aboutsummaryrefslogtreecommitdiff
path: root/network/sshguard/README
blob: fd59f1d8b665ec061cdc10e32d1b84affb78a960 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
sshguard protects hosts from brute-force attacks against SSH and other
services. It aggregates system logs and blocks repeat offenders using
one of several firewall backends, including iptables, ipfw, and pf.

sshguard can read log messages from standard input (suitable for piping
from syslog) or monitor one or more log files. Log messages are parsed,
line-by-line, for recognized patterns. If an attack, such as several
login failures within a few seconds, is detected, the offending IP is
blocked. Offenders are unblocked after a set interval, but can be semi-
permanently banned using the blacklist option.

IMPORTANT:

1. You will need to properly set up an "sshguard" chain in your firewall
   backend. For further information consult `sshguard-setup(7)`.

2. Starting with version 2.0.0, SSHGuard **requires** a config file
   to start. `sshguard.conf` as shipped with this SlackBuild provides
   defaults such that they reassemble the values that were previously
   specified on the command line in the `rc.sshguard` script.

   See `examples/sshguard.conf.sample` in the doc directory for
   additional config options.