Difference between revisions of "Package:Sshguard"
Threesixes (talk | contribs) m (remove categories & modernized.) |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 4: | Line 4: | ||
|Maintainer= | |Maintainer= | ||
}} | }} | ||
'''sshguard''' is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interpreter. | |||
'''sshguard''' is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an | |||
== Installation == | == Installation == | ||
| Line 11: | Line 10: | ||
To install sshguard: | To install sshguard: | ||
{{console|body= | |||
###i## emerge app-admin/sshguard | ###i## emerge app-admin/sshguard | ||
}} | |||
=== Configuration === | === Configuration === | ||
| Line 32: | Line 31: | ||
== Iptables == | == Iptables == | ||
=== IP v4 === | === IP v4 === | ||
Generate blank iptables rules, and start iptables as outlined [[Iptables#First_Run|here]]. | Generate blank iptables rules, and start iptables as outlined [[Package:Iptables#First_Run|here]]. | ||
Insert these rules to allow sshguard to ban malicious users. | Insert these rules to allow sshguard to ban malicious users. | ||
{{console|body= | |||
###i## iptables -N sshguard | ###i## iptables -N sshguard | ||
}} | |||
&& to block all trafic from offenders | && to block all trafic from offenders | ||
{{console|body= | |||
###i## iptables -A INPUT -j sshguard | ###i## iptables -A INPUT -j sshguard | ||
}} | |||
== Boot Service == | == Boot Service == | ||
=== OpenRC === | === OpenRC === | ||
To start sshguard immediately: | To start sshguard immediately: | ||
{{console|body= | |||
###i## rc-service sshguard start | ###i## rc-service sshguard start | ||
}} | |||
To start sshguard upon reboot: | To start sshguard upon reboot: | ||
{{console|body= | |||
###i## rc-update add sshguard default | ###i## rc-update add sshguard default}} | ||
== External Resources == | == External Resources == | ||
| Line 62: | Line 60: | ||
*http://www.ohloh.net/p/sshguard | *http://www.ohloh.net/p/sshguard | ||
{{EbuildFooter}} | {{EbuildFooter}} | ||
Latest revision as of 21:41, June 5, 2015
Sshguard
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interpreter.
Installation
Emerge
To install sshguard:
root # emerge app-admin/sshguard
Configuration
sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
Rules
/etc/conf.d/sshguard - overly strict rulesSSHGUARD_OPTS="-p 3600 -s 3600 -a 20"
Logs
sshguard will fail to start unless it has proper authorization logs to monitor.
/etc/conf.d/sshguard - syslog-ng log locationSSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"
Iptables
IP v4
Generate blank iptables rules, and start iptables as outlined here.
Insert these rules to allow sshguard to ban malicious users.
root # iptables -N sshguard
&& to block all trafic from offenders
root # iptables -A INPUT -j sshguard
Boot Service
OpenRC
To start sshguard immediately:
root # rc-service sshguard start
To start sshguard upon reboot:
root # rc-update add sshguard default
External Resources