SSHGuard monitors logging activity and reacts to attacks by blocking their source IP addresses. sshguard has born for protecting SSH servers from the today's widespread brute force attacks, and evolved to an extensible log supervisor for blocking attacks to applications in real-time.
SSHGuard is given log messages in its standard input. By means of a parser, it decides whether an entry is normal activity or attack. After a number of attacks, the IP address is blocked with the firewall.
These are the available blocking backends:
- SSHGuard with PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
- SSHGuard with IP FILTER (FreeBSD, NetBSD, Solaris)
- SSHGuard with IPFW (FreeBSD, Mac OS X)
- SSHGuard with netfilter/iptables (Linux)
- SSHGuard with TCP wrappers / hosts.allow (almost any UNIX system)