Difference between pages "Package:Sshguard" and "Package:Gzip"

(Difference between pages)
 
 
Line 1: Line 1:
 
{{Ebuild
 
{{Ebuild
|Summary=protects hosts from brute force attacks against ssh
+
|Summary=Gzip is the standard GNU compressor/decompressor, used to create and expand .gz archives.
|CatPkg=app-admin/sshguard
+
|CatPkg=app-arch/gzip
|Maintainer=
+
|Maintainer=Oleg,
 +
|Repository=Funtoo Overlay
 
}}
 
}}
__TOC__
+
Our forked version of Gzip adds a patch to add the <tt>--rsyncable</tt> option, which creates an "rsync-friendly" archive. This option used by <tt>vzdump>/tt> utility
'''sshguard''' is an intrusion prevention system.  sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules.  sshguard is written in C so it does not tax an interprator.
+
  
== Installation ==
+
Here is the full description of this option:
=== Emerge ===
+
To install sshguard:
+
  
<console>
+
<blockquote>
###i## emerge app-admin/sshguard
+
"While compressing, synchronize the output occasionally based on the
</console>
+
inputThis reduces compression by about 1 percent most cases, but
 
+
means that the <tt>rsync</tt> program can take advantage of similarities
=== Configuration ===
+
in the uncompressed input when syncronizing two files compressed with
sshguard does not have a configuration filesshguard is controlled by flags passed to it upon execution.
+
this flag.  <tt>gunzip</tt> cannot tell the difference between a
 
+
compressed file created with this option, and one created without it."
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
+
</blockquote>
 
+
==== Rules ====
+
{{file|name=/etc/conf.d/sshguard|desc=overly strict rules|body=
+
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"}}
+
 
+
==== Logs ====
+
sshguard will fail to start unless it has proper authorization logs to monitor.
+
 
+
{{file|name=/etc/conf.d/sshguard|desc=syslog-ng log location|body=
+
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"}}
+
 
+
== Iptables ==
+
=== IP v4 ===
+
Generate blank iptables rules, and start iptables as outlined [[Iptables#First_Run|here]].
+
 
+
Insert these rules to allow sshguard to ban malicious users.
+
 
+
<console>
+
###i## iptables -N sshguard
+
</console>
+
 
+
&& to block all trafic from offenders
+
 
+
<console>
+
###i## iptables -A INPUT -j sshguard
+
</console>
+
 
+
== Boot Service ==
+
=== OpenRC ===
+
To start sshguard immediately:
+
<console>
+
###i## rc-service sshguard start
+
</console>
+
 
+
To start sshguard upon reboot:
+
<console>
+
###i## rc-update add sshguard default
+
</console>
+
 
+
== External Resources ==
+
*http://www.sshguard.net/
+
*http://www.ohloh.net/p/sshguard
+
 
+
[[Category:Security]]
+
[[Category:Server]]
+
 
{{EbuildFooter}}
 
{{EbuildFooter}}

Revision as of 12:23, June 27, 2014

app-arch/gzip


Current Maintainer(s):Oleg Vinichenko
Source Repository:Funtoo Overlay

Summary: Gzip is the standard GNU compressor/decompressor, used to create and expand .gz archives.

Gzip

Our forked version of Gzip adds a patch to add the --rsyncable option, which creates an "rsync-friendly" archive. This option used by vzdump>/tt> utility

Here is the full description of this option:

"While compressing, synchronize the output occasionally based on the input. This reduces compression by about 1 percent most cases, but means that the <tt>rsync</tt> program can take advantage of similarities in the uncompressed input when syncronizing two files compressed with this flag. <tt>gunzip</tt> cannot tell the difference between a compressed file created with this option, and one created without it."


</div></div></div>