lcts / sshguard

Description

SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of several firewall backends.

SSHGuard can read log messages from standard input or monitor one or more log files. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval, but can be semi-permanently banned using the blacklist option.

More information can be found on the project website.

Note: This is not an official package. I am not affiliated with the SSHGuard developers. Please only contact me for issues with this package. For issues with SSHGuard, please contact the developers directly.

Note 2: This package also builds on CentOS and RHEL, though I didn't test it beyond that. You can find pre-built packages for those systems in my testing repository or build them yourself from the 'testing'-branch on gitlab. You'll have configure SSHGuard yourself after installation, and the initscript for RHEL/CentOS 6 is entirely untested. Use at your own risk, but if you find any issues, I'd be grateful if you let me know.

Installation Instructions

IMPORTANT (2018-11-02): The firewalld version currently shipped with Fedora 29 (0.6.2) does not work with this package, because the ipset functionality SSHGuard uses is broken. It's fixed in firewalld 0.6.3, which will be in the repos shortly. In the meantime, you can install it from testing using

$ dnf upgrade firewalld --refresh --enablerepo='*-testing'

Contact me if you have any other post-29-release issues

Note (2018-09-30): In version 2.2.0-5 of this package, I've included two upstream patches for issues with the firewalld-backend. If you're upgrading from versions <= 2.2.0-4, and use the firewalld backend, you need to manually delete the firewall rules before (re-)starting sshguard for the patches to take effect:

$ firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source ipset="sshguard4" drop' $ firewall-cmd --permanent --remove-rich-rule='rule family="ipv6" source ipset="sshguard6" drop' $ firewall-cmd --permanent --delete-ipset="sshguard4" $ firewall-cmd --permanent --delete-ipset="sshguard6" $ firewall-cmd --reload"

This only applies to upgrading, not fresh installs.

This package ships with three subpackages that configure the different firewall backends SSHGuard supports. The installer should automatically select the one corresponding to your installed firewall. If not, you can install them manually:

For firewalld $ dnf install sshguard-firewalld For iptables-services $ dnf install sshguard-iptables For nftables $ dnf install sshguard-nftables

or use the example config file /usr/share/doc/sshguard/examples/sshguard.conf.example .

After installation, SSHGuard can be enabled via systemctl:

$ systemctl enable --now sshguard.service

Please refer to the setup documentation for details.

Active Releases

The following unofficial repositories are provided as-is by owner of this project. Contact the owner directly for bugs or issues (IE: not bugzilla).

Release Architectures Repo Download
Fedora 27 i386 (0)*, ppc64le (0)*, x86_64 (0)* Fedora 27 (12 downloads)
Fedora 28 i386 (0)*, ppc64le (0)*, x86_64 (0)* Fedora 28 (14 downloads)
Fedora 29 i386 (0)*, ppc64le (0)*, x86_64 (0)* Fedora 29 (14 downloads)
Fedora rawhide i386 (0)*, ppc64le (0)*, x86_64 (0)* Fedora rawhide (8 downloads)

* Total number of packages downloaded in the last seven days.