29 lines
1.1 KiB
Plaintext
29 lines
1.1 KiB
Plaintext
# SECURE_LOG: the log file that contains sshd logging information
|
|
# If you are not sure, `grep "sshd:" /var/log/*`. This option
|
|
# defaults to /var/log/auth.log
|
|
SECURE_LOG="/var/log/auth.log"
|
|
|
|
# HOSTS_DENY: the file which contains restricted host access
|
|
# information. On most operating systems, this option should
|
|
# defaults to /etc/hosts.deny
|
|
HOSTS_DENY="/etc/hosts.deny"
|
|
|
|
# BLOCK_ALL_SERVICES: specifies whether all services, or only SSH
|
|
# should be blocked in HOSTS_DENY file. Check `man 5 hosts_access`
|
|
# for more details
|
|
BLOCK_ALL_SERVICES=0
|
|
|
|
# DENY_THRESHOLD: block each host after the number of failed login
|
|
# attempts within specified time that has exceeded this value. This
|
|
# value applies to both valid and invalid user login attempts
|
|
DENY_THRESHOLD=3
|
|
|
|
# DENY_EXPIRATION: block each host after the number of failed login
|
|
# attempts within specified time. Once this value has been exceeded
|
|
# then the host will not be banned until DENY_THRESHOLD is reached
|
|
DENY_EXPIRATION=10
|
|
|
|
# LOCK_FILE: This file will be created upon invocation. This ensures
|
|
# that only one instance is running at a time
|
|
LOCK_FILE="/var/run/forbidhosts.pid"
|