Package:Sshguard

From Funtoo
Revision as of 12:21, June 27, 2014 by Oleg (talk | contribs)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Sshguard

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.


sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.

Installation

Emerge

To install sshguard:

root # emerge app-admin/sshguard

Configuration

sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.

/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.

Rules

   /etc/conf.d/sshguard - overly strict rules
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"

Logs

sshguard will fail to start unless it has proper authorization logs to monitor.

   /etc/conf.d/sshguard - syslog-ng log location
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"

Iptables

IP v4

Generate blank iptables rules, and start iptables as outlined here.

Insert these rules to allow sshguard to ban malicious users.

root # iptables -N sshguard

&& to block all trafic from offenders

root # iptables -A INPUT -j sshguard

Boot Service

OpenRC

To start sshguard immediately:

root # rc-service sshguard start

To start sshguard upon reboot:

root # rc-update add sshguard default

External Resources