Package Release Info


Update Info: Base Release
Available in Package Hub : 15 SP4





Change Logs

* Sun May 16 2021 Enrico Belleri <>
- Changed 'BACKEND' to "/usr/libexec/sshg-fw-iptables" from incorrect syntax
* Wed May 12 2021 Ferdinand Thiessen <>
- Update to version 2.4.2
  * Recognize rejections from Postfix's postscreen daemon
  * The parser can now be changed using the 'PARSER' and
    'POST_PARSER' options
  * Remove some false positive attack signatures for SSH and Cyrus
  * Adjust log verbosity of some log messages
  * The *firewalld* backend now uses *firewall-cmd* instead of
    'iptables' to flush block lists
* Wed Aug 26 2020 Joop Boonen <>
- Build version 2.4.1
  * Recognize RFC 5424 syslog banners
  * Recognize busybox syslog -S banners
  * Recognize rsyslog banners
  * Recognize web services TYPO3, Contao, and Joomla
  * Update signatures for Dovecot
  * Update signatures for OpenSSH
  * Whitelist entire and ::1 block
  * Whitelist file allows inline comments
  * Fix FILES and LOGREADER configuration file options
- boo#1124121
* Tue Jun 11 2019 Joop Boonen <>
- Build version 2.4.0
  * Match "Failed authentication attempt" for Gitea
  * Log human-readable service names instead of service code
  * Correctly terminate child processes when sshguard is killed
  * No longer accept logs given via standard input
* Wed Feb 06 2019
- Removed not needed files and service files
  as sshguard can now parse journal files
- /etc/sysconfig/sshguard is not used any more
  as sshguard uses it's own config file
* Mon Feb 04 2019 Jan Engelhardt <>
- Use noun phrase in summary.
- Join %service_* to reduce generated boilerplate.
* Thu Jan 24 2019
- Build version 2.3.1
  * Fix OpenSSH "Did not receive identification string"
  * Fix syslog banner detection on macOS
- Build version 2.3.0
  * Add signatures for Courier IMAP/POP and OpenVPN
  * Add signatures for TLS failures against Cyrus IMAP
  * Match more attacks against SSHD, Cockpit, and Dovecot
  * Update SSH invalid user signature for macOS
  * Add to and remove from ipfw table quietly
  * Reduce "Connection closed... [preauth]" score to 2
  * Switch ipsets to hash:net
  * Don't recreate existing ipsets
  * Match more log banners (Fix greedy SYSLOG_BANNER)
- Build version 2.2.0
  * Add '--disable-maintainer-mode' in configure for package maintainers
  * BusyBox log banner detection
  * Match Exim "auth mechanism not supported"
  * Match Exim "auth when not advertised"
  * Match Postfix greylist early retry
  * OpenSMTPD monitoring support
  * Recognize IPv6 addresses with interface name
  * Ignore CR in addition to LF
  * Only log attacks if not already blocked or whitelisted
  * Use correct signal names in driver shell script
- Build version 2.1.0
  * Add nftables backend
  * Add monitoring support for new service: Cockpit, Linux server dashboard
  * Match "maximum authentication attempts" for SSH
  * Match Debian-style "Failed password for invalid user" for SSH
  * Add monitoring support for new service: Common webserver probes, in
    Common Log Format
  * Match 'Disconnecting invalid user' for SSH
  * Add monitoring support for new service: WordPress, in Common Log Format
  * Add monitoring support for new service: SSHGuard
  * Firewall backends now support blocking subnets.
  * Add new IPV6_SUBNET and IPV4_SUBNET configuration options. Defaults
    to traditional single-address blocking.
  * Add monitoring support for new service: OpenSMTPD
  * Log whitelist matches with higher priority
  * Match port number in "invalid user" attack
  * FirewallD backend reloads firewall configuration less often.
- Build version 2.0.0
  * Add firewalld backend
  * Add ipset backend
  * Annotate logs using -a flag to sshg-parser
  * Match "no matching cipher" for SSH
  * Preliminary support for Capsicum and pledge()
  * Resurrect ipfilter backend
  * Support reading from os_log on macOS 10.12 and systemd journal
  * Add warning when reading from standard input
  * Build and install all backends by default
  * Improve log messages and tweak logging priorities
  * Runtime flags now configurable in the configuration file
  * SSHGuard requires a configuration file to start
  * Remove process validation (-f option)
