Difference between pages "Package:Lilo" and "Package:Sshguard"
Line 1: | Line 1: | ||
{{Ebuild | {{Ebuild | ||
|Summary= | |Summary=protects hosts from brute force attacks against ssh | ||
|CatPkg= | |CatPkg=app-admin/sshguard | ||
|Maintainer= | |Maintainer= | ||
}} | }} | ||
__TOC__ | __TOC__ | ||
''' | '''sshguard''' is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator. | ||
= | == Installation == | ||
=== Emerge === | |||
To install sshguard: | |||
<console> | |||
###i## emerge app-admin/sshguard | |||
</console> | |||
== | === Configuration === | ||
sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution. | |||
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service. | |||
==== Rules ==== | |||
{{file|name=/etc/conf.d/sshguard|desc=overly strict rules|body= | |||
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"}} | |||
== | |||
{{file|name=/etc/ | |||
== | ==== Logs ==== | ||
sshguard will fail to start unless it has proper authorization logs to monitor. | |||
{{file|name=/etc/conf.d/sshguard|desc=syslog-ng log location|body= | |||
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"}} | |||
== Iptables == | |||
=== IP v4 === | |||
Generate blank iptables rules, and start iptables as outlined [[Iptables#First_Run|here]]. | |||
Insert these rules to allow sshguard to ban malicious users. | |||
<console> | |||
###i## iptables -N sshguard | |||
</console> | |||
&& to block all trafic from offenders | |||
<console> | |||
###i## iptables -A INPUT -j sshguard | |||
</console> | |||
== Boot Service == | |||
=== OpenRC === | |||
To start sshguard immediately: | |||
<console> | |||
###i## rc-service sshguard start | |||
</console> | |||
<console>##i## | To start sshguard upon reboot: | ||
<console> | |||
###i## rc-update add sshguard default | |||
</console> | |||
== External Resources == | |||
*http://www.sshguard.net/ | |||
*http://www.ohloh.net/p/sshguard | |||
[[Category:Security]] | |||
[[Category:Server]] | |||
{{EbuildFooter}} | {{EbuildFooter}} |
Revision as of 12:21, June 27, 2014
Sshguard
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.
Installation
Emerge
To install sshguard:
root # emerge app-admin/sshguard
Configuration
sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
Rules
/etc/conf.d/sshguard
- overly strict rulesSSHGUARD_OPTS="-p 3600 -s 3600 -a 20"
Logs
sshguard will fail to start unless it has proper authorization logs to monitor.
/etc/conf.d/sshguard
- syslog-ng log locationSSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"
Iptables
IP v4
Generate blank iptables rules, and start iptables as outlined here.
Insert these rules to allow sshguard to ban malicious users.
root # iptables -N sshguard
&& to block all trafic from offenders
root # iptables -A INPUT -j sshguard
Boot Service
OpenRC
To start sshguard immediately:
root # rc-service sshguard start
To start sshguard upon reboot:
root # rc-update add sshguard default
External Resources