Difference between pages "Package:Lilo" and "Package:Sshguard"

(Difference between pages)
 
 
Line 1: Line 1:
 
{{Ebuild
 
{{Ebuild
|Summary=Standard Linux boot loader
+
|Summary=protects hosts from brute force attacks against ssh
|CatPkg=sys-boot/lilo
+
|CatPkg=app-admin/sshguard
 
|Maintainer=
 
|Maintainer=
 
}}
 
}}
 
__TOC__
 
__TOC__
'''Lilo''' linux loader is a boot loader to load linux, and other operating systemsLilo is called by default when running make install in kernel source directories.
+
'''sshguard''' is an intrusion prevention system.  sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rulessshguard is written in C so it does not tax an interprator.
=Installation=
+
==Emerge==
+
<console>##i### emerge lilo</console>
+
  
=Configure=
+
== Installation ==
 +
=== Emerge ===
 +
To install sshguard:
  
Lilo's default configuration example has hda references, lets change those to sda recursively using sed.<console>##i### sed -i -e 's/hda/sda/' /etc/lilo.conf.example</console>Now we copy the example configuration to the running configuration.<console>##i### cp /etc/lilo.conf.example /etc/lilo.conf</console>
+
<console>
 +
###i## emerge app-admin/sshguard
 +
</console>
  
==Default OS==
+
=== Configuration ===
 +
sshguard does not have a configuration file.  sshguard is controlled by flags passed to it upon execution.
  
To change default booting os.
+
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
  
{{file|name=/etc/lilo.conf|desc=|body=
+
==== Rules ====
# MBR to install LILO to:
+
{{file|name=/etc/conf.d/sshguard|desc=overly strict rules|body=
boot = /dev/sda
+
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"}}
map = /boot/.map
+
default = Funtoo
+
}}
+
 
+
==Timeout==
+
 
+
To have lilo auto start after a set time.
+
 
+
{{file|name=/etc/lilo.conf|desc=|body=
+
# If you always want to see the prompt with a 15 second timeout:
+
timeout=150}}
+
 
+
==Silence==
+
 
+
For silent kernel decompression at boot:
+
 
+
{{file|name=/etc/lilo.conf|desc=|body=
+
label = Funtoo
+
read-only # read-only for checking
+
append = "quiet"}}
+
  
==alternate init systems==
+
==== Logs ====
 +
sshguard will fail to start unless it has proper authorization logs to monitor.
  
to load an alternate init system, example systemd instead of openrc:
+
{{file|name=/etc/conf.d/sshguard|desc=syslog-ng log location|body=
 +
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"}}
  
{{file|name=/etc/lilo.conf|desc=|body=
+
== Iptables ==
label = Funtoo-systemd
+
=== IP v4 ===
read-only # read-only for checking
+
Generate blank iptables rules, and start iptables as outlined [[Iptables#First_Run|here]].
append = "quiet init=/usr/lib/systemd/systemd"}}
+
  
==Old Configs==
+
Insert these rules to allow sshguard to ban malicious users.
  
It is a good idea to keep an old image around in case problems crop up in new kernel builds.
+
<console>
 +
###i## iptables -N sshguard
 +
</console>
  
{{file|name=/etc/lilo.conf|desc=|body=
+
&& to block all trafic from offenders
#image = /boot/bzImage.old
+
        root = /dev/sda3
+
        #root = /devices/discs/disc0/part3
+
        label = funtoo.old
+
        read-only # read-only for checking#}}
+
  
=Kernel Linking=
+
<console>
 +
###i## iptables -A INPUT -j sshguard
 +
</console>
  
Using symlinks is a good idea to be able to determine if the loader is loading the correct image, and enable tab auto completion to ensure we are loading what we intend to.  symlinks remove an easy area to fumble when adjusting configurations.
+
== Boot Service ==
 +
=== OpenRC ===
 +
To start sshguard immediately:
 +
<console>
 +
###i## rc-service sshguard start
 +
</console>
  
<console>##i### ln -s /boot/vmlinuz-version /boot/bzImage</console>
+
To start sshguard upon reboot:
<console>##i### ln -s /boot/vmlinuz-version.old /boot/bzImage.old</console>
+
<console>
 +
###i## rc-update add sshguard default
 +
</console>
  
{{fancynote|if you do not use make install to copy your kernel to /boot, you must run lilo to load the new kernel images & install lilo to the hard drives mbr}}
+
== External Resources ==
 +
*http://www.sshguard.net/
 +
*http://www.ohloh.net/p/sshguard
  
==Install==
+
[[Category:Security]]
Install lilo to the MBR.<console>##i### lilo</console>[[Category:Bootloaders]]
+
[[Category:Server]]
 
{{EbuildFooter}}
 
{{EbuildFooter}}

Revision as of 12:21, June 27, 2014

app-admin/sshguard


Source Repository:Repository:Gentoo Portage Tree


Summary: protects hosts from brute force attacks against ssh

Use Flags

ipfilter
Enable ipfilter firewall support (only for *bsd)

News

Drobbins

IP Space Migration Continues

All Funtoo user containers in the 8.28 IP space will be moving into our new IP space (172.97) over the next few days. If you have DNS set up -- be sure to watch your container and update to the new IP! container.host.funtoo.org DNS will be updated after the move.
2015-08-27 by Drobbins
Drobbins

Funtoo Hosting IP Move

Funtoo user containers with IPs in the 72.18.x.x range will be gradually migrating to new IP addresses this week. If you have DNS entries for your containers, please be aware that your DNS will need to be updated.
2015-08-11 by Drobbins
Drobbins

New ARM Stages

New ARM Stages, built with a new toolchain, are now hitting mirrors. Existing ARM users should re-install using these stages (dated Aug 3, 2015 or later,) rather than upgrade using emerge.
2015-08-06 by Drobbins
More...

Sshguard

Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.

Installation

Emerge

To install sshguard:

# emerge app-admin/sshguard

Configuration

sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.

/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.

Rules

/etc/conf.d/sshguard - overly strict rules
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"

Logs

sshguard will fail to start unless it has proper authorization logs to monitor.

/etc/conf.d/sshguard - syslog-ng log location
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"

Iptables

IP v4

Generate blank iptables rules, and start iptables as outlined here.

Insert these rules to allow sshguard to ban malicious users.

# iptables -N sshguard

&& to block all trafic from offenders

# iptables -A INPUT -j sshguard

Boot Service

OpenRC

To start sshguard immediately:

# rc-service sshguard start

To start sshguard upon reboot:

# rc-update add sshguard default

External Resources