The Funtoo Linux project has transitioned to "Hobby Mode" and this wiki is now read-only.
Package:Sshguard
Sshguard
We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.
sshguard is an intrusion prevention system. sshguard parses server logs, determines malicious activity, and then bans malicious users via firewall rules. sshguard is written in C so it does not tax an interprator.
Installation
Emerge
To install sshguard:
root #emerge app-admin/sshguard
Configuration
sshguard does not have a configuration file. sshguard is controlled by flags passed to it upon execution.
/etc/conf.d/sshguard is where flags & log path can be passed to the sshguard service.
Rules
/etc/conf.d/sshguard
- overly strict rulesSSHGUARD_OPTS="-p 3600 -s 3600 -a 20"
Logs
sshguard will fail to start unless it has proper authorization logs to monitor.
/etc/conf.d/sshguard
- syslog-ng log locationSSHGUARD_OPTS="${SSHGUARD_OPTS} -l /var/log/messages"
Iptables
IP v4
Generate blank iptables rules, and start iptables as outlined here.
Insert these rules to allow sshguard to ban malicious users.
root #iptables -N sshguard
&& to block all trafic from offenders
root #iptables -A INPUT -j sshguard
Boot Service
OpenRC
To start sshguard immediately:
root #rc-service sshguard start
To start sshguard upon reboot:
root #rc-update add sshguard default
External Resources