How To Install SSHGuard on Ubuntu

Install SSHGuard on Ubuntu

In this tutorial, we will show you how to install and configuration of SSHGuard on your Ubuntu. For those of you who didn’t know, SSHGuard is a very useful monitoring tool for preventing brute force attacks. SSHGuard reads log messages from standard input and determines malicious activities. If an attack is detected, the attacking IP address is immediately blocked in the firewall. SSHGuard lightweight monitoring tool written in C language, so it’s uses less memory and CPU while running.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step-by-step installation SSHGuard on the Linux Ubuntu server.

Install SSHGuard on Ubuntu

Step 1. First, make sure that all your system packages are up-to-date by running the following apt-get commands in the terminal.

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install gcc make

Step 2. Install SSHGuard.

Download the latest stable version of SSHGuard, At the moment of writing this article it is version 1.5-5:

cd /opt
wget http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2
bunzip2 sshguard-1.5.tar.bz2
tar -xvf sshguard-1.5.tar

SSHGuard files will be unpacked in a new ‘sshguard-1.5’ directory. Go inside that directory and compile and install the source:

cd sshguard-1.5
./configure –with-firewall=iptables
make && make install

Step 3. Configure SSHGuard.

The SSHGuard does not have its own configuration file so we need to configure it with Iptables. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules:

iptables -N sshguard

Now update the INPUT chain to pass the traffic to the SSHGuard chain created in the previous step. This will tell iptables to block all traffic from the offending IP addresses:

iptables -A INPUT -j sshguard

If you want to block the offending IP addresses only for a specific service such as SSH, pop, imap, ftp, etc… You can use the multiport iptables module:

iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard

Once you configure iptables to block all services that you need, save the iptables configuration:

service iptables save

If you do not currently use iptables and just want to get SSHGuard up and running without any further impact on your system, these commands will create and save an iptables configuration that does absolutely nothing except allowing sshguard to work:

iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -N sshguard
iptables -A INPUT -j sshguard

Congratulations! You have successfully installed SSHGuard. Thanks for using this tutorial for installing SSHGuard on the Ubuntu system. For additional help or useful information, we recommend you check the official SSHGuard website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!