In this tutorial, we will show you how to install and configuration of SSHGuard on your Ubuntu server. For those of you who didn’t know, SSHGuard is a very useful monitoring tool for preventing brute force attacks. SSHGuard reads log messages from standard input and determines malicious activities. If an attack is detected, the attacking IP address is immediately blocked in the firewall. SSHGuard lightweight monitoring tool written in C language, so it’s uses less memory and CPU while running.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you through the step by step installation SSHGuard on the Linux Ubuntu server.
Install SSHGuard on Ubuntu
Step 1. First, make sure that all your system packages are up-to-date by running these following apt-get commands in the terminal.
sudo apt-get update sudo apt-get upgrade sudo apt-get install gcc make
Step 2. Install SSHGuard.
Download the latest stable version of SSHGuard, At the moment of writing this article it is version 1.5-5:
cd /opt wget http://downloads.sourceforge.net/project/sshguard/sshguard/sshguard-1.5/sshguard-1.5.tar.bz2 bunzip2 sshguard-1.5.tar.bz2 tar -xvf sshguard-1.5.tar
SSHGuard files will be unpacked in a new ‘sshguard-1.5’ directory. Go inside that directory and compile and install the source:
cd sshguard-1.5 ./configure –with-firewall=iptables make && make install
Step 3. Configure SSHGuard.
The SHGuard does not have its own configuration file so we need to configure it with Iptables. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules:
iptables -N sshguard
Now update the INPUT chain to pass the traffic to the sshguard chain created in the previous step. This will tell iptables to block all traffic from the offending IP addresses:
iptables -A INPUT -j sshguard
If you want to block the offending IP addresses only for a specific service such as SSH, pop, imap, ftp, etc… You can use the multiport iptables module:
iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard
Once you configure iptables to block all services that you need, save the iptables configuration:
service iptables save
If you do not currently use iptables and just want to get sshguard up and running without any further impact on your system, these commands will create and save an iptables configuration that does absolutely nothing except allowing sshguard to work:
iptables -F iptables -X iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -N sshguard iptables -A INPUT -j sshguard
Congratulations! You have successfully installed SSHGuard. Thanks for using this tutorial for installing SSHGuard on the Ubuntu system. For additional help or useful information, we recommend you to check the official SSHGuard website.