Group :: Segurança/Rede
RPM: sshutout
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
# Sample configuration file for the sshutout daemon.
# The (commented out) values shown below are
# the defaults if not specifically overridden
# in the configuration file or on the
# command line.
# The polling interval is given in seconds and determine how often
# the ssh log is examined. Range 30 - 300
polling_interval = 60
# The delay penalty is given in seconds and specifies how long the
# firewall rule should remain effective. Range 60 - 86400
delay_penalty = 600
# The threshold value gives how many failed login attempts will trigger a
# block at the firewall. Value >= 3
threshold = 3
# The following parameter gives the name of the file that is scanned for
# ssh login attempts. Typical values are:
#
# /var/log/messages (default)
# /var/log/secure
# /var/log/auth.log
#
# Consult your Linux distribution for the correct setting.
sshd_log_file = /var/log/auth/messages
# The next parameter gives the name of the file where attacker
# IP addresses are logged.
sshutout_log_file = /var/log/sshutout.log
# This parameter gives the name of the ssh daemon that we are
# monitoring. Openssh names its daemon, "sshd", while
# ssh.com's daemon is named, "sshd2"
# Legal values are restricted to sshd or sshd2
ssh_daemon = sshd
# The sshutout daemon process' PID is stored in this file.
pid_file = /var/run/sshutout.pid
# The whitelist value is specified as a comma separated list of IPv4
# addresses (dotted quad or host name) which will be ignored by
# the daemon, i.e. they are never firewalled by the daemon.
# During normal operation, the default route, name servers, and
# addresses of all active interfaces are automatically part
# of this whitelist, so they don't need to be specified here.
# Example: whitelist = 12.13.14.15, 120.20.101.30, slashdot.org
whitelist = 127.0.0.1
# Enabled by default, this parameter automatically whitelists
# the default gateway and name servers.
# Valid values (case insensitive):
# y, n, yes, no, 1, 0, t, f, true, false, on, off
auto_whitelist = yes
# Should we firewall portscans seen by ssh daemon,
# i.e. those hosts whose probes leave those
# "Did not receive identification string from..." messages? (default no)
# Valid values (case insensitive):
# y, n, yes, no, 1, 0, t, f, true, false, on, off
#squelch_portscan = no
# Should we monitor and count "Illegal user" or "Invalid user" attempts
# as well as failed logins? Valid values (case insensitive):
# y, n, yes, no, 1, 0, t, f, true, false, on, off
illegal_user = yes