  * Fix ipfw backend on FreeBSD 11
  * Fix initial block time
  * Update Dovecot pattern for macOS
  * Use standard score for Sendmail auth attack
* Thu Nov 08 2018
-  Corrected the service scripts, start after
Version: 1.7.1-2.1
* Wed Mar 01 2017
- Add a systemd journal tail so sshguard can parse this file
* Thu Dec 29 2016
- Build version 1.7.1
  - Add sample Mac OS X 10.12 style launchd.plist
  - Allow multiple forward slashes in process name
  - Log released addresses only when debugging
  - Process validation (``-f`` option) is deprecated
  - Adjust TIMESTAMP_ISO8601 for Mac OS X 10.12
  - Fix build error in hosts backend
  - Fix empty functions in firewall scripts causing errors with Bash
  - Flush stdout after every line in sshg-parser
  - Add *sshg-logtail*
  - Add *sshg-parser*
  - Control firewall using *sshg-fw*
  - Match "no matching key exchange method" for SSH
  - Hosts backend is deprecated
  - Logsuck (``-l`` option) is deprecated, use *sshg-logtail* instead
  - Process validation (``-f`` option) is deprecated
  - Remove external hooks (``-e`` option)
  - Remove support for genfilt and ipfilter backends
  - Accept socklog messages without a timestamp
  - Fix excessive logging causing endless looping in logsuck
  - Fix undefined assignment of initial inode number
  - Match Postfix pre-authentication disconnects
  - Fix bashisms in iptables backend
  - Fix size argument in inet_ntop() call
  - Remove excessive logging when polling from files
  - Keep looking for unreadable files while polling
  - Update Dovecot signature for POP3
  - Match "Connection reset" message for SSH
  - Resurrect PID file option by popular demand
  - Adjust default abuse threshold
* Fri Feb 19 2016
- Added a corrected attack treshold value (40 default)
* Thu Feb 18 2016
- Build version 1.6.3
  - Disable blacklisting by default
  - Implement logging as wrappers around syslog(2)
  - Improve log and error messages
  - Match sendmail authentication failures
  - Remove PID file option
  - Remove SIGTSTP and SIGCONT handler
  - Remove reverse mapping attack signature
  - Remove safe_fgets() and exit on interrupt
  - Terminate state entries for hosts blocked with pf
  - Update and shorten command-line usage
  - Use 'configure' to set feature-test macros
- Updated patch file for new version of sshguard
* Mon Jan 11 2016
- Added ip6tables support handles via init and service files
* Fri Oct 16 2015
- Corrected a iptables error, that prevented sshguard
  from functioning correctly
* Thu Oct 15 2015
- Moved blacklist.db to /var/lib/sshguard/db/blacklist.db analog
  most SUSE packages
* Thu Oct 15 2015
- Corrected the blacklist as it's auto generated
- Improved sysconfig
* Wed Oct 14 2015
- Build version 1.6.2
  + Make '-w' option backwards-compatible for iptables (James Harris)
  + Remove support for ip6fw and 'ipfw-range' option
  + Rewrite ipfw backend using command framework
- The white and black list now initially reside in files
* Mon Sep 28 2015
- Build version 1.6.1
- Added sshguard-gcc5.patch so it also builds via gcc5
- Created a sshguard.service file so it'll run on systemd
* Wed Mar 27 2013
- Reformated the spec file to the openSUSE standard
  so it can be submitted to Factory
* Sat Feb 19 2011
- update to 1.5:
  + logsucker: sshguard polls multiple log files at once
  + recognize syslog's "last message repeated N times" contextually
    and per-source
  + attackers now gauged with attack *dangerousness* instead of
    count (adjust your -a !)
  + improve IPv6 support
  + add detection for: Exim, vsftpd, Sendmail, Cucipop
  + improve logging granularity and descriptiveness
  + add -i command line option for saving PID file as an aid for
    startup scripts
  + update some attack signatures
- cleanup specfile via spec-cleaner
* Wed Dec 01 2010
- fix typo in macro
- revert a bit of cleanup to make it backwards compatible
* Tue Nov 02 2010
- cleanup spec file
* Wed Sep 29 2010
- update to version 1.5rc4
* Sun Apr 04 2010
- update to version 1.5rc1
* Thu Feb 11 2010
- added init script and sysconfig
* Wed Feb 10 2010
- initial openSUSE package
Version: 1.7.1-bp150.2.2
* Thu Nov 23 2017
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)