|
 |
a1c0026 |
# sshguard.conf -- SSHGuard configuration file
|
|
|
a1c0026 |
# For details, see 'man sshguard-setup' and 'man sshguard'
|
|
|
a1c0026 |
|
|
|
a1c0026 |
#### REQUIRED CONFIGURATION ####
|
|
|
a1c0026 |
# Full path to backend executable (required, no default)
|
|
|
a1c0026 |
BACKEND="%{_libexecdir}/%{name}/__BACKEND__"
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Space-separated list of log files to monitor. (optional, no default)
|
|
|
a1c0026 |
#FILES="/var/log/auth.log /var/log/authlog /var/log/maillog"
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Shell command that provides logs on standard output. (optional, no default)
|
|
|
a1c0026 |
# By default, this only monitors sshd. Add further services
|
|
|
a1c0026 |
# you wish to monitor using '-t <service label>' or any other journald filter
|
|
|
a1c0026 |
LOGREADER="LANG=C %{_bindir}/journalctl -afb -p info -n1 -o cat -t sshd"
|
|
|
a1c0026 |
|
|
|
a1c0026 |
#### OPTIONS ####
|
|
|
a1c0026 |
# Block attackers when their cumulative attack score exceeds THRESHOLD.
|
|
|
a1c0026 |
# Most attacks have a score of 10. (default: 30)
|
|
|
a1c0026 |
#THRESHOLD=30
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD.
|
|
|
a1c0026 |
# Subsequent blocks increase by a factor of 1.5. (default: 120)
|
|
|
a1c0026 |
#BLOCK_TIME=120
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Remember potential attackers for up to DETECTION_TIME seconds before
|
|
|
a1c0026 |
# resetting their score. (default: 1800)
|
|
|
a1c0026 |
#DETECTION_TIME=1800
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Size of IPv6 'subnet to block. Defaults to a single address, CIDR notation. (default: 128)
|
|
|
a1c0026 |
#IPV6_SUBNET=128
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Size of IPv4 subnet to block. Defaults to a single address, CIDR notation. (default: 32)
|
|
|
a1c0026 |
#IPV4_SUBNET=32
|
|
|
a1c0026 |
|
|
|
a1c0026 |
#### EXTRAS ####
|
|
|
a1c0026 |
# !! Warning: These features may not work correctly with sandboxing. !!
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Full path to PID file
|
|
|
a1c0026 |
# Uncomment to let sshguard create a pidfile (default: do not create pidfile)
|
|
|
a1c0026 |
#PID_FILE=%{_rundir}/%{name}.pid
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Colon-separated blacklist threshold and full path to blacklist file.
|
|
|
a1c0026 |
# Uncomment to add attackers hitting the threshold to the permanent blacklist
|
|
|
a1c0026 |
# (default: disabled)
|
|
|
a1c0026 |
#BLACKLIST_FILE=90:%{_sharedstatedir}/%{name}/blacklist
|
|
|
a1c0026 |
|
|
|
a1c0026 |
# Full path to whitelist file.
|
|
|
a1c0026 |
# Uncomment to consider IP addresses, address blocks or hostnames listed in this
|
|
|
a1c0026 |
# file as friendlies that will never be blocked.
|
|
|
a1c0026 |
# (default: disabled)
|
|
|
a1c0026 |
#WHITELIST_FILE=%{_sysconfdir}/%{name}.whitelist
|