4 os => 'linux', # Target OS - either linux or bsd
5 chain => 'blocksshd', # Name of iptables or pf chain
6 logfile => '/var/log/secure', # Log file to monitor
7 logcheck => '10', # How often to check the log file
8 max_attempts => '4', # Max number of failures
9 timeout => '360', # Reset IP count if no activity after time out in seconds
10 unblock => '1', # Enable unblocking
11 unblock_timeout => '43200', # Time in seconds after which to unblock a blocked IP address
12 restore_blocked => '0', # Turn on checking for previously blocked IPs
13 log_ips => '/etc/blocksshd.list', # Log file for blocked IPs
14 pid_file => '/var/run/blocksshd.pid', # Location of PID file
15 send_email => '1', # Enable the sending of email notifications
16 email => 'root', # Email address to send notifications
17 mail => '/bin/mail', # Location of mail binary
18 email_whois_lookup => '1', # enable whois lookup of the blocked ip addres in the sent email
19 whois => '/usr/bin/whois', # location of the whois binary
20 sed => '/bin/sed', # location of the sed binary
21 iptables => '/sbin/iptables', # Location of iptables binary - only for Linux
22 pfctl => '/sbin/pfctl', # Location of pfctl binary - only for BSD
25 }], # whitelist - list of IPs that will never be blocked - IPs must be specified in the form address/subnet mask