Difference between revisions of "Package:Sshguard"

(initial commit)
 
Line 12: Line 12:
  
 
<console>
 
<console>
###i##emerge app-admin/sshguard
+
###i## emerge app-admin/sshguard
 
</console>
 
</console>
  
Line 37: Line 37:
  
 
<console>
 
<console>
###i##iptables -N sshguard
+
###i## iptables -N sshguard
 
</console>
 
</console>
  
Line 43: Line 43:
  
 
<console>
 
<console>
###i##iptables -A INPUT -j sshguard
+
###i## iptables -A INPUT -j sshguard
 
</console>
 
</console>
  
Line 50: Line 50:
 
To start sshguard immediately:
 
To start sshguard immediately:
 
<console>
 
<console>
###i##rc-service sshguard start
+
###i## rc-service sshguard start
 
</console>
 
</console>
  
 
To start sshguard upon reboot:
 
To start sshguard upon reboot:
 
<console>
 
<console>
###i##rc-update add sshguard default
+
###i## rc-update add sshguard default
 
</console>
 
</console>
  

Revision as of 12:21, June 27, 2014

app-admin/sshguard


Source Repository:Gentoo Portage Tree

Summary: protects hosts from brute force attacks against ssh

Use Flags

ipfilter
Enable ipfilter firewall support (only for *bsd)

News

Drobbins

How We're Keeping You At the Center of the Funtoo Universe

Read about recent developments that keep you, our users, at the forefront of our focus as Funtoo moves forward.
10 April 2015 by Drobbins
Mgorny

New OpenGL management in Funtoo

Funtoo is switching to an improved system for managing multiple OpenGL providers (Mesa/Xorg, AMD and NVIDIA). The update may involve blockers and file collisions.
30 March 2015 by Mgorny
Drobbins

Subarch Profiles are coming...

Subarch profiles are on their way! Learn more here.
29 March 2015 by Drobbins
View More News...

Sshguard

Tip

This is a wiki page. To edit it, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.

Installation

Emerge

To install sshguard:

# emerge app-admin/sshguard

Configuration

sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.

/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.

Rules

/etc/conf.d/sshguard - overly strict rules
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"

Logs

sshguard will fail to start unless it has proper authorization logs to monitor.

/etc/conf.d/sshguard - syslog-ng log location
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"

Iptables

IP v4

Generate blank iptables rules, and start iptables as outlined here.

Insert these rules to allow sshguard to ban malicious users.

# iptables -N sshguard

&& to block all trafic from offenders

# iptables -A INPUT -j sshguard

Boot Service

OpenRC

To start sshguard immediately:

# rc-service sshguard start

To start sshguard upon reboot:

# rc-update add sshguard default

External Resources