29 lines
1.1 KiB
Plaintext
29 lines
1.1 KiB
Plaintext
|
# SECURE_LOG: the log file that contains sshd logging information
|
||
|
# If you are not sure, `grep "sshd:" /var/log/*`. This option
|
||
|
# defaults to /var/log/auth.log
|
||
|
SECURE_LOG="/var/log/auth.log"
|
||
|
|
||
|
# HOSTS_DENY: the file which contains restricted host access
|
||
|
# information. On most operating systems, this option should
|
||
|
# defaults to /etc/hosts.deny
|
||
|
HOSTS_DENY="/etc/hosts.deny"
|
||
|
|
||
|
# BLOCK_ALL_SERVICES: specifies whether all services, or only SSH
|
||
|
# should be blocked in HOSTS_DENY file. Check `man 5 hosts_access`
|
||
|
# for more details
|
||
|
BLOCK_ALL_SERVICES=0
|
||
|
|
||
|
# DENY_THRESHOLD: block each host after the number of failed login
|
||
|
# attempts within specified time that has exceeded this value. This
|
||
|
# value applies to both valid and invalid user login attempts
|
||
|
DENY_THRESHOLD=3
|
||
|
|
||
|
# DENY_EXPIRATION: block each host after the number of failed login
|
||
|
# attempts within specified time. Once this value has been exceeded
|
||
|
# then the host will not be banned until DENY_THRESHOLD is reached
|
||
|
DENY_EXPIRATION=10
|
||
|
|
||
|
# LOCK_FILE: This file will be created upon invocation. This ensures
|
||
|
# that only one instance is running at a time
|
||
|
LOCK_FILE="/var/run/forbidhosts.pid"
|