sshguard can monitor log files. Log messages are parsed line-by-line for recognized patterns. An attack is detected when several patterns are matched in a set time interval. Attackers are blocked temporarily but can also be semi-permanently banned using the blacklist option.
- -a threshold (default 30)
- Block attackers when their cumulative attack score exceeds threshold. Most attacks have a score of 10.
- -b threshold:blacklist_file
- Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from and added to blacklist-file.
- -i pidfile
- Write the PID of sshguard to pidfile.
- -p blocktime (default 120)
- Block attackers for initially blocktime seconds after exceeding
threshold. Subsequent blocks increase by a factor of 1.5.
sshguard unblocks attacks at random intervals, so actual block times will be longer.
- -s detection_time (default 1800)
- Remember potential attackers for up to detection_time seconds before resetting their score.
- [-w address | whitelist_file]
- Whitelist a single address, hostname, or address block given as address. This option can be given multiple times. Alternatively, provide an absolute path to a whitelist_file containing addresses to whitelist. See WHITELISTING.
- Print usage information and exit.
- Print version information and exit.
- Set to enable verbose output from sshg-blocker.
- See sample configuration file.
On the command line, give the -w option one or more times with an IP address, CIDR address block, or hostname as an argument. Hostnames are resolved once at startup. If a hostname resolves to multiple addresses, all of them are whitelisted. For example:
sshguard -w 192.168.1.10 -w 192.168.0.0/24 -w friend.example.com -w 2001:0db8:85a3:0000:0000:8a2e:0370:7334 -w 2002:836b:4179::836b:0000/126
If the argument to -w begins with a forward slash ('/') or dot ('.'), the argument is treated as the path to a whitelist file.
The whitelist file contains comments (lines beginning with '#'), addresses, address blocks, or hostnames, one per line.
|May 23, 2019||2.4|