Provided by: sshguard_2.4.2-1_amd64 bug

NAME
       sshguard - block brute-force attacks by aggregating system logs


SYNOPSIS
       sshguard   [-hv]   [-a   threshold]   [-b  threshold:blacklist_file]  [-i  pidfile]  [-p  blocktime]  [-s
       detection_time] [-w address | whitelist_file] [file ...]


DESCRIPTION
       sshguard protects hosts from brute-force attacks against SSH and other  services.  It  aggregates  system
       logs and blocks repeat offenders using one of several firewall backends.

       sshguard  can monitor log files.  Log messages are parsed line-by-line for recognized patterns. An attack
       is detected when several patterns are matched in a set time interval. Attackers are  blocked  temporarily
       but can also be semi-permanently banned using the blacklist option.


OPTIONS
       -a threshold (default 30)
              Block  attackers  when their cumulative attack score exceeds threshold.  Most attacks have a score
              of 10.

       -b threshold:blacklist_file
              Blacklist an attacker when its score exceeds threshold. Blacklisted addresses are loaded from  and
              added to blacklist-file.

       -i pidfile
              Write the PID of sshguard to pidfile.

       -p blocktime (default 120)
              Block  attackers  for  initially  blocktime  seconds  after exceeding threshold. Subsequent blocks
              increase by a factor of 1.5.

              sshguard unblocks attacks at random intervals, so actual block times will be longer.

       -s detection_time (default 1800)
              Remember potential attackers for up to detection_time seconds before resetting their score.

       [-w address | whitelist_file]
              Whitelist a single address, hostname, or address block given as address. This option can be  given
              multiple  times.  Alternatively, provide an absolute path to a whitelist_file containing addresses
              to whitelist. See WHITELISTING.

       -h     Print usage information and exit.

       -v     Print version information and exit.


ENVIRONMENT
       SSHGUARD_DEBUG
              Set to enable verbose output from sshg-blocker.


FILES
       %PREFIX%/etc/sshguard.conf
              See sample configuration file.


WHITELISTING
       Whitelisted addresses are never blocked. Addresses can be specified on the command line or be stored in a
       file.

       On the command line, give the -w option one or more times with an IP  address,  CIDR  address  block,  or
       hostname  as  an  argument.  Hostnames  are  resolved once at startup. If a hostname resolves to multiple
       addresses, all of them are whitelisted. For example:

          sshguard -w 192.168.1.10 -w 192.168.0.0/24 -w friend.example.com
              -w 2001:0db8:85a3:0000:0000:8a2e:0370:7334
              -w 2002:836b:4179::836b:0000/126

       If the argument to -w begins with a forward slash ('/') or dot ('.'), the argument is treated as the path
       to a whitelist file.

       The whitelist file contains comments (lines beginning with '#'), addresses, address blocks, or hostnames,
       one per line.


SEE ALSO
       sshguard-setup(7)

2.4                                               May 23, 2019                                       SSHGUARD(8)