|Source Repository:||Gentoo Portage Tree|
Summary: protects hosts from brute force attacks against ssh
- Enable ipfilter firewall support (only for *bsd)
sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.
To install sshguard:
sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
sshguard will fail to start unless it has proper authorization logs to monitor.
Generate blank iptables rules, and start iptables as outlined here.
Insert these rules to allow sshguard to ban malicious users.
#iptables -N sshguard
&& to block all trafic from offenders
#iptables -A INPUT -j sshguard
To start sshguard immediately:
#rc-service sshguard start
To start sshguard upon reboot:
#rc-update add sshguard default