56 lines
2.3 KiB
Bash
56 lines
2.3 KiB
Bash
#!/bin/sh
|
|
# sshguard.conf -- SSHGuard configuration
|
|
# Options that are uncommented in this example are set to their default
|
|
# values. Options without defaults are commented out.
|
|
|
|
# Full path to backend executable (required, no default)
|
|
BACKEND="/usr/libexec/sshg-fw-ipset"
|
|
|
|
# Space-separated list of log files to monitor. (optional, no default)
|
|
FILES="/var/log/sshd"
|
|
|
|
# Shell command that provides logs on standard output. (optional, no default)
|
|
# Example 1: ssh and sendmail from systemd journal:
|
|
#LOGREADER="LANG=C /usr/bin/journalctl -afb -p info -n1 -t sshd -t sendmail -o cat"
|
|
# Example 2: ssh from os_log (macOS 10.12+)
|
|
#LOGREADER="/usr/bin/log stream --style syslog --predicate '(processImagePath contains \"sshd\")'"
|
|
|
|
# Block attackers when their cumulative attack score exceeds THRESHOLD.
|
|
# Most attacks have a score of 10. (optional, default 30)
|
|
THRESHOLD=10
|
|
|
|
# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
|
|
# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
|
|
BLOCK_TIME=86400
|
|
|
|
# Remember potential attackers for up to DETECTION_TIME seconds before
|
|
# resetting their score. (optional, default 1800)
|
|
DETECTION_TIME=28800
|
|
|
|
# Size of IPv6 'subnet to block. Defaults to a single address, CIDR notation. (optional, default to 128)
|
|
IPV6_SUBNET=128
|
|
|
|
# Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (optional, default to 32)
|
|
IPV4_SUBNET=32
|
|
|
|
# Full path to PID file (optional, no default)
|
|
PID_FILE=/run/sshguard.pid
|
|
|
|
# Colon-separated blacklist threshold and full path to blacklist file.
|
|
# (optional, no default)
|
|
BLACKLIST_FILE=20:/var/lib/sshguard/blacklist
|
|
|
|
# IP addresses listed in the WHITELIST_FILE are considered to be
|
|
# friendlies and will never be blocked.
|
|
WHITELIST_FILE=/etc/sshguard.whitelist
|
|
|
|
# If PARSER is unset, SSHGuard will use the installed sshg-parser as its
|
|
# parser. Setting PARSER overrides this, so that you can use your own parser.
|
|
#PARSER=
|
|
|
|
# Run POST_PARSER as a filter after the parser. POST_PARSER must read as input
|
|
# and produce as output lines in the format used by sshg-parser. This example
|
|
# implements primitive whitelisting, preventing sshg-blocker from seeing
|
|
# attacks from 1.2.3.4. Unlike whitelisting, attacks filtered by POST_PARSER
|
|
# are not logged by SSHGuard.
|
|
#POST_PARSER="grep -v 1.2.3.4"
|