How to install SSHGuard in FreeBSD

[F'Corono' 14]

Hello, in order to protect our machine against Brute Force attacks, we will use the sshguard.

I will be quick:

cd /usr/ports /security/sshguard -pf
make install clean ; rehash

The sshguard works by reading the log files.Will also protect our server form:

sendmail, exim, dovecot, cucipop, UWimap bruteforce attacks
proftpd, vsftpd, pure-ftpd, FreeBSD ftpd bruteforce attacks

To configure sshguard, edit the file in "/etc/pf.conf" and add the following lines:

table <sshguard> persist
block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "SSH bruteforce atempt"

After, edit the file "/etc/syslog.conf" and add the following line:

auth.info;authpriv.info |exec /usr/local/sbin/sshguard

Now restart the syslog service:

/etc/rc.d/syslogd restart

To check if the IP of the attacker is added to the table sshguard viewing PF Firewall:

pfctl -Tshow -tsshguard

SSHGuard project:
http://www.sshguard.net/

[Shogun 4475]

There's something I don´t understand. We are blocking just port 22 with the pf rule, how does that protect us from ftp or sendmail bruteforce?

[Viloresi 0]

exactly the port is 22 the ftp standard one, so the ftp should be protected with this method.

But just the server files will be protected and NOT the database

[Shogun 4475]

22 is ssh port

[Karbust 4726]

If we change the ssh port this automaticly change?

If not, how its possible to change?

Thanks

[Shogun 4475]

You need to change the port in both /etc/ssh/sshd_config and /etc/pf.conf

[Karbust 4726]

OK

Thanks