Add sshguard
This commit is contained in:
parent
27fd64fe0d
commit
37ede9a5d8
25
etc/sshguard/sshguard.conf
Normal file
25
etc/sshguard/sshguard.conf
Normal file
|
@ -0,0 +1,25 @@
|
|||
#### REQUIRED CONFIGURATION ####
|
||||
# Full path to backend executable (required, no default)
|
||||
BACKEND="/usr/libexec/sshguard/sshg-fw-nft-sets"
|
||||
|
||||
# Shell command that provides logs on standard output. (optional, no default)
|
||||
# Example 1: ssh and sendmail from systemd journal:
|
||||
LOGREADER="LANG=C journalctl -afb -p info -n1 -t sshd -o cat"
|
||||
|
||||
#### OPTIONS ####
|
||||
# Block attackers when their cumulative attack score exceeds THRESHOLD.
|
||||
# Most attacks have a score of 10. (optional, default 30)
|
||||
THRESHOLD=20
|
||||
|
||||
# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
|
||||
# Subsequent blocks increase by a factor of 1.5. (optional, default 120)
|
||||
BLOCK_TIME=180
|
||||
|
||||
# Remember potential attackers for up to DETECTION_TIME seconds before
|
||||
# resetting their score. (optional, default 1800)
|
||||
DETECTION_TIME=3600
|
||||
|
||||
# IP addresses listed in the WHITELIST_FILE are considered to be
|
||||
# friendlies and will never be blocked.
|
||||
WHITELIST_FILE=/etc/sshguard/whitelist
|
||||
BLACKLIST_FILE=80:/etc/sshguard/blacklist
|
Loading…
Reference in a new issue