Setting up SSHGuard on Debian
Publisert lørdag 25 juli 2009 klokka 01:17
SSHGuard is my favorite program for protecting my servers against brute force attacks. SSHGuard isn't limited to SSH, but that is what I use it for. I'm running SSHGuard on FreeBSD with the pf firewall and on GNU/Debian with the iptables firewall.
NB! This post is severely outdated - the support for SSHGuard on Debian is excellent now.
The SSHGuard package on Debian is rather minimal - it just installs the executables and some documentation. The rules for iptables aren't setup and the log monitoring isn't enabled. This is how I setup SSHGuard on Debian Testing (squeeze):
- Install the latest sshguard Debian package (which of this writing is 1.3.1). This provides just the executable (/usr/sbin/sshguard).
- Pass the auth log messages to sshguard:
- Make a named pipe (fifo):
mkfifo /var/log/sshguard.fifo
- Add the following lines to /etc/syslog.conf:
# sshguard auth.info;authpriv.info |/var/log/sshguard.fifo
- Then reload syslog:
/etc/init.d/sysklogd reload
- The final piece:
cat /var/log/sshguard.fifo | /usr/sbin/sshguard &
This won't survive reboot ... Add it to /etc/rc.local, or create a script in /etc/inir.d/ and run update-rc.d with appropriate arguments - read more in the Debian GNU/Linux FAQ.
- Make a named pipe (fifo):
- Setup iptables to accept the commands from SSHGuard.
This is well explained in the SSHGuard documentation, but if you want to
setup iptables to block the abusers from any access run:
iptables -N sshguard iptables -A INPUT -j sshguard
If you want this to survive reboot, look at the iptables page on the Debian Wiki.
Ingen kommentarer