#sshguard

A Puppet module to install and manage sshguard

##Usage

To use this module with the default configuration, just start with this:

include ::sshguard

All changes can be done via class {'sshguard':}. See following parameters

#####package_version Puppet package ensure - see Type Reference

#####package_name Name of sshguard package

manage_service_ensure

Puppet service ensure - see Type Reference

manage_service_enable

Puppet service enable - see Type Reference

Customize /etc/sshguard/whitelist

whitelist

Array containing addr/host/block e.g whitelist['127.0.0.0/8','host.example.com']. Values will be written into /etc/sshguard/whitelist. To see some examples check /usr/share/doc/sshguard/examples/whitelistfile.example.

Customize /etc/default/sshguard

enable_firewall

Settingenable_filewall = 0 will prevent sshguard init script from changing firewall rules - it's your job then!

logfiles

Array containing logfiles to be scanned by sshguard e.g logfiles = ['/var/log/auth.log','/var/log/syslog'].

safety_thresh

Number of hits after which blocking an address - default is 40.

pardon_min_interval

Seconds after which unblocking a blocked address - default is 420.

prescribe_interval

Seconds after which forgetting about a cracker candidate - default is 1200.

Authors

• Johannes Graf (@grafjo)

License

puppet-sshguard is released under the MIT License. See the bundled LICENSE file for details.