Looks like SSHGuard has some sensible defaults already according to it’s
- It uses a “dangerousness” value to track who should be banned, with different attacks being worth more or less points.
- It bans at 30 dangerousness points.
- It bans for ~2 minutes, with each successive ban being 1.5x longer than the last.
- It forgets about you completely in ~30 minutes
I think this should be perfectly sufficient for Freeside’s uses.
Edit: Ouch! Looks like there isn’t a package for Fedora yet (ugh! Every other distro has one…). While I don’t mind compiling from source personally, it’s something I’d really rather avoid in this instance.
We should investigate alternatives for Fedora first (such as fail2ban, but that’s heavier on resources) before resorting to compiling from source.