Difference between pages "Category:Organizations" and "Sshguard"

From Funtoo
(Difference between pages)
Jump to: navigation, search
(Created page with "Below is a list of all organizations stored in this wiki.")
 
(relicensing sshguard to funtoo)
 
Line 1: Line 1:
Below is a list of all organizations stored in this wiki.
+
'''sshguard''' is an intrusion prevention system.  sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules.  sshguard is written in C so it does not tax an interprator.
 +
 
 +
== Installation ==
 +
=== Emerge ===
 +
To install sshguard:
 +
 
 +
<console>
 +
###b## emerge app-admin/sshguard
 +
</console>
 +
 
 +
=== Configuration ===
 +
sshguard does not have a configuration file.  sshguard is controlled by flags passed to it upon execution.
 +
 
 +
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
 +
 
 +
==== Rules ====
 +
overly strict rules /etc/conf.d/sshguard
 +
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"
 +
 
 +
==== Logs ====
 +
sshguard will fail to start unless it has proper authorization logs to monitor.
 +
 
 +
/etc/conf.d/sshguard syslog-ng log location:
 +
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"
 +
 
 +
== Iptables ==
 +
=== IP v4 ===
 +
Generate blank iptables rules, and start iptables as outlined [[Iptables#First_Run|here]].
 +
 
 +
Insert these rules to allow sshguard to ban malicious users.
 +
 
 +
<console>
 +
###b## iptables -N sshguard
 +
</console>
 +
 
 +
&& to block all trafic from offenders
 +
 
 +
<console>
 +
###b##iptables -A INPUT -j sshguard
 +
</console>
 +
 
 +
== Boot Service ==
 +
=== OpenRC ===
 +
To start sshguard immediately:
 +
<console>
 +
###b##rc-service sshguard start
 +
</console>
 +
 
 +
To start sshguard upon reboot:
 +
<console>
 +
###b##rc-update add sshguard default
 +
</console>
 +
 
 +
== External Resources ==
 +
http://www.sshguard.net/
 +
http://www.ohloh.net/p/sshguard
 +
 
 +
[[Category:Security]]
 +
[[Category:Server]]

Latest revision as of 04:05, 26 March 2014

sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.

Installation

Emerge

To install sshguard:

# emerge app-admin/sshguard

Configuration

sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.

/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.

Rules

overly strict rules /etc/conf.d/sshguard SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"

Logs

sshguard will fail to start unless it has proper authorization logs to monitor.

/etc/conf.d/sshguard syslog-ng log location: SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"

Iptables

IP v4

Generate blank iptables rules, and start iptables as outlined here.

Insert these rules to allow sshguard to ban malicious users.

# iptables -N sshguard

&& to block all trafic from offenders

#iptables -A INPUT -j sshguard

Boot Service

OpenRC

To start sshguard immediately:

#rc-service sshguard start

To start sshguard upon reboot:

#rc-update add sshguard default

External Resources

http://www.sshguard.net/ http://www.ohloh.net/p/sshguard

Pages in category "Organizations"

The following 2 pages are in this category, out of 2 total.