### Autogenerated by ssh.py ### {% if dynamic_protection is defined and dynamic_protection is not none %} # Full path to backend executable (required, no default) BACKEND="/usr/lib/x86_64-linux-gnu/sshg-fw-nft-sets" # Shell command that provides logs on standard output. (optional, no default) # Example 1: ssh and sendmail from systemd journal: LOGREADER="LANG=C journalctl -afb -p info -n1 -t sshd -o cat" #### OPTIONS #### # Block attackers when their cumulative attack score exceeds THRESHOLD. # Most attacks have a score of 10. (optional, default 30) THRESHOLD={{ dynamic_protection.threshold }} # Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD. # Subsequent blocks increase by a factor of 1.5. (optional, default 120) BLOCK_TIME={{ dynamic_protection.block_time }} # Remember potential attackers for up to DETECTION_TIME seconds before # resetting their score. (optional, default 1800) DETECTION_TIME={{ dynamic_protection.detect_time }} # IP addresses listed in the WHITELIST_FILE are considered to be # friendlies and will never be blocked. WHITELIST_FILE=/etc/sshguard/whitelist {% endif %}