官網: http://sshguard.sourceforge.net/
Sshguard protects networked hosts from the today’s widespread brute force attacks against ssh servers. It detects such attacks and blocks the author’s address with a firewall rule.
Fedora Core 6
[1.] wget http://nchc.dl.sourceforge.net/sourceforge/sshguard/sshguard-0.91.tar.bz2
[2.] tar xvf sshguard-0.91.tar.bz2
[3.] 因為 sshguard必需配合 Firewall,所以編擇選擇了 iptables
./configure –with-firewall=iptables && make && make install
[4.] 接著增加 iptables chain及把 ssh連線交給 sshguard處理
iptables -N sshguard
iptables -A INPUT -p tcp –dport 22 -j sshguard
[5.] 三種情況下的個個監控方法
1。syslog
vi /etc/syslog.conf
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
reload syslog
killall -HUP syslogd
2。syslog-ng
vi /etc/syslog-ng/syslog-ng.conf
filter sshlogs { facility(authpriv) and match(ssh); };
destination sshguardproc { program(“/usr/local/sbin/sshguard”); };
log { source(src); filter(sshlogs); destination(sshguardproc); };
3。 tail -n0
tail -n0 -F /var/log/secure | /usr/local/sbin/sshguard
(這個動作之後就需要在最後加個 ‘&’ 以背景執行了)
為何要用 -F
[6.] 為了有效了阻擋,只能取消 ssh的 DNS 反解了
vi /etc/ssh/sshd_config
UseDNS no
測試 config
/usr/sbin/sshd -t
reload
killall -HUP sshd
http://blog.richliu.com/2007/04/28/476/
http://cha.homeip.net/blog/archives/2007/03/_sshguard_opens.html
http://ylchang.blogspot.com/2007/04/sshguard-helps-to-prevent-ssh-brute.html
留言