From a6648682564bf3e288af9633b3a3e80228995d8c Mon Sep 17 00:00:00 2001
From: Randy Bush <randy@psg.com>
Date: Sat, 4 Jul 2020 14:22:52 -0700
Subject: [PATCH] from wiki

---
 pages/UbuntoSshGuard.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 pages/UbuntoSshGuard.md

diff --git a/pages/UbuntoSshGuard.md b/pages/UbuntoSshGuard.md
new file mode 100644
index 0000000..3bd2bce
--- /dev/null
+++ b/pages/UbuntoSshGuard.md
@@ -0,0 +1,31 @@
+# Install SSH Guard
+
+Do the Installs
+
+```
+apt-get install syslog-ng
+apt-get install sshguard
+```
+
+Create the Start-Up
+
+```
+cat > /etc/syslog-ng/conf.d/00load-sshguard.conf 
+# pass only entries with auth+authpriv facilities from programs other
+# than sshguard
+filter f_sshguard { facility(auth, authpriv) and not program("sshguard"); };
+# pass entries built with this format
+destination sshguard {
+    program("/usr/sbin/sshguard"
+        template("$DATE $FULLHOST $MSGHDR$MESSAGE\n")
+    );
+};
+log { source(s_src); filter(f_sshguard); destination(sshguard); };
+```
+
+Restart Logging and SSH Guard
+
+```
+service syslog-ng restart
+service sshguard restart
+```