AlmaLinuxRHEL Based

How To Install SSHGuard on AlmaLinux 9

Install SSHGuard on AlmaLinux 9

In today’s digital landscape, securing your Linux server against unauthorized access and brute-force attacks is paramount. SSHGuard stands as a formidable sentinel, protecting your AlmaLinux 9 system from persistent threats. This guide will walk you through the process of installing and configuring SSHGuard, empowering you to fortify your server’s defenses effectively.

AlmaLinux 9, known for its stability and security features, provides an excellent foundation for implementing robust security measures. By integrating SSHGuard into your AlmaLinux 9 environment, you’ll significantly enhance your server’s resilience against SSH-based attacks, ensuring a safer and more secure operating environment.

Prerequisites

Before diving into the installation process, ensure you have the following prerequisites in place:

  • A fully installed and updated AlmaLinux 9 system
  • Terminal access with root or sudo privileges
  • An active internet connection for package downloads

With these requirements met, you’re ready to embark on securing your AlmaLinux 9 server with SSHGuard.

Step 1: Update System Packages

Maintaining an up-to-date system is crucial for security and compatibility. Begin by refreshing your AlmaLinux 9 package lists and upgrading all installed packages to their latest versions.

sudo dnf update -y

This command updates the package manager’s cache and applies all available updates. The ‘-y’ flag automatically answers “yes” to prompts, streamlining the update process.

Step 2: Enable EPEL Repository

The Extra Packages for Enterprise Linux (EPEL) repository is a valuable resource for additional software packages not included in the default AlmaLinux repositories. SSHGuard is one such package that resides in the EPEL repository.

To enable EPEL on AlmaLinux 9, execute the following command:

sudo dnf install epel-release -y

This command installs the EPEL release package, which adds the EPEL repository to your system’s package manager configuration. Once installed, you’ll have access to a wide array of additional software packages, including SSHGuard.

Step 3: Install SSHGuard

With the EPEL repository enabled, you can now proceed to install SSHGuard using the DNF package manager. Execute the following command to initiate the installation:

sudo dnf install sshguard -y

This command will download and install SSHGuard along with any necessary dependencies. Once the installation is complete, you’ll need to start and enable the SSHGuard service to ensure it runs automatically on system boot:

sudo systemctl start sshguard
sudo systemctl enable sshguard

To verify that SSHGuard is running correctly, check its status using the following command:

sudo systemctl status sshguard

You should see an output indicating that SSHGuard is active and running.

Step 4: Configure SSHGuard

Proper configuration is key to maximizing SSHGuard’s effectiveness. The main configuration file for SSHGuard is located at /etc/sshguard/sshguard.conf. To edit this file, use a text editor such as vim:

sudo vim /etc/sshguard/sshguard.conf

Within this file, you’ll find several important parameters that control SSHGuard’s behavior. Here are some key options to consider:

  • BACKEND: Specifies the firewall backend to use. On AlmaLinux 9, you’ll typically use either “iptables” or “firewalld”.
  • THRESHOLD: Defines the attack score threshold at which SSHGuard will block an IP address. A lower value increases sensitivity but may lead to more false positives.
  • BLOCK_TIME: Sets the duration (in seconds) for which an attacker’s IP will be banned.
  • DETECTION_TIME: Specifies the time window (in seconds) within which SSHGuard looks for repeated attacks from the same IP.
  • WHITELIST_FILE: Points to a file containing IP addresses that should never be blocked, such as your own IP or trusted administrators’ addresses.

Here’s an example of how you might configure these options:

BACKEND="/usr/libexec/sshg-fw-firewalld"
THRESHOLD=30
BLOCK_TIME=120
DETECTION_TIME=1800
WHITELIST_FILE=/etc/sshguard/whitelist

After making changes to the configuration file, save and exit the editor. Then, restart the SSHGuard service to apply the new settings:

sudo systemctl restart sshguard

Step 5: Integrate SSHGuard with Firewall

SSHGuard works in tandem with your system’s firewall to block malicious IP addresses. On AlmaLinux 9, the default firewall is firewalld. To ensure SSHGuard can interact with firewalld effectively, you need to add the SSHGuard service to the firewall’s configuration:

sudo firewall-cmd --add-service=sshguard --permanent
sudo firewall-cmd --reload

These commands add SSHGuard to the list of allowed services and reload the firewall configuration to apply the changes. This integration allows SSHGuard to dynamically update firewall rules to block and unblock IP addresses as needed.

Step 6: Testing SSHGuard

To ensure SSHGuard is functioning correctly, you can simulate a brute-force attack. However, be cautious not to lock yourself out of your own server. One way to test is by attempting multiple failed SSH logins from a separate machine or network.

After simulating these failed attempts, check SSHGuard’s logs to verify it detected and responded to the attack:

sudo journalctl -u sshguard

You should see entries indicating that SSHGuard detected the failed login attempts and took action to block the source IP address.

Step 7: Best Practices for SSH Security

While SSHGuard significantly enhances your server’s security, implementing additional measures can create a more robust defense strategy:

  • Use SSH key authentication: Disable password authentication and use SSH keys instead. This method is more secure and resistant to brute-force attacks.
  • Disable root login: Prevent direct root logins via SSH by setting “PermitRootLogin no” in your SSH configuration file.
  • Change the default SSH port: While security through obscurity isn’t foolproof, changing the SSH port can reduce the number of automated attacks your server faces.
  • Implement two-factor authentication: Add an extra layer of security by requiring a second form of authentication beyond passwords or SSH keys.

Implement these practices in conjunction with SSHGuard to create a multi-layered security approach for your AlmaLinux 9 server.

Troubleshooting Common Issues

Even with careful installation and configuration, you may encounter issues with SSHGuard. Here are some common problems and their solutions:

  • SSHGuard not starting: Check for configuration errors in the sshguard.conf file. Ensure all paths and settings are correct.
  • Firewall rules not updating: Verify that SSHGuard has the necessary permissions to modify firewall rules. Check system logs for any permission-related errors.
  • False positives: If legitimate users are being blocked, review and adjust the THRESHOLD and DETECTION_TIME settings in the configuration file.
  • SSHGuard not detecting attacks: Ensure that log files are in the expected locations and that SSHGuard has permission to read them.

Congratulations! You have successfully installed SSHGuard. Thanks for using this tutorial for installing SSHGuard on the AlmaLinux system. For additional help or useful information, we recommend you check the official SSHGuard website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button