FedoraRHEL Based

How To Install SSHGuard on Fedora 41

r00t

Install SSHGuard on Fedora 41

Securing your SSH access is crucial when running a server, especially on a powerful and user-friendly distribution like Fedora 41. One effective way to protect your server from brute-force attacks is by installing SSHGuard, an open-source intrusion prevention system. In this comprehensive guide, we’ll walk you through the process of installing and configuring SSHGuard on your Fedora 41 system, ensuring your server remains safe and secure.

Understanding SSHGuard

Before diving into the installation process, let’s take a moment to understand what SSHGuard is and how it works. SSHGuard is a lightweight utility that monitors log files for suspicious activity, such as repeated failed login attempts, and automatically blocks the offending IP addresses using the system’s firewall. By doing so, SSHGuard effectively prevents brute-force attacks and enhances the security of your SSH server.

SSHGuard offers several benefits, including:

  • Real-time protection against brute-force attacks
  • Minimal resource consumption
  • Easy integration with various firewalls (e.g., Firewalld, IPtables)
  • Customizable configuration options

SSHGuard is fully compatible with Fedora 41, making it an ideal choice for securing your server.

Prerequisites

Before proceeding with the installation, ensure that your Fedora 41 system is up to date and you have sudo or root access. To update your system, open a terminal and run the following command:

sudo dnf update

Installing SSHGuard on Fedora 41

There are two methods to install SSHGuard on Fedora 41: using the DNF package manager or compiling from source. We’ll cover both methods in this guide.

Method 1: Installing SSHGuard using DNF

The easiest way to install SSHGuard on Fedora 41 is by using the DNF package manager. Follow these steps:

  1. Open a terminal.
  2. Update the system repositories: 
    sudo dnf update
  3. Install SSHGuard: 
    sudo dnf install sshguard

Method 2: Installing SSHGuard from source

If you prefer to compile SSHGuard from source, follow these steps:

  1. Install the required dependencies: 
    sudo dnf install gcc make libsystemd-devel
  2. Download the SSHGuard source code: 
    wget https://sourceforge.net/projects/sshguard/files/latest/download -O sshguard.tar.gz
  3. Extract the source code: 
    tar xzf sshguard.tar.gz
  4. Change to the extracted directory: 
    cd sshguard-*
  5. Configure, compile, and install SSHGuard: 
    ./configure && make && sudo make install

After installation, you can verify that SSHGuard is installed correctly by running:

sshguard -v

Configuring SSHGuard

Now that SSHGuard is installed, it’s time to configure it to work with your Fedora 41 system. The main configuration file for SSHGuard is located at /etc/sshguard.conf.

Editing the SSHGuard configuration file

Open the SSHGuard configuration file in your preferred text editor, for example:

sudo nano /etc/sshguard.conf

In this file, you can customize various settings, such as:

  • Backend: Specify the firewall backend to use (e.g., firewalld, iptables).
  • Threshold: Adjust the number of failed attempts before an IP address is blocked.
  • Block time: Set the duration for which an IP address remains blocked.
  • Whitelist: Add trusted IP addresses or subnets that should never be blocked.

Make sure to save the changes when you’re done editing the configuration file.

Configuring the firewall for SSHGuard

SSHGuard integrates with the system’s firewall to block offending IP addresses. Fedora 41 uses Firewalld by default, but you can also use IPtables if preferred.

For Firewalld, create a new service file for SSHGuard:

sudo nano /etc/firewalld/services/sshguard.xml

Add the following content to the file:

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSHGuard</short>
  <description>SSHGuard brute-force protection</description>
  <port protocol="tcp" port="22"/>
</service>

Save the file and reload the Firewalld configuration:

sudo firewall-cmd --reload

For IPtables, create a new chain for SSHGuard:

sudo iptables -N SSHGUARD

Add a rule to the INPUT chain to jump to the SSHGuard chain:

sudo iptables -A INPUT -j SSHGUARD

Save the IPtables rules:

sudo service iptables save

Starting and enabling SSHGuard service

To start SSHGuard and enable it to run on system boot, use the following commands:

sudo systemctl start sshguard
sudo systemctl enable sshguard

Testing SSHGuard configuration

To test if SSHGuard is working correctly, you can intentionally trigger a few failed SSH login attempts from a different machine and check if the IP address gets blocked. You can also monitor the SSHGuard logs to see its activity:

sudo journalctl -u sshguard

Monitoring and Managing SSHGuard

Once SSHGuard is up and running, it’s essential to know how to monitor and manage it effectively.

Checking SSHGuard status

To check the status of the SSHGuard service, use the following command:

sudo systemctl status sshguard

Viewing SSHGuard logs

SSHGuard logs its activity using the system journal. To view the logs, use the journalctl command:

sudo journalctl -u sshguard

Unblocking IP addresses

If an IP address is mistakenly blocked by SSHGuard, you can manually unblock it using the firewall command. For Firewalld:

sudo firewall-cmd --remove-source=<IP_ADDRESS>

For IPtables:

sudo iptables -D SSHGUARD -s <IP_ADDRESS> -j DROP

Updating SSHGuard

To update SSHGuard to the latest version, use the package manager:

sudo dnf update sshguard

Troubleshooting common issues

If you encounter any issues with SSHGuard, consider the following troubleshooting tips:

  • Check the SSHGuard logs for error messages or unusual activity.
  • Verify that the SSHGuard configuration file is properly set up.
  • Ensure that the firewall rules are correctly configured for SSHGuard.
  • Restart the SSHGuard service after making any configuration changes.

Best Practices and Additional Security Measures

While SSHGuard provides an excellent layer of protection against brute-force attacks, it’s crucial to implement additional security measures to harden your SSH server:

  • Use strong SSH passwords or, better yet, SSH keys for authentication.
  • Disable root login to prevent direct access to the root account.
  • Change the default SSH port to reduce the risk of automated attacks.
  • Implement two-factor authentication for an extra layer of security.
  • Regularly update your Fedora 41 system and installed packages to patch any known vulnerabilities.

Congratulations! You have successfully installed SSHGuard. Thanks for using this tutorial for installing SSHGuard on the Fedora 41 system. For additional help or useful information, we recommend you check the official SSHGuard website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button