I have installed security/sshguard-pf and configured it as doccu documentation says for the simple config:
It is working nicely. Now, want modify the config for monitoring logfiles not only for my host, but for my jails too.
The idea is:
- monitor logfiles on host
- block traffic on host with PF (so don't need install sshguard into jails)
The question is - is here somedoccu documentation how to do this?
- probably need start sshguard from /etc/rc.conf (as daemon and not from syslog.conf), so probably will need remove the syslog.conf line
- and need add more log files to monitor to sshguard command-line, like -l /jails/jailname/var/log/autg.log
What is the correct way to do this?
Ps: here is already an thread about this (http://forums.freebsd.org/showthread.php?t=14703&highlight=sshguard) but it is solving how run sshguard inside a jail (with tcp-wrappers). I want block attempts at host-level with PF and not at jail-level (tcp-wrapper).
Code:
#in the /etc/syslog.conf
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
# in the /etc/pf.conf
table <sshguard> persist
block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "ssh bruteforce"It is working nicely. Now, want modify the config for monitoring logfiles not only for my host, but for my jails too.
The idea is:
- monitor logfiles on host
- block traffic on host with PF (so don't need install sshguard into jails)
The question is - is here some
- probably need start sshguard from /etc/rc.conf (as daemon and not from syslog.conf), so probably will need remove the syslog.conf line
- and need add more log files to monitor to sshguard command-line, like -l /jails/jailname/var/log/autg.log
What is the correct way to do this?
Ps: here is already an thread about this (http://forums.freebsd.org/showthread.php?t=14703&highlight=sshguard) but it is solving how run sshguard inside a jail (with tcp-wrappers). I want block attempts at host-level with PF and not at jail-level (tcp-wrapper).
