« Den norske delen av O… | Hjem | From Clipperz to Pass… »

Setting up SSHGuard on Debian

Publisert lørdag 25 juli 2009 klokka 01:17

SSHGuard is my favorite program for protecting my servers against brute force attacks. SSHGuard isn't limited to SSH, but that is what I use it for. I'm running SSHGuard on FreeBSD with the pf firewall and on GNU/Debian with the iptables firewall.

NB! This post is severely outdated - the support for SSHGuard on Debian is excellent now.

The SSHGuard package on Debian is rather minimal - it just installs the executables and some documentation. The rules for iptables aren't setup and the log monitoring isn't enabled. This is how I setup SSHGuard on Debian Testing (squeeze):

  1. Install the latest sshguard Debian package (which of this writing is 1.3.1). This provides just the executable (/usr/sbin/sshguard).
  2. Pass the auth log messages to sshguard:
    • Make a named pipe (fifo):
      mkfifo /var/log/sshguard.fifo
    • Add the following lines to /etc/syslog.conf:
          # sshguard
          auth.info;authpriv.info         |/var/log/sshguard.fifo
    • Then reload syslog:
      /etc/init.d/sysklogd reload
    • The final piece:
      cat /var/log/sshguard.fifo | /usr/sbin/sshguard &
      This won't survive reboot ... Add it to /etc/rc.local, or create a script in /etc/inir.d/ and run update-rc.d with appropriate arguments - read more in the Debian GNU/Linux FAQ.
  3. Setup iptables to accept the commands from SSHGuard. This is well explained in the SSHGuard documentation, but if you want to setup iptables to block the abusers from any access run:
    iptables -N sshguard
    iptables -A INPUT -j sshguard
    If you want this to survive reboot, look at the iptables page on the Debian Wiki.

Ingen kommentarer

Skriv en kommentar

Husk personlig info?
Skjul e-post
Merk: Alle HTML-tagger utenom <b> og <i> fjernes fra kommentarer. Du kan lage lenker ved å skrive URLen eller e-postadressen rett inn i teksten.