How to setup sshguard
Using Iptables and centos or redhat
(another option is to use fail2ban, checkout my howto here )
1.Download sshguard source and compile it (could also try yum install sshguard)
# wget http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2
Other downloads from here
2. Uncompress
# bunzip2 -v -d sshguard-1.5.tar.bz2
# tar -xvf sshguard-1.5.tar
3. Compile and install (requires gcc, yum install gcc)
# ./configure –with-firewall=iptables
# make all && make install
4. Configure
First we must configure iptables:
# iptables -N sshguard
# iptables -A INPUT -j sshguard
# iptables-save
Better ref. http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/
5. Setup the daemon
Copy to /etc/init.d/sshguardd
! /bin/bash # # # chkconfig: 2345 55 25 # description: OpenSSH server daemon # # init script by Felipe Ferreira July 2011 case $1 in start) nohup /usr/local/sbin/sshguard -l /var/log/secure -a 5 & ;; stop) killall sshguard ;; *) echo "Use start or stop" exit 1 ;; esac
Note: the sshguard -l <log file to watch>
In centos case the sshd saves login info to /var/log/secure check your /etc/ssh/sshd_config to find out log level and where its at.
It can be different kind of logfiles, the -a <number> is how many times the sshguard will block an IP after <X> of bad attemps to login.
Add to startup init.d
# chkconfig –add sshguardd
# chkconfig –level 345 sshguardd on
6. Finally start the deamon.
# service sshguardd startup
7. Make sure it is running
# ps -ef |grep sshgua
Go int another machine and try SSH 5 times with wrong password and your IP should be in the iptables block list!
http://www.sshguard.net
(another option is to use fail2ban, checkout my howto here )
You have a little error on the first line. You have
! /bin/bash
and it shoudl be
#!/bin/bash
Just make sure you have that right or bash will complain on reboot
Don’t forget to chmod +x /etc/init.d/sshguardd to avoid getting a permission denied