How to setup sshguard
Using Iptables and centos or redhat
(another option is to use fail2ban, checkout my howto here )
1.Download sshguard source and compile it (could also try yum install sshguard)
# wget http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2
Other downloads from here
2. Uncompress
# bunzip2 -v -d  sshguard-1.5.tar.bz2
# tar -xvf sshguard-1.5.tar
3. Compile and install (requires gcc, yum install gcc)
# ./configure –with-firewall=iptables
# make all && make install
4. Configure
First we must configure iptables:
# iptables -N sshguard
# iptables -A INPUT -j sshguard
# iptables-save
Better ref.  http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/
 
5. Setup the daemon
Copy to /etc/init.d/sshguardd

! /bin/bash
# #
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
#
# init script by Felipe Ferreira July 2011
case $1 in
start)
nohup /usr/local/sbin/sshguard -l /var/log/secure -a 5  &
;;
stop)
killall sshguard
;;
*)
echo "Use start or stop"
exit 1
;;
esac

Note: the sshguard -l <log file to watch>
In centos case the sshd saves login info to /var/log/secure check your /etc/ssh/sshd_config to find out log level and where its at.
It can be different kind of logfiles, the -a <number> is how many times the sshguard will block an IP after <X> of bad attemps to login.
Add to startup init.d
# chkconfig –add sshguardd
# chkconfig –level 345 sshguardd on
6. Finally start the deamon.
# service sshguardd startup
7. Make sure it is running
# ps -ef |grep sshgua
Go int another machine and try SSH 5 times with wrong password and your IP should be in the iptables block list!
http://www.sshguard.net
(another option is to use fail2ban, checkout my howto here )

Tags: , , , , , , , ,

2 thoughts on “How to setup sshguard

  1. You have a little error on the first line. You have
    ! /bin/bash
    and it shoudl be
    #!/bin/bash
    Just make sure you have that right or bash will complain on reboot

Leave a Reply

Your email address will not be published. Required fields are marked *