local lib = import '_lib.jsonnet';
{
  streams: {
    ssh: {
      cmd: ['journalctl', '-fn0', '-u', 'sshd.service'],
      filters: {
        badssh: lib.filter_default + {
          regex: [
            @'User root from <ip> not allowed because not listed in AllowUsers',
          ],
        // ce filtre est peu pertinent avec sshguard et va le ralentir dans sa lutte contre les méchants.
        failedlogin: {
          regex: [
            @'authentication failure;.*rhost=<ip>',
            @'Connection reset by authenticating user .* <ip>',
            @'Failed password for .* from <ip>',
          ],
          retry: 3,
          retryperiod: '6h',
          actions: lib.banFor('48h', 'SSH: login échoué'),
        },
      },
    },
  },
}