shield.conf - pam_shield configuration file
is the configuration file for PAM module
pam_shield, which locks out remote attackers trying password guessing.
Log (or do not log) debugging information via syslog
Block all users, or only unknown users. Whether users are "known" is
determined from getpwnam
If no, reject any connection that comes from a numerical IP address with no DNS
name (as returned by pam_get_item
(3) with item_type
If no, reject any connection that comes from a host with no reverse DNS
Host or network to whitelist. These hosts are passed through with no checks or
logging. Multiple allow
lines are permitted. hostname
may be IP
address, hostname, network/netmask, or network in CIDR format.
Database file where login attempts are stored.
Command to run to block/unblock a host. See shield-trigger
(8) for two examples.
Host will be blocked if more than n
connection attempts from one host in
Host blocked if more than max_conns
attempts in n
of seconds, suffix may be used: s for seconds, m minutes, h hours, d days, w
weeks, M months (30 days), y years.
Record of connection attempts retained for n
seconds. Suffixes may be
used as in interval.
Each host is checked for expiration when it
attempts to connect, and the entire database is checked whenever
(8) is run (by default, once a day).
Configuration file for pam-shield
pam-shield was written by and copyright 2007 Walter de Jong
<firstname.lastname@example.org>. This manpage copyright 2010-2012 Jonathan Niehof