Sshguard: Difference between revisions
(Created page with "[https://www.sshguard.net/ sshguard] protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of...") |
(iptables: Chain 'sshguard' has to be created first.) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 9: | Line 9: | ||
Sshguard can use several backends, you can see them with <code>ls /usr/libexec/sshg-fw*</code>. The easiest backend on Alpine is nftables. After you install sshguard, you will need to create a config file or it won't start. | Sshguard can use several backends, you can see them with <code>ls /usr/libexec/sshg-fw*</code>. The easiest backend on Alpine is nftables. After you install sshguard, you will need to create a config file or it won't start. | ||
{{Cmd|apk add sshguard nftables}} | |||
{{Cat|/etc/sshguard.conf|#!/bin/sh | |||
BACKEND{{=}}'/usr/libexec/sshg-fw-nft-sets' | |||
FILES{{=}}'/var/log/messages' | |||
}} | |||
You can view the rules with <code>nft list ruleset</code> | You can view the rules with <code>nft list ruleset</code> | ||
| Line 22: | Line 22: | ||
To use the iptables backend, you must first create a chain called "sshguard". Enable the iptables-service to save the rules at shutdown and reload them when booting | To use the iptables backend, you must first create a chain called "sshguard". Enable the iptables-service to save the rules at shutdown and reload them when booting | ||
{{Cmd|iptables -N sshguard | |||
iptables -A INPUT -j sshguard | |||
rc-update add iptables boot}} | |||
You can view the rules with <code>iptables -L</code> | You can view the rules with <code>iptables -L</code> | ||
[[category:Security]] | |||
Latest revision as of 18:13, 17 April 2024
sshguard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of several firewall backends, including iptables, ipfw, and pf.
sshguard can read log messages from standard input (suitable for piping from syslog) or monitor one or more log files. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval, but can be semi-permanently banned using the blacklist option.
sshguard does not support custom log parsing. Check the website too see which services they support.
Installation
Sshguard can use several backends, you can see them with ls /usr/libexec/sshg-fw*. The easiest backend on Alpine is nftables. After you install sshguard, you will need to create a config file or it won't start.
apk add sshguard nftables
Contents of /etc/sshguard.conf
You can view the rules with nft list ruleset
Iptables backend
To use the iptables backend, you must first create a chain called "sshguard". Enable the iptables-service to save the rules at shutdown and reload them when booting
iptables -N sshguard iptables -A INPUT -j sshguard rc-update add iptables boot
You can view the rules with iptables -L