In this tutorial, we will show you how to install and configuration of SSHGuard on your Ubuntu. For those of you who didn’t know, SSHGuard is a very useful monitoring tool for preventing brute force attacks. SSHGuard reads log messages from standard input and determines malicious activities. If an attack is detected, the attacking IP address is immediately blocked in the firewall. SSHGuard lightweight monitoring tool written in C language, so it’s uses less memory and CPU while running.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step-by-step installation SSHGuard on the Linux Ubuntu server.
Prerequisites
- A server running one of the following operating systems: Ubuntu 20.04, 18.04, 16.04, and any other Debian-based distribution like Linux Mint.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- A
non-root sudo useror access to theroot user. We recommend acting as anon-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.
Install SSHGuard on Ubuntu
Step 1. First, make sure that all your system packages are up-to-date by running the following apt-get commands in the terminal.
sudo apt-get update sudo apt-get upgrade sudo apt-get install gcc make
Step 2. Install SSHGuard.
Download the latest stable version of SSHGuard, At the moment of writing this article it is version 1.5-5:
cd /opt wget http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2 bunzip2 sshguard-1.5.tar.bz2 tar -xvf sshguard-1.5.tar
SSHGuard files will be unpacked in a new ‘sshguard-1.5’ directory. Go inside that directory and compile and install the source:
cd sshguard-1.5 ./configure –with-firewall=iptables make && make install
Step 3. Configure SSHGuard.
The SSHGuard does not have its own configuration file so we need to configure it with Iptables. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules:
iptables -N sshguard
Now update the INPUT chain to pass the traffic to the SSHGuard chain created in the previous step. This will tell iptables to block all traffic from the offending IP addresses:
iptables -A INPUT -j sshguard
If you want to block the offending IP addresses only for a specific service such as SSH, pop, imap, ftp, etc… You can use the multiport iptables module:
iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard
Once you configure iptables to block all services that you need, save the iptables configuration:
service iptables save
If you do not currently use iptables and just want to get SSHGuard up and running without any further impact on your system, these commands will create and save an iptables configuration that does absolutely nothing except allowing sshguard to work:
iptables -F iptables -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -N sshguard iptables -A INPUT -j sshguard
Congratulations! You have successfully installed SSHGuard. Thanks for using this tutorial for installing SSHGuard on the Ubuntu system. For additional help or useful information, we recommend you check the official SSHGuard website.
