached
tarpit-pro port add 9200     # Elasticsearch

# Remove ports
tarpit-pro port remove 22    # Keep real SSH on this port

# Reset to defaults
tarpit-pro port add-defaults

Tarpit Settings

The tarpit is the core mechanism that wastes attacker time. Tune these settings based on your goals:

tarpit.delay

Time between sending each byte of the response. Higher values waste more attacker time but use a connection slot longer.

tarpit-pro config set tarpit.delay 5s    # Aggressive (more time wasted)
tarpit-pro config set tarpit.delay 3s    # Default (balanced)
tarpit-pro config set tarpit.delay 1s    # Light (faster turnover)

tarpit.max_response_bytes

Maximum bytes sent to the attacker before closing. With a 3s delay, 1024 bytes = ~51 minutes of wasted time per connection.

tarpit-pro config set tarpit.max_response_bytes 2048  # ~102 min per connection
tarpit-pro config set tarpit.max_response_bytes 1024  # ~51 min (default)
tarpit-pro config set tarpit.max_response_bytes 512   # ~25 min

Ban Settings

# Ban duration
tarpit-pro config set ban.duration 48h     # 48-hour bans
tarpit-pro config set ban.duration 168h    # 1-week bans

# Disable auto-banning (tarpit only, no ban)
tarpit-pro config set ban.enabled false

# Maximum concurrent bans (prevent memory issues)
tarpit-pro config set ban.max_bans 50000

Logging Configuration

# Set log level
tarpit-pro config set logging.level debug    # Verbose logging
tarpit-pro config set logging.level info     # Default
tarpit-pro config set logging.level warn     # Warnings and errors only

# Log to file
tarpit-pro config set logging.file /var/log/tarpit-pro.log

Environment Variable Overrides

All configuration values can be overridden via environment variables. Use the prefix TARPIT_ followed by the uppercase key path with underscores:

Config Key	Environment Variable
tarpit.delay	TARPIT_TARPIT_DELAY
tarpit.enabled	TARPIT_TARPIT_ENABLED
logging.level	TARPIT_LOGGING_LEVEL
ban.duration	TARPIT_BAN_DURATION
api.port	TARPIT_API_PORT
license.key	TARPIT_LICENSE_KEY

Advanced Tuning

High-traffic servers

If your server sees heavy scanning, reduce tarpit delay and increase max_bans to handle the volume. Consider shorter ban durations to free up iptables entries faster.

Research/intelligence gathering

For maximum data collection, increase tarpit delay and max_response_bytes. Disable banning to let attackers interact longer and capture more payload data. This requires a paid tier for payload storage.

Minimal resource usage

Disable the tarpit and use TarPit.pro purely for detection and banning. Set tarpit.enabled: false, connections are still captured and banned, but without the slow-drip response.

Support & Tickets