|Source Repository:||Gentoo Portage Tree|
Summary: protects hosts from brute force attacks against ssh
- Enable ipfilter firewall support (only for *bsd)
Newsletter, Volume 1Discussed: ati-drivers, GitHub integration, Funtoo on ARM, GNOME updates, Organizations, and two new devs.
New Media Mix-insFuntoo Linux now has new media mix-ins. Learn about them and how to use them.
The Many Builds of Funtoo LinuxWe now have lots of different builds of Funtoo Linux for various CPUs, as well as Hardened, Stable and ARM, and a new UI to browse them. Learn more here.
sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.
To install sshguard:
# emerge app-admin/sshguard
sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
sshguard will fail to start unless it has proper authorization logs to monitor.
Generate blank iptables rules, and start iptables as outlined here.
Insert these rules to allow sshguard to ban malicious users.
# iptables -N sshguard
&& to block all trafic from offenders
# iptables -A INPUT -j sshguard
To start sshguard immediately:
# rc-service sshguard start
To start sshguard upon reboot:
# rc-update add sshguard default