|
|
Line 1: |
Line 1: |
| {{Ebuild | | {{Person |
| |Summary=protects hosts from brute force attacks against ssh | | |Geoloc=47.78129, 7.34687 |
| |CatPkg=app-admin/sshguard | | |Location name=Illzach |
| |Maintainer= | | |Blogs= |
| }} | | }} |
| __TOC__
| |
| '''sshguard''' is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.
| |
|
| |
| == Installation ==
| |
| === Emerge ===
| |
| To install sshguard:
| |
|
| |
| <console>
| |
| ###i## emerge app-admin/sshguard
| |
| </console>
| |
|
| |
| === Configuration ===
| |
| sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.
| |
|
| |
| /etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
| |
|
| |
| ==== Rules ====
| |
| {{file|name=/etc/conf.d/sshguard|desc=overly strict rules|body=
| |
| SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"}}
| |
|
| |
| ==== Logs ====
| |
| sshguard will fail to start unless it has proper authorization logs to monitor.
| |
|
| |
| {{file|name=/etc/conf.d/sshguard|desc=syslog-ng log location|body=
| |
| SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"}}
| |
|
| |
| == Iptables ==
| |
| === IP v4 ===
| |
| Generate blank iptables rules, and start iptables as outlined [[Iptables#First_Run|here]].
| |
|
| |
| Insert these rules to allow sshguard to ban malicious users.
| |
|
| |
| <console>
| |
| ###i## iptables -N sshguard
| |
| </console>
| |
|
| |
| && to block all trafic from offenders
| |
|
| |
| <console>
| |
| ###i## iptables -A INPUT -j sshguard
| |
| </console>
| |
|
| |
| == Boot Service ==
| |
| === OpenRC ===
| |
| To start sshguard immediately:
| |
| <console>
| |
| ###i## rc-service sshguard start
| |
| </console>
| |
|
| |
| To start sshguard upon reboot:
| |
| <console>
| |
| ###i## rc-update add sshguard default
| |
| </console>
| |
|
| |
| == External Resources ==
| |
| *http://www.sshguard.net/
| |
| *http://www.ohloh.net/p/sshguard
| |
|
| |
| [[Category:Security]]
| |
| [[Category:Server]]
| |
| {{EbuildFooter}}
| |