manpagez: man pages & more
man sshguard(8)

man pages By Section Choose... 123456789ln Alphabetically Choose... ABCDEFGHIJKLMNOPQRSTUVWXYZOther

Home | html | info | man

sshguard(8)                     SSHGuard Manual                    sshguard(8)

NAME

       sshguard - block brute-force attacks by aggregating system logs

SYNOPSIS

       sshguard  [-hv]  [-a  threshold] [-b threshold:blacklist_file] [-i pid-
       file] [-p blocktime] [-s detection_time] [-w address |  whitelist_file]
       [file ...]

DESCRIPTION

       sshguard  protects hosts from brute-force attacks against SSH and other
       services. It aggregates system logs and blocks repeat  offenders  using
       one of several firewall backends.

       sshguard  can  monitor log files.  Log messages are parsed line-by-line
       for recognized patterns. An attack is detected  when  several  patterns
       are  matched  in a set time interval. Attackers are blocked temporarily
       but can also be semi-permanently banned using the blacklist option.

OPTIONS

       -a threshold (default 30)
              Block attackers  when  their  cumulative  attack  score  exceeds
              threshold.  Most attacks have a score of 10.

       -b threshold:blacklist_file
              Blacklist  an  attacker when its score exceeds threshold. Black-
              listed addresses are loaded from and added to blacklist-file.

       -i pidfile
              Write the PID of sshguard to pidfile.

       -p blocktime (default 120)
              Block attackers for initially blocktime seconds after  exceeding
              threshold. Subsequent blocks increase by a factor of 1.5.

              sshguard  unblocks  attacks at random intervals, so actual block
              times will be longer.

       -s detection_time (default 1800)
              Remember potential attackers for up  to  detection_time  seconds
              before resetting their score.

       [-w address | whitelist_file]
              Whitelist  a single address, hostname, or address block given as
              address. This option can be given multiple times. Alternatively,
              provide   an   absolute  path  to  a  whitelist_file  containing
              addresses to whitelist. See WHITELISTING.

       -h     Print usage information and exit.

       -v     Print version information and exit.

ENVIRONMENT

       SSHGUARD_DEBUG
              Set to enable verbose output from sshg-blocker.

FILES

       %PREFIX%/etc/sshguard.conf
              See sample configuration file.

WHITELISTING

       Whitelisted addresses are never blocked. Addresses can be specified  on
       the command line or be stored in a file.

       On  the  command  line, give the -w option one or more times with an IP
       address, CIDR address block, or hostname as an argument. Hostnames  are
       resolved once at startup. If a hostname resolves to multiple addresses,
       all of them are whitelisted. For example:

          sshguard -w 192.168.1.10 -w 192.168.0.0/24 -w friend.example.com
              -w 2001:0db8:85a3:0000:0000:8a2e:0370:7334
              -w 2002:836b:4179::836b:0000/126

       If the argument to -w begins with a forward slash ('/') or  dot  ('.'),
       the argument is treated as the path to a whitelist file.

       The  whitelist  file  contains  comments  (lines  beginning  with '#'),
       addresses, address blocks, or hostnames, one per line.

SEE ALSO

       sshguard-setup(7)



2.4                              May 23, 2019                      sshguard(8)

---

sshguard 2.4.0 - Generated Fri Jun 14 09:42:31 CDT 2019

© manpagez.com 2000-2025
Individual documents may contain additional copyright information.