|
Added
Link Here
|
| 1 |
|
| 2 |
$FreeBSD$ |
| 3 |
|
| 4 |
--- /dev/null |
| 5 |
+++ etc/ssh.conf |
| 6 |
@@ -0,0 +1,33 @@ |
| 7 |
+# Sample configuration file for the OpenSSH daemon |
| 8 |
+ |
| 9 |
+# regexp rule. Please rember that you MUST specify only one match for |
| 10 |
+# ip address to block |
| 11 |
+# |
| 12 |
+# this regexp for the OpenSSH server matches lines like: |
| 13 |
+# |
| 14 |
+# comment: auth via key only |
| 15 |
+#sshd[72593]: Illegal user hacker from 1.2.3.4 |
| 16 |
+# |
| 17 |
+# comment: pwd auth, but no such user |
| 18 |
+#sshd[72593]: Failed password for illegal user sammmm from 1.2.3.4 |
| 19 |
+# |
| 20 |
+# comment: correct user, but wrong password |
| 21 |
+#sshd[72626]: Failed password for samm from 1.2.3.4 |
| 22 |
+# |
| 23 |
+regexp = sshd.*Invalid user \S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) |
| 24 |
+regexp1 = sshd.*Failed (password|keyboard-interactive/pam) for (?:invalid user )?\S+ from (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) |
| 25 |
+ |
| 26 |
+# Number of failed login attempts within time before we block |
| 27 |
+max_count = 4 |
| 28 |
+ |
| 29 |
+# Time in seconds in which all failed login attempts must occur |
| 30 |
+within_time = 60 |
| 31 |
+ |
| 32 |
+# Time in seconds to block ip in firewall |
| 33 |
+ |
| 34 |
+# 10 minutes |
| 35 |
+reset_ip = 600 |
| 36 |
+ |
| 37 |
+# IPFW table number to add "bad" hosts |
| 38 |
+ipfw2_table_no = 1 |
| 39 |
+ |