forked from Lainports/freebsd-ports
f74c64ea9b
default. 30 makes it far too easy to get locked out of your own server. 120 is simply a safer starting point. PR: 227016 Submitted by: Dan McGregor (maintainer) MFH: 2018Q2
33 lines
1.3 KiB
Text
33 lines
1.3 KiB
Text
--- examples/sshguard.conf.sample.orig 2017-12-06 22:18:20 UTC
|
|
+++ examples/sshguard.conf.sample
|
|
@@ -6,10 +6,12 @@
|
|
|
|
#### REQUIRED CONFIGURATION ####
|
|
# Full path to backend executable (required, no default)
|
|
-#BACKEND="/usr/local/libexec/sshg-fw-iptables"
|
|
+#BACKEND="/usr/local/libexec/sshg-fw-hosts"
|
|
+#BACKEND="/usr/local/libexec/sshg-fw-ipfw"
|
|
+#BACKEND="/usr/local/libexec/sshg-fw-pf"
|
|
|
|
# Space-separated list of log files to monitor. (optional, no default)
|
|
-#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
|
|
+FILES="/var/log/auth.log /var/log/maillog"
|
|
|
|
# Shell command that provides logs on standard output. (optional, no default)
|
|
# Example 1: ssh and sendmail from systemd journal:
|
|
@@ -40,12 +42,12 @@ DETECTION_TIME=1800
|
|
# !! Warning: These features may not work correctly with sandboxing. !!
|
|
|
|
# Full path to PID file (optional, no default)
|
|
-#PID_FILE=/run/sshguard.pid
|
|
+#PID_FILE=/var/run/sshguard.pid
|
|
|
|
# Colon-separated blacklist threshold and full path to blacklist file.
|
|
# (optional, no default)
|
|
-#BLACKLIST_FILE=90:/var/lib/sshguard/enemies
|
|
+#BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db
|
|
|
|
# IP addresses listed in the WHITELIST_FILE are considered to be
|
|
# friendlies and will never be blocked.
|
|
-#WHITELIST_FILE=/etc/friends
|
|
+#WHITELIST_FILE=/usr/local/etc/sshguard.whitelist
|