Difference between revisions of "Package:Sshguard"

(initial commit)
 
Line 12: Line 12:
  
 
<console>
 
<console>
###i##emerge app-admin/sshguard
+
###i## emerge app-admin/sshguard
 
</console>
 
</console>
  
Line 37: Line 37:
  
 
<console>
 
<console>
###i##iptables -N sshguard
+
###i## iptables -N sshguard
 
</console>
 
</console>
  
Line 43: Line 43:
  
 
<console>
 
<console>
###i##iptables -A INPUT -j sshguard
+
###i## iptables -A INPUT -j sshguard
 
</console>
 
</console>
  
Line 50: Line 50:
 
To start sshguard immediately:
 
To start sshguard immediately:
 
<console>
 
<console>
###i##rc-service sshguard start
+
###i## rc-service sshguard start
 
</console>
 
</console>
  
 
To start sshguard upon reboot:
 
To start sshguard upon reboot:
 
<console>
 
<console>
###i##rc-update add sshguard default
+
###i## rc-update add sshguard default
 
</console>
 
</console>
  

Revision as of 12:21, June 27, 2014

app-admin/sshguard


Source Repository:Gentoo Portage Tree

Summary: protects hosts from brute force attacks against ssh

Use Flags

ipfilter
Enable ipfilter firewall support (only for *bsd)

News

Drobbins

RSS/Atom Support

You can now follow this news feed at http://www.funtoo.org/news/atom.xml .
10 February 2015 by Drobbins
Drobbins

Creating a Friendly Funtoo Culture

This news item details some recent steps that have been taken to help ensure that Funtoo is a friendly and welcoming place for our users.
2 February 2015 by Drobbins
Mgorny

CPU FLAGS X86

CPU_FLAGS_X86 are being introduced to group together USE flags managing CPU instruction sets.
31 January 2015 by Mgorny
View More News...

Sshguard

Tip

This is a wiki page. To edit it, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.

Installation

Emerge

To install sshguard:

# emerge app-admin/sshguard

Configuration

sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.

/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.

Rules

/etc/conf.d/sshguard - overly strict rules
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"

Logs

sshguard will fail to start unless it has proper authorization logs to monitor.

/etc/conf.d/sshguard - syslog-ng log location
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"

Iptables

IP v4

Generate blank iptables rules, and start iptables as outlined here.

Insert these rules to allow sshguard to ban malicious users.

# iptables -N sshguard

&& to block all trafic from offenders

# iptables -A INPUT -j sshguard

Boot Service

OpenRC

To start sshguard immediately:

# rc-service sshguard start

To start sshguard upon reboot:

# rc-update add sshguard default

External Resources