diff options
author | Koen Kooi <koen@dominion.thruhere.net> | 2015-09-03 19:39:16 +0200 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2017-08-31 15:22:59 +0200 |
commit | 048ccb09d12047436a83b8576a5209073bf15af5 (patch) | |
tree | 1d3446d522da32e60b03a9b671e0c7d01023ad12 /meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl | |
parent | 378728beaa5d2f90c85fd7f2a83f31125c583274 (diff) | |
download | meta-openembedded-contrib-048ccb09d12047436a83b8576a5209073bf15af5.tar.gz |
sshguard 1.6.1+git: add recipe
SSHguard protects hosts from brute-force attacks against SSH and other
services.
This recipe uses iptables as blocker backend and journald as log backend.
When it's working it will look like this in syslog:
Sep 03 19:35:29 soekris sshguard[27044]: Started with danger threshold=40 ; minimum block=420 seconds
Sep 03 19:35:29 soekris sshguard[27044]: Blocking 24.234.171.90:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
Sep 03 19:35:29 soekris sshguard[27044]: Blocking 61.182.15.194:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
Sep 03 19:35:29 soekris sshguard[27044]: Blocking 115.58.38.53:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
And the iptable rules:
root@soekris:~# iptables -L sshguard --line-numbers
Chain sshguard (1 references)
num target prot opt source destination
1 DROP all -- hn.kd.ny.adsl anywhere
2 DROP all -- 61.182.15.194 anywhere
3 DROP all -- wsip-24-234-171-90.lv.lv.cox.net anywhere
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl')
-rw-r--r-- | meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl b/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl new file mode 100644 index 0000000000..e7c615b95c --- /dev/null +++ b/meta-networking/recipes-support/sshguard/sshguard/sshguard-journalctl @@ -0,0 +1,2 @@ +#!/bin/sh +/bin/journalctl -fb -t sshd -n100 | /usr/sbin/sshguard -l- "$@" |