Sshguard is a small program that monitors services running on your machine from the log files. When it detects that someone is doing something bad to a service, sshguard blocks the IP address of the bad guy with a firewall rule.
Sshguard Log support:
Sshguard interprets log messages with several formats:
* syslog
* syslog-ng
* metalog
* multilog
* raw log
It can monitor multiple log files at once, and handles log rotation and temporary log files automatically. Its powerful grammar-based parser makes it straightforward to support several formats and services without increasing complexity.
Sshguard service support:
Sshguard protects many services out of the box:
* sshd
* Sendmail
* Exim
* dovecot
* Cucipop
* UWimap (imap, pop)
* vsftpd
* proftpd
* pure-ftpd
* FreeBSD ftpd
Sshguard firewall support:
Sshguard operates all the major firewalling systems around:
* PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
* netfilter/iptables (Linux)
* IPFIREWALL/ipfw (FreeBSD, Mac OS X)
* IPFILTER (FreeBSD, NetBSD, Solaris)
* IBM AIX's firewall
* tcpd's hosts.allow (boxes without a network-layer firewall)
Sshguard optimizes each blocking backend to squeeze all the firewall's capabilities.
Sshguard Installation:
Open the terminal and type following command to install Sshguard:
Sshguard Setup and configuration:
sshguard does not have a configuration file. All configuration that has to be done is creating a chain named “sshguard” in the INPUT chain of iptables where sshguard automatically inserts rules to drop packets coming from bad hosts:
If you were to reboot your machine right now, your iptables configuration would disappear. Rather than type this each time you reboot, however, you can save the configuration, and have it start up automatically. To save the configuration, you can use iptables-save and iptables-restore.
Sshguard Log support:
Sshguard interprets log messages with several formats:
* syslog
* syslog-ng
* metalog
* multilog
* raw log
It can monitor multiple log files at once, and handles log rotation and temporary log files automatically. Its powerful grammar-based parser makes it straightforward to support several formats and services without increasing complexity.
Sshguard service support:
Sshguard protects many services out of the box:
* sshd
* Sendmail
* Exim
* dovecot
* Cucipop
* UWimap (imap, pop)
* vsftpd
* proftpd
* pure-ftpd
* FreeBSD ftpd
Sshguard firewall support:
Sshguard operates all the major firewalling systems around:
* PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
* netfilter/iptables (Linux)
* IPFIREWALL/ipfw (FreeBSD, Mac OS X)
* IPFILTER (FreeBSD, NetBSD, Solaris)
* IBM AIX's firewall
* tcpd's hosts.allow (boxes without a network-layer firewall)
Sshguard optimizes each blocking backend to squeeze all the firewall's capabilities.
Sshguard Installation:
Open the terminal and type following command to install Sshguard:
sudo apt-get install sshguard
sshguard does not have a configuration file. All configuration that has to be done is creating a chain named “sshguard” in the INPUT chain of iptables where sshguard automatically inserts rules to drop packets coming from bad hosts:
# for regular IPv4 support:Update the INPUT chain to also pass the traffic to the SSHGuard chain at the very end of its processing:
iptables -N sshguard
# if you want IPv6 support as well:
ip6tables -N sshguard
# block abusers for SSH , IPv4 and IPv6Verify that you have NOT a default allow rule passing all ssh traffic higher in the chain. Verify that you have NOT a default deny rule blocking all ssh traffic in your firewall. In either case, you already have the skill to adjust your firewall setup.
iptables -A INPUT -p tcp --dport 22 -j sshguard
ip6tables -A INPUT -p tcp --dport 22 -j sshguard
If you were to reboot your machine right now, your iptables configuration would disappear. Rather than type this each time you reboot, however, you can save the configuration, and have it start up automatically. To save the configuration, you can use iptables-save and iptables-restore.
0 comments:
Post a Comment