jammy (5) shield.conf.5.gz

Provided by: libpam-shield_0.9.6-1.3build2_amd64 bug

NAME

       shield.conf - pam_shield configuration file

DESCRIPTION

       /etc/security/shield.conf is the configuration file for PAM module pam_shield, which locks
       out remote attackers trying password guessing.

OPTIONS

       debug [on|off]
              Log (or do not log) debugging information via syslog(3).

       block [all-users|unknown-users]
              Block all users, or only unknown users. Whether users  are  "known"  is  determined
              from getpwnam(3)

       allow_missing_dns [yes|no]
              If  no,  reject  any  connection that comes from a numerical IP address with no DNS
              name (as returned by pam_get_item(3) with item_type set to PAM_RHOST).

       allow_missing_reverse [yes|no]
              If no, reject any connection that comes from a host with no reverse DNS entry.

       allow hostname
              Host or network to whitelist. These hosts are passed  through  with  no  checks  or
              logging. Multiple allow lines are permitted.  hostname may be IP address, hostname,
              network/netmask, or network in CIDR format.

       db filename
              Database file where login attempts are stored.

       trigger_cmd command
              Command to run to block/unblock a host. See shield-trigger(8)  and  shield-trigger-
              iptables(8) for two examples.

       max_conns n
              Host  will  be blocked if more than n connection attempts from one host in interval
              time.

       interval n
              Host blocked if more than max_conns attempts in  n  seconds.  Instead  of  seconds,
              suffix  may  be  used: s for seconds, m minutes, h hours, d days, w weeks, M months
              (30 days), y years.

       retention n
              Record of connection attempts retained for n seconds. Suffixes may be  used  as  in
              interval.  Each host is checked for expiration when it attempts to connect, and the
              entire database is checked whenever shield-purge(8) is  run  (by  default,  once  a
              day).

FILES

       /etc/security/shield.conf Configuration file for pam-shield

SEE ALSO

       shield-purge(8), shield-trigger(8), shield-trigger-iptables(8)

AUTHORS

       pam-shield  was  written  by  and  copyright  2007 Walter de Jong <walter@heiho.net>. This
       manpage copyright 2010-2012 Jonathan Niehof <jtniehof@gmail.com>.