Monday, April 2, 2007

SSHGUARD helps to prevent SSH brute force attack

SSHGUARD is lightweight tools written on C to watch auth.log and react while sshd been brute force attack. the FreeBSD-ports collects "sshguard" under /usr /ports /security /sshguard.

Just issue "make config && make install clean" to install sshguard into system, and then make some modification to /etc /syslog.conf and /etc /pf.conf

/etc /syslog.conf:
auth.info;authpriv.info |exec /usr/local/sbin/sshguard

/etc /pf.conf
table <sshguard> persist
block in quick on $ext_if from <sshguard> to any label "sshguard"

Then, reload pf and syslogd by using,
/etc/rc.d/pf reload
/etc/rc.d/syslogd reload

1 comment:

VinTW said...

SSHGUARD是最近才進去port tree的?剛剛更新完port tree才看到。

很不錯的方法,我的機器正好為了天天都有人來暴力試密碼而頭痛,感謝XD