Log entries classified as attacks are associated with a service. SSHGuard maintains a numeric list of 'service codes' representing different services.

These service codes are defined in src/common/attack.h.

Service codes from v2.1.0

SERVICES_ALL            = 0,    //< anything
SERVICES_SSH            = 100,  //< ssh
SERVICES_SSHGUARD       = 110,  //< SSHGuard
SERVICES_UWIMAP         = 200,  //< UWimap for imap and pop daemon
SERVICES_DOVECOT        = 210,  //< dovecot
SERVICES_CYRUSIMAP      = 220,  //< cyrus-imap
SERVICES_CUCIPOP        = 230,  //< cucipop
SERVICES_EXIM           = 240,  //< exim
SERVICES_SENDMAIL       = 250,  //< sendmail
SERVICES_POSTFIX        = 260,  //< postfix
SERVICES_FREEBSDFTPD    = 300,  //< ftpd shipped with FreeBSD
SERVICES_PROFTPD        = 310,  //< ProFTPd
SERVICES_PUREFTPD       = 320,  //< Pure-FTPd
SERVICES_VSFTPD         = 330,  //< vsftpd
SERVICES_COCKPIT        = 340,  //< cockpit management dashboard
SERVICES_CLF_UNAUTH     = 350,  //< HTTP 401 in common log format
SERVICES_CLF_PROBES     = 360,  //< probes for common web services
SERVICES_CLF_WORDPRESS  = 370,  //< WordPress logins in common log format

Lates Releases View all»

  • Latest releases Latest releases are available from SourceForge. See 'News'.
  • sshguard 1.5 This is a milestone release, coming after 18 months ...
  • sshguard 1.5 Sshguard monitors services through their logging activity. It reacts ...

F.A.Q. View all»

  • What is sshguard?Sshguard is a small program that monitors services running on your machine from the log files. When it ...
  • Sshguard does not workYou have one of these problems: sshguard is not given logs correctly sshguard cannot run the commands for ...
  • What does sshguard do?The short version is: it receives log messages, it detects when a networked service has been abused based ...