Note

The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.

Package:Sshguard

From Funtoo
Jump to navigation Jump to search

Sshguard

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interpreter.

Installation

Emerge

To install sshguard:

root # emerge app-admin/sshguard

Configuration

sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.

/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.

Rules

   /etc/conf.d/sshguard - overly strict rules
SSHGUARD_OPTS="-p 3600 -s 3600 -a 20"

Logs

sshguard will fail to start unless it has proper authorization logs to monitor.

   /etc/conf.d/sshguard - syslog-ng log location
SSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"

Iptables

IP v4

Generate blank iptables rules, and start iptables as outlined here.

Insert these rules to allow sshguard to ban malicious users.

root # iptables -N sshguard

&& to block all trafic from offenders

root # iptables -A INPUT -j sshguard

Boot Service

OpenRC

To start sshguard immediately:

root # rc-service sshguard start

To start sshguard upon reboot:

root # rc-update add sshguard default

External Resources