Difference between pages "Sshguard" and "Iptables"

From Funtoo
(Difference between pages)
Jump to: navigation, search
(relicensing sshguard to funtoo)
 
(Created page with "{{stub}} '''iptables''' is a program used to configure and manage the kernels netfilter modules. == Installation == === Emerge === <console> ##r#####b##emerge iptables </conso...")
 
Line 1: Line 1:
'''sshguard''' is an intrusion prevention system.  sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.
+
{{stub}}
 
+
'''iptables''' is a program used to configure and manage the kernels netfilter modules.
 
== Installation ==
 
== Installation ==
 
=== Emerge ===
 
=== Emerge ===
To install sshguard:
 
 
 
<console>
 
<console>
###b## emerge app-admin/sshguard
+
##r#####b##emerge iptables
 
</console>
 
</console>
  
=== Configuration ===
+
=== First Run ===
sshguard does not have a configuration filesshguard is controlled by flags passed to it upon execution.
+
For some services such as [[sshguard]] & [[fail2ban]] you need a generic running firewallWe will save a blank firewall rule set and start the firewall.
 
+
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
+
 
+
==== Rules ====
+
overly strict rules /etc/conf.d/sshguard
+
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"
+
 
+
==== Logs ====
+
sshguard will fail to start unless it has proper authorization logs to monitor.
+
 
+
/etc/conf.d/sshguard syslog-ng log location:
+
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"
+
 
+
== Iptables ==
+
=== IP v4 ===
+
Generate blank iptables rules, and start iptables as outlined [[Iptables#First_Run|here]].
+
 
+
Insert these rules to allow sshguard to ban malicious users.
+
  
 +
==== ip v4 ====
 
<console>
 
<console>
###b## iptables -N sshguard
+
##r#####b##rc-service iptables save
 +
##r#####b##rc-service iptables start
 
</console>
 
</console>
 
+
to start upon reboot
&& to block all trafic from offenders
+
 
+
 
<console>
 
<console>
###b##iptables -A INPUT -j sshguard
+
##r#####b##rc-update add iptables default
 
</console>
 
</console>
  
== Boot Service ==
+
==== ip v6 ====
=== OpenRC ===
+
To start sshguard immediately:
+
 
<console>
 
<console>
###b##rc-service sshguard start
+
##r#####b##rc-service ip6tables save
 +
##r#####b##rc-service ip6tables start
 +
</console>
 +
to start upon reboot
 +
<console>
 +
##r#####b##rc-update add ip6tables default
 
</console>
 
</console>
  
To start sshguard upon reboot:
+
== Show firewall Rules & Status ==
 +
===ip v4===
 
<console>
 
<console>
###b##rc-update add sshguard default
+
##r#####b##iptables -L -n
 +
</console>
 +
===ip v6===
 +
<console>
 +
##r#####b##ip6tables -L -n
 
</console>
 
</console>
 
== External Resources ==
 
http://www.sshguard.net/
 
http://www.ohloh.net/p/sshguard
 
  
 
[[Category:Security]]
 
[[Category:Security]]
 
[[Category:Server]]
 
[[Category:Server]]
 +
[[Category:Stub]]

Latest revision as of 04:20, 26 March 2014

Template:Stub iptables is a program used to configure and manage the kernels netfilter modules.

Installation

Emerge

#emerge iptables

First Run

For some services such as sshguard & fail2ban you need a generic running firewall. We will save a blank firewall rule set and start the firewall.

ip v4

#rc-service iptables save
#rc-service iptables start

to start upon reboot

#rc-update add iptables default

ip v6

#rc-service ip6tables save
#rc-service ip6tables start

to start upon reboot

#rc-update add ip6tables default

Show firewall Rules & Status

ip v4

#iptables -L -n

ip v6

#ip6tables -L -n