|
SSHguard protects hosts from brute-force attacks against SSH and other
services.
This recipe uses iptables as blocker backend and journald as log backend.
When it's working it will look like this in syslog:
Sep 03 19:35:29 soekris sshguard[27044]: Started with danger threshold=40 ; minimum block=420 seconds
Sep 03 19:35:29 soekris sshguard[27044]: Blocking 24.234.171.90:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
Sep 03 19:35:29 soekris sshguard[27044]: Blocking 61.182.15.194:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
Sep 03 19:35:29 soekris sshguard[27044]: Blocking 115.58.38.53:4 for >630secs: 40 danger in 4 attacks over 0 seconds (all: 40d in 1 abuses over 0s).
And the iptable rules:
root@soekris:~# iptables -L sshguard --line-numbers
Chain sshguard (1 references)
num target prot opt source destination
1 DROP all -- hn.kd.ny.adsl anywhere
2 DROP all -- 61.182.15.194 anywhere
3 DROP all -- wsip-24-234-171-90.lv.lv.cox.net anywhere
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|