# To override a given setting uncomment the corresponding line (remove the # symbol that begins the line) and alter the setting # See the README file for detailed information about each setting. # # General settings # #our $permitted_illegal_user = 5; # number of illegal user attempts permitted from a single IP address before it gets blocked #our $permitted_incorrect_pass = 5; # number of incorrect pass attempts permitted from a single IP address before it gets blocked #our $unban_wait = 3600; # minimum number of seconds an IP must wait before it gets removed from the blocklist (1 hour) #our $grace_period = 3600; # number of seconds that must pass before prior illegal/incorrect attempt counts are reset (1 hour) #our $unblocking_interval = 300; # number of seconds between checks of the blocklist for removing old IPs (5 minutes) # # Platform specific settings: based on Red Hat Enterprise Linux ES release 3 (Taroon Update 7) # #our $logpath = '/var/log/secure'; # logfile to watch #our $illegal_user_regex = 'sshd\[\d+\]: Failed password for illegal user (\S+) from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) port \d+ ssh'; #our $incorrect_pass_regex = 'sshd\[\d+\]: Failed password for (\S+) from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) port \d+ ssh'; #our $iptables = '/sbin/iptables'; # for manipulating the firewall #our $iptables_create = '-N BANSSHEE'; # iptables parameters for creating the BANSSHEE chain #our $iptables_add = '-A INPUT -p tcp --dport ssh -j BANSSHEE'; # iptables parameters for adding the JUMP rule #our $iptables_remove = '-D INPUT -p tcp --dport ssh -j BANSSHEE'; # iptables parameters for removing the JUMP rule #our $iptables_flush = '-F BANSSHEE'; # iptables parameters for flushing the BANSSHEE chain #our $iptables_delete = '-X BANSSHEE'; # iptables parameters for deleting the BANSSHEE chain #our $id = '/usr/bin/id -u'; # for determing if running as root #our $log_facility :shared = 'authpriv'; # Bansshee messages logged to /var/log/secure 1; # required end marker: do not delete this line