FreeBSD 8.1-RELEASE
It seems that sshguard not work in tcp wrapper mode with hosts.allow.
Code:
cd /usr/ports/security/sshguard
make install clean
Code:
pkg_info | grep sshg
sshguard-1.4 Protect hosts from brute force attacks against ssh and othe
Code:
vi /etc/syslog.conf
something ...
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
*.err;kern.warning;auth.notice;mail.crit /dev/console
*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
security.* /var/log/security
auth.info;authpriv.info /var/log/auth.log
/etc/rc.d/syslogd reload
Code:
less /etc/hosts.allow
something like this:
###sshguard###
###sshguard###
#
# hosts.allow access control file for "tcp wrapped" applications.
# $FreeBSD: src/etc/hosts.allow,v 1.23.10.1.4.1 2010/06/14 02:09:06 kensmith Exp $
#
# NOTE: The hosts.deny file is deprecated.
# Place both 'allow' and 'deny' rules in the hosts.allow file.
# See hosts_options(5) for the format of this file.
# hosts_access(5) no longer fully applies.
# _____ _ _
# | ____| __ __ __ _ _ __ ___ _ __ | | ___ | |
# | _| \ \/ / / _` | | '_ ` _ \ | '_ \ | | / _ \ | |
# | |___ > < | (_| | | | | | | | | |_) | | | | __/ |_|
# |_____| /_/\_\ \__,_| |_| |_| |_| | .__/ |_| \___| (_)
# |_|
# !!! This is an example! You will need to modify it for your specific
# !!! requirements!
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
ALL : ALL : allow
Code:
tail /var/log/auth.log
something like this
Dec 25 17:28:19 b sshguard[15013]: Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan.
Dec 25 17:28:20 b sshd[15002]: Invalid user bill from 123.111.128.211
Dec 25 17:28:22 b sshd[15015]: Invalid user maggie from 123.111.128.211
Dec 25 17:28:24 b sshd[15017]: Invalid user info from 123.111.128.211
Dec 25 17:28:26 b sshd[15019]: Invalid user ftp from 123.111.128.211
Dec 25 17:28:27 b sshd[15021]: Invalid user httpd from 123.111.128.211
Dec 25 17:28:29 b sshd[15023]: Invalid user dany from 123.111.128.211
Dec 25 17:28:31 b sshd[15025]: Invalid user susan from 123.111.128.211
Dec 25 17:28:33 b sshd[15027]: Invalid user oracle from 123.111.128.211
Dec 25 17:28:35 b sshd[15029]: Invalid user tomcat from 123.111.128.211
Dec 25 17:28:37 b sshd[15032]: Invalid user backup from 123.111.128.211
Dec 25 17:28:39 b sshd[15034]: Invalid user id from 123.111.128.211
Dec 25 17:28:40 b sshd[15036]: Invalid user sgi from 123.111.128.211
Dec 25 17:28:42 b sshd[15038]: Invalid user postgres from 123.111.128.211
Dec 25 17:28:44 b sshd[15040]: Invalid user flowers from 123.111.128.211
Dec 25 17:28:46 b sshd[15042]: Invalid user linux from 123.111.128.211
Dec 25 17:28:48 b sshd[15044]: Invalid user internet from 123.111.128.211
Dec 25 17:28:50 b sshd[15046]: Invalid user server from 123.111.128.211
Dec 25 17:28:52 b sshd[15048]: Invalid user nokia from 123.111.128.211
Dec 25 17:28:53 b sshd[15050]: Invalid user bash from 123.111.128.211
Dec 25 17:28:55 b sshd[15052]: Invalid user work from 123.111.128.211
Dec 25 17:28:59 b sshd[15056]: Invalid user gateway from 123.111.128.211
Dec 25 17:29:01 b sshd[15058]: Invalid user michael from 123.111.128.211
Dec 25 17:29:03 b sshd[15060]: Invalid user michael from 123.111.128.211
Dec 25 17:29:05 b sshd[15062]: Invalid user rk from 123.111.128.211
Dec 25 17:29:06 b sshd[15064]: Invalid user internet from 123.111.128.211
Dec 25 17:29:08 b sshd[15066]: Invalid user kathi from 123.111.128.211
Dec 25 17:29:10 b sshd[15068]: Invalid user squid from 123.111.128.211
Dec 25 17:29:12 b sshd[15070]: Invalid user darwin from 123.111.128.211
Dec 25 17:29:14 b sshd[15072]: Invalid user info from 123.111.128.211
Dec 25 17:29:16 b sshd[15074]: Invalid user job from 123.111.128.211
Dec 25 17:29:18 b sshd[15076]: Invalid user pamela from 123.111.128.211
Dec 25 17:29:19 b sshd[15078]: Invalid user jack from 123.111.128.211
Dec 25 17:29:21 b sshd[15080]: Invalid user webmaster from 123.111.128.211
Dec 25 17:29:25 b sshd[15084]: Invalid user shaun from 123.111.128.211
Dec 25 17:29:27 b sshd[15086]: Invalid user sven from 123.111.128.211
Dec 25 17:29:29 b sshd[15088]: Invalid user steve from 123.111.128.211
Dec 25 17:29:31 b sshd[15090]: Invalid user steven from 123.111.128.211
Dec 25 17:29:32 b sshd[15092]: Invalid user temp from 123.111.128.211
Dec 25 17:29:34 b sshd[15094]: Invalid user tim from 123.111.128.211
It seems that sshguard not work in tcp wrapper mode with hosts.allow.