# SECURE_LOG: the log file that contains sshd logging information
# If you are not sure, `grep "sshd:" /var/log/*`. This option
# defaults to /var/log/auth.log
SECURE_LOG="/var/log/auth.log"

# HOSTS_DENY: the file which contains restricted host access
# information. On most operating systems, this option  should
# defaults to /etc/hosts.deny
HOSTS_DENY="/etc/hosts.deny"

# BLOCK_ALL_SERVICES: specifies whether all services, or only SSH
# should be blocked in HOSTS_DENY file. Check `man 5 hosts_access`
# for more details
BLOCK_ALL_SERVICES=0

# DENY_THRESHOLD: block each host after the number of failed login
# attempts within specified time that has exceeded this value. This
# value applies to both valid and invalid user login attempts
DENY_THRESHOLD=3

# DENY_EXPIRATION: block each host after the number of failed login
# attempts within specified time. Once this value has been exceeded
# then the host will not be banned until DENY_THRESHOLD is reached
DENY_EXPIRATION=10

# LOCK_FILE: This file will be created upon invocation. This ensures
# that only one instance is running at a time
LOCK_FILE="/var/run/forbidhosts.pid"