Add sshguard config - will need more customisation.

.gitattributesdb

@@ -11,7 +11,7 @@ ZXRjLy5naXRpZ25vcmU= 1758049461 1757611781 root:root 0644 - -
 ZXRjL2FwYWNoZTIvLmdpdGlnbm9yZQ== 1757775950 1757775932 root:root 0644 - -
 ZXRjL2FwYWNoZTIvaHR0cGQuY29uZg== 1758045891 1757785514 root:root 0644 - -
 ZXRjL2FwYWNoZTIvc2l0ZXMuZC9jb3JlLnNsYWNrd2FyZS51ay5uZXQuY29uZg== 1758045929 1757785113 root:root 0644 - -
-ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1757609410 1757609410 root:root 0644 - -
+ZXRjL2NvbmYuZC8uZ2l0aWdub3Jl 1758050750 1757609410 root:root 0644 - -
 ZXRjL2NvbmYuZC9ib290bWlzYw== 1757591865 1757591865 root:root 0644 - -
 ZXRjL2NvbmYuZC9ub2RlLWV4cG9ydGVy 1757592526 1757592526 root:root 0644 - -
 ZXRjL2NvbmYuZC9zYW1iYQ== 1757592912 1757592912 root:root 0644 - -
@@ -63,6 +63,8 @@ ZXRjL3NoYWRvdy5ncGc= 1757599010 1757599010 root:root 0644 - -
 ZXRjL3NzaC8uZ2l0aWdub3Jl 1757606957 1757606957 root:root 0644 - -
 ZXRjL3NzaC9zc2hfY29uZmln 1757606630 1757606630 root:root 0644 - -
 ZXRjL3NzaC9zc2hkX2NvbmZpZw== 1757606896 1757606896 root:root 0644 - -
+ZXRjL3NzaGd1YXJkLmNvbmY= 1758050700 1758050700 root:root 0644 - -
+ZXRjL3NzaGd1YXJkLndoaXRlbGlzdA== 1758050235 1758050235 root:root 0644 - -
 ZXRjL3N1ZG9lcnMuZC9kZWZhdWx0cw== 1757599359 1757599359 root:root 0640 - -
 ZXRjL3N1ZG9lcnMuZC9yb290LWFjY2Vzcw== 1757600157 1757600157 root:root 0640 - -
 aG9tZS8uZ2l0aWdub3Jl 1757762052 1757762052 root:root 0644 - -

etc/conf.d/.gitignore

@@ -21,6 +21,7 @@
 /ntpd
 /rdate
 /seedrng
+/sshguard
 /staticroute
 /swap
 /swclock

etc/sshguard.conf

@@ -0,0 +1,54 @@
+#!/bin/sh
+# sshguard.conf -- SSHGuard configuration
+
+# Full path to backend executable (required, no default)
+BACKEND="/usr/libexec/sshg-fw-iptables"
+
+# Space-separated list of log files to monitor. (optional, no default)
+FILES="/var/log/core.slackware.uk.net/auth"
+
+# Shell command that provides logs on standard output. (optional, no default)
+# Example 1: ssh and sendmail from systemd journal:
+#LOGREADER="LANG=C /usr/bin/journalctl -afb -p info -n1 -t sshd -t sendmail -o cat"
+# Example 2: ssh from os_log (macOS 10.12+)
+#LOGREADER="/usr/bin/log stream --style syslog --predicate '(processImagePath contains \"sshd\")'"
+
+# Block attackers when their cumulative attack score exceeds THRESHOLD.
+# Most attacks have a score of 10. (optional, default 30)
+THRESHOLD=10
+
+# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
+# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
+BLOCK_TIME=86400
+
+# Remember potential attackers for up to DETECTION_TIME seconds before
+# resetting their score. (optional, default 1800)
+DETECTION_TIME=28800
+
+# Size of IPv6 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 128)
+IPV6_SUBNET=128
+
+# Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32)
+IPV4_SUBNET=32
+
+# Full path to PID file (optional, no default)
+PID_FILE=/run/sshguard.pid
+
+# Colon-separated blacklist threshold and full path to blacklist file.
+# (optional, no default)
+BLACKLIST_FILE=10:/var/lib/sshguard/blacklist
+
+# IP addresses listed in the WHITELIST_FILE are considered to be
+# friendlies and will never be blocked.
+WHITELIST_FILE=/etc/sshguard.whitelist
+
+# If PARSER is unset, SSHGuard will use the installed sshg-parser as its
+# parser. Setting PARSER overrides this, so that you can use your own parser.
+#PARSER=
+
+# Run POST_PARSER as a filter after the parser. POST_PARSER must read as input
+# and produce as output lines in the format used by sshg-parser. This example
+# implements primitive whitelisting, preventing sshg-blocker from seeing
+# attacks from 1.2.3.4. Unlike whitelisting, attacks filtered by POST_PARSER
+# are not logged by SSHGuard.
+#POST_PARSER="grep -v 1.2.3.4"

etc/sshguard.whitelist

@@ -0,0 +1,19 @@
+# Localhost.
+127.0.0.1/8
+::1
+
+# UK Servers
+5.101.171.208/28
+2a01:a500:2981:1::/64
+
+# Linode
+172.236.16.105
+2600:3c13::2000:50ff:fef4:7f56
+
+# Loveservers
+185.176.90.169
+2a07:4580:b0d:57f::169
+
+# Afterdark
+afterdark.org.uk
+2001:470:1f1c:58::/64