Man pages sections > man5 > shield

shield.conf - pam_shield configuration file

SHIELD.CONF(5) File Formats Manual SHIELD.CONF(5)

NAME

shield.conf - pam_shield configuration file

DESCRIPTION

/etc/security/shield.conf is the configuration file for PAM module pam_shield, which locks out remote attackers trying password guessing.
 
 

OPTIONS

debug [on|off]
 
Log (or do not log) debugging information via syslog(3).
block [all-users|unknown-users]
 
Block all users, or only unknown users. Whether users are "known" is determined from getpwnam(3)
allow_missing_dns [yes|no]
 
If no, reject any connection that comes from a numerical IP address with no DNS name (as returned by pam_get_item(3) with item_type set to PAM_RHOST).
allow_missing_reverse [yes|no]
 
If no, reject any connection that comes from a host with no reverse DNS entry.
allow hostname
 
Host or network to whitelist. These hosts are passed through with no checks or logging. Multiple allow lines are permitted. hostname may be IP address, hostname, network/netmask, or network in CIDR format.
db filename
 
Database file where login attempts are stored.
trigger_cmd command
 
Command to run to block/unblock a host. See shield-trigger(8) and shield-trigger-iptables(8) for two examples.
max_conns n
 
Host will be blocked if more than n connection attempts from one host in interval time.
interval n
 
Host blocked if more than max_conns attempts in n seconds. Instead of seconds, suffix may be used: s for seconds, m minutes, h hours, d days, w weeks, M months (30 days), y years.
retention n
 
Record of connection attempts retained for n seconds. Suffixes may be used as in interval. Each host is checked for expiration when it attempts to connect, and the entire database is checked whenever shield-purge(8) is run (by default, once a day).
 

FILES

/etc/security/shield.conf Configuration file for pam-shield
 

SEE ALSO

shield-purge(8), shield-trigger(8), shield-trigger-iptables(8)
 

AUTHORS

pam-shield was written by and copyright 2007 Walter de Jong <walter@heiho.net>. This manpage copyright 2010-2012 Jonathan Niehof <jtniehof@gmail.com>.
11 May 2012 pam_shield 0.9.6