########################################################################### # $Id$ ########################################################################### # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of = . Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 Title = "SSHD" # Which logfile group... LogFile = secure LogFile = messages # Only give lines pertaining to the sshd service... *OnlyService = sshd *RemoveHeaders # Variable $sshd_ignore_host is used to filter out hosts that login # successfully. This commented-out example filters out reserved local # addresses (IETF RFC 1918 and RFC 3330). #$sshd_ignore_host="^10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\." # The refused connections report lists every ip that is refused even if # it was only refused 1 or 2 times. In a case like that I don't care # to see the information. It is just noise. I want to know when a # a connection has been refused 10, 20, 30 times because that is an # indication of an attack or a problem. # Set this variable to a positive integer to trim out the lower count # refused connections from the report. i.e. 10 would not show any hosts # with less than 10 refusals. # This has no effect if the $Detail variable is greater than 5. #$refused_connections_threshold = 10 ######################################################## # This was written and is maintained by: # Kirk Bauer # # Please send all comments, suggestions, bug reports, # etc, to kirk@kaybee.org. ######################################################## # vi: shiftwidth=3 tabstop=3 et