Difference between pages "Package:Sshguard" and "CPU FLAGS"

(Difference between pages)
 
 
Line 1: Line 1:
{{Ebuild
+
This page lists processor instruction sets that can be enabled on Funtoo Linux systems using the {{c|CPU_FLAGS_*}} variables.
|Summary=protects hosts from brute force attacks against ssh
+
|CatPkg=app-admin/sshguard
+
|Maintainer=
+
}}
+
__TOC__
+
'''sshguard''' is an intrusion prevention system.  sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules.  sshguard is written in C so it does not tax an interprator.
+
  
== Installation ==
+
==CPU_FLAGS_X86 ==
=== Emerge ===
+
To install sshguard:
+
  
<console>
+
{{TableStart}}
###i## emerge app-admin/sshguard
+
<tr><th>Flag</th><th>Introduced</th><th>Name</th><th></th></tr>
</console>
+
<tr><td>{{c|mmx}}</td><td>1997 (Pentium MMX)</td><td>MMX</td><td>See [[Wikipedia:MMX (instruction set)]] </td></tr>
 
+
<tr><td>{{c|mmxext}}</td><td>1999</td><td>AMD MMX Extensions</td><td>See [[Wikipedia:Extended MMX]]</td></tr>
=== Configuration ===
+
<tr><td>{{c|sse}}</td><td>1999 (Pentium III)</td><td>Streaming SIMD Extensions (SSE)</td><td>See [[Wikipedia:Streaming SIMD Extensions]]</td></tr>
sshguard does not have a configuration file.  sshguard is controlled by flags passed to it upon execution.
+
<tr><td>{{c|sse2}}</td><td>2001 (Pentium 4)</td><td>Streaming SIMD Extensions 2 (SSE2)</td><td>See [[Wikipedia:SSE2]]</td></tr>
 
+
<tr><td>{{c|sse3}}</td><td>2004 (Pentium 4 Prescott)</td><td>Streaming SIMD Extensions 3 (SSE3/PNI)</td><td>See [[Wikipedia:SSE3]]</td></tr>
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
+
<tr><td>{{c|ssse3}}</td><td>2006 (Core 2 Woodcrest)</td><td>Supplemental Streaming SIMD Extensions 3 (SSSE3)</td><td>See [[Wikipedia:SSSE3]]</td></tr>
 
+
<tr><td>{{c|popcnt}}</td><td>2007</td><td>POPCNT and LZCNT</td><td>See [[Wikipedia:SSE4#POPCNT_and_LZCNT]]</td></tr>
==== Rules ====
+
{{TableEnd}}
{{file|name=/etc/conf.d/sshguard|desc=overly strict rules|body=
+
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"}}
+
 
+
==== Logs ====
+
sshguard will fail to start unless it has proper authorization logs to monitor.
+
 
+
{{file|name=/etc/conf.d/sshguard|desc=syslog-ng log location|body=
+
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"}}
+
 
+
== Iptables ==
+
=== IP v4 ===
+
Generate blank iptables rules, and start iptables as outlined [[Iptables#First_Run|here]].
+
 
+
Insert these rules to allow sshguard to ban malicious users.
+
 
+
<console>
+
###i## iptables -N sshguard
+
</console>
+
 
+
&& to block all trafic from offenders
+
 
+
<console>
+
###i## iptables -A INPUT -j sshguard
+
</console>
+
 
+
== Boot Service ==
+
=== OpenRC ===
+
To start sshguard immediately:
+
<console>
+
###i## rc-service sshguard start
+
</console>
+
 
+
To start sshguard upon reboot:
+
<console>
+
###i## rc-update add sshguard default
+
</console>
+
 
+
== External Resources ==
+
*http://www.sshguard.net/
+
*http://www.ohloh.net/p/sshguard
+
 
+
[[Category:Security]]
+
[[Category:Server]]
+
{{EbuildFooter}}
+

Revision as of 18:55, March 26, 2015

This page lists processor instruction sets that can be enabled on Funtoo Linux systems using the CPU_FLAGS_* variables.

CPU_FLAGS_X86

FlagIntroducedName
mmx1997 (Pentium MMX)MMXSee Wikipedia:MMX (instruction set)
mmxext1999AMD MMX ExtensionsSee Wikipedia:Extended MMX
sse1999 (Pentium III)Streaming SIMD Extensions (SSE)See Wikipedia:Streaming SIMD Extensions
sse22001 (Pentium 4)Streaming SIMD Extensions 2 (SSE2)See Wikipedia:SSE2
sse32004 (Pentium 4 Prescott)Streaming SIMD Extensions 3 (SSE3/PNI)See Wikipedia:SSE3
ssse32006 (Core 2 Woodcrest)Supplemental Streaming SIMD Extensions 3 (SSSE3)See Wikipedia:SSSE3
popcnt2007POPCNT and LZCNTSee Wikipedia:SSE4#POPCNT_and_LZCNT