Sshguard: Difference between revisions

From Alpine Linux
(iptables: Chain 'sshguard' has to be created first.)
 
(One intermediate revision by one other user not shown)
Line 9: Line 9:
Sshguard can use several backends, you can see them with <code>ls /usr/libexec/sshg-fw*</code>. The easiest backend on Alpine is nftables. After you install sshguard, you will need to create a config file or it won't start.
Sshguard can use several backends, you can see them with <code>ls /usr/libexec/sshg-fw*</code>. The easiest backend on Alpine is nftables. After you install sshguard, you will need to create a config file or it won't start.


apk add sshguard nftables
{{Cmd|apk add sshguard nftables}}
vi /etc/sshguard.conf


#!/bin/sh
{{Cat|/etc/sshguard.conf|#!/bin/sh
BACKEND='/usr/libexec/sshg-fw-nft-sets'
BACKEND{{=}}'/usr/libexec/sshg-fw-nft-sets'
FILES='/var/log/messages'
FILES{{=}}'/var/log/messages'
}}


You can view the rules with <code>nft list ruleset</code>
You can view the rules with <code>nft list ruleset</code>
Line 22: Line 22:
To use the iptables backend, you must first create a chain called "sshguard". Enable the iptables-service to save the rules at shutdown and reload them when booting
To use the iptables backend, you must first create a chain called "sshguard". Enable the iptables-service to save the rules at shutdown and reload them when booting


  iptables -A INPUT -j sshguard
{{Cmd|iptables -N sshguard
  rc-update add iptables boot
iptables -A INPUT -j sshguard
rc-update add iptables boot}}


You can view the rules with <code>iptables -L</code>
You can view the rules with <code>iptables -L</code>

Latest revision as of 18:13, 17 April 2024

sshguard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of several firewall backends, including iptables, ipfw, and pf.

sshguard can read log messages from standard input (suitable for piping from syslog) or monitor one or more log files. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval, but can be semi-permanently banned using the blacklist option.

sshguard does not support custom log parsing. Check the website too see which services they support.

Installation

Sshguard can use several backends, you can see them with ls /usr/libexec/sshg-fw*. The easiest backend on Alpine is nftables. After you install sshguard, you will need to create a config file or it won't start.

apk add sshguard nftables

Contents of /etc/sshguard.conf

#!/bin/sh BACKEND='/usr/libexec/sshg-fw-nft-sets' FILES='/var/log/messages'

You can view the rules with nft list ruleset

Iptables backend

To use the iptables backend, you must first create a chain called "sshguard". Enable the iptables-service to save the rules at shutdown and reload them when booting

iptables -N sshguard iptables -A INPUT -j sshguard rc-update add iptables boot

You can view the rules with iptables -L