Home arrow Journal arrow Protect Server Against Brute Force SSH Attacks and Other Attacks
Protect Server Against Brute Force SSH Attacks and Other Attacks PDF
Saturday, 21 January 2012
In order to protect our machine against brute force SSH attacks we will use sshguard-pf app from FreeBSD ports:

  cd /usr/ports/security/sshguard-pf
  make install clean ; rehash


The app sshguard-pf works by reading log files. Please note that this app will also protect our server against:
- sendmail, exim, dovecot, cucipop, UWimap bruteforce attacks
- proftpd, vsftpd, pure-ftpd, FreeBSD's ftpd bruteforce attacks


To configure sshguard for SSH bruteforce protection, edit your /etc/pf.conf file and add the following lines:

  table <sshguard> persist
  block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "SSH bruteforce atempt"


Note: Make sure these rules are added to proper sections from pf.conf.

Then edit /etc/syslog.conf file and add/uncomment the following line:

  auth.info;authpriv.info     |exec /usr/local/sbin/sshguard

Now restart your syslog service:

  /etc/rc.d/syslogd restart

To check if the attacker IP is added to sshguard table of your PF firewall run:

  pfctl -Tshow -tsshguard

Last Updated ( Saturday, 21 January 2012 )
 
< Prev   Next >

Other BSD Systems

OpenBSD

Misc

Solaris

Polls

Best BSD firewall?