/etc/security/shield.conf is in libpam-shield 0.9.6-1.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | #
# /etc/security/shield.conf
#
#
# log debugging info to syslog
#
debug on
#
# block unknown-users blocks only unknown users
# block all-users blocks everyone
#
block unknown-users
#
# is it OK for the remote host to have no DNS entry?
#
allow_missing_dns yes
#
# is it OK for the remote host to have no reverse DNS entry?
#
allow_missing_reverse yes
#
# allow these hosts or networks by name
#
allow localhost
# allow .localdomain
#
# never lock out this network
# You should list all your local networks here to make sure no local user can
# lock you out from the inside
#
allow 127.0.0.1/255.0.0.0
# this syntax is also supported:
#allow 127.0.0.1/8
#
# location of the database file
#
db /var/lib/pam_shield/db
#
# external command that is run when a site should be blocked/unblocked
#
#default: block with null routing
trigger_cmd /usr/sbin/shield-trigger
#option: use iptables instead
#trigger_cmd /usr/sbin/shield-trigger-iptables
#option: use ufw instead
#trigger_cmd /usr/sbin/shield-trigger-ufw
#
# number of connections per interval from one site that triggers us
#
max_conns 10
#
# the interval and retention period may be specified in seconds, or
# with a postfix:
#
# 1s seconds 1w weeks
# 1m minutes 1M months (30 days)
# 1h hours 1y years
# 1d days
#
interval 5m
#
# period until the entry expires from the database again
#
retention 1w
# EOB
|