source: branches/3.3/ansible/roles/system/templates/sshutout.conf @ 3667

Last change on this file since 3667 was 3667, checked in by bruno, 2 years ago

Many updates to MR setup

File size: 2.5 KB
Line 
1# Sample configuration file for the sshutout daemon.
2# The (commented out) values shown below are
3# the defaults if not specifically overridden
4# in the configuration file or on the
5# command line.
6
7# The polling interval is given in seconds and determine how often
8# the ssh log is examined. Range 30 - 300
9
10polling_interval = 60
11
12# The delay penalty is given in seconds and specifies how long the
13# firewall rule should remain effective. Range 60 - 86400
14
15delay_penalty = 86400
16
17# The threshold value gives how many failed login attempts will trigger a
18# block at the firewall. Value >= 3
19
20threshold = 3
21
22# The following parameter gives the name of the file that is scanned for
23# ssh login attempts. Typical values are:
24#
25#     /var/log/messages  (default)
26#     /var/log/secure
27#     /var/log/auth.log
28#
29# Consult your Linux distribution for the correct setting.
30
31sshd_log_file = /var/log/messages
32
33# The next parameter gives the name of the file where attacker
34# IP addresses are logged.
35
36sshutout_log_file = /var/log/sshutout.log
37
38# This parameter gives the name of the ssh daemon that we are
39# monitoring. Openssh names its daemon, "sshd", while
40# ssh.com's daemon is named, "sshd2"
41# Legal values are restricted to sshd or sshd2
42
43ssh_daemon = sshd
44
45# The sshutout daemon process' PID is stored in this file.
46
47pid_file = /var/run/sshutout.pid
48
49# The whitelist value is specified as a comma separated list of IPv4
50# addresses (dotted quad or host name) which will be ignored by
51# the daemon, i.e. they are never firewalled by the daemon.
52# During normal operation, the default route, name servers, and
53# addresses of all active interfaces are automatically part
54# of this whitelist, so they don't need to be specified here.
55# Example: whitelist = 12.13.14.15, 120.20.101.30, slashdot.org
56
57#whitelist =
58whitelist = {{ hyperlinux }}
59
60# Enabled by default, this parameter automatically whitelists
61# the default gateway and name servers.
62# Valid values (case insensitive):
63#   y, n, yes, no, 1, 0, t, f, true, false, on, off
64
65auto_whitelist = yes
66
67# Should we firewall portscans seen by ssh daemon,
68# i.e. those hosts whose probes leave those
69# "Did not receive identification string from..." messages? (default no)
70# Valid values (case insensitive):
71#   y, n, yes, no, 1, 0, t, f, true, false, on, off
72
73squelch_portscan = yes
74
75# Should we monitor and count "Illegal user" or "Invalid user" attempts
76# as well as failed logins? Valid values (case insensitive):
77#   y, n, yes, no, 1, 0, t, f, true, false, on, off
78
79illegal_user = yes
Note: See TracBrowser for help on using the repository browser.