Premium F'Corono' 14 Posted April 26, 2014 Premium Share Posted April 26, 2014 Hello, in order to protect our machine against Brute Force attacks, we will use the sshguard. I will be quick: cd /usr/ports /security/sshguard -pf make install clean ; rehash The sshguard works by reading the log files.Will also protect our server form: sendmail, exim, dovecot, cucipop, UWimap bruteforce attacks proftpd, vsftpd, pure-ftpd, FreeBSD ftpd bruteforce attacks To configure sshguard, edit the file in "/etc/pf.conf" and add the following lines: table <sshguard> persist block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "SSH bruteforce atempt" After, edit the file "/etc/syslog.conf" and add the following line: auth.info;authpriv.info |exec /usr/local/sbin/sshguard Now restart the syslog service: /etc/rc.d/syslogd restart To check if the IP of the attacker is added to the table sshguard viewing PF Firewall: pfctl -Tshow -tsshguard SSHGuard project:http://www.sshguard.net/ 7 Link to comment Share on other sites More sharing options...
Premium Shogun 4614 Posted May 25, 2014 Premium Share Posted May 25, 2014 There's something I don´t understand. We are blocking just port 22 with the pf rule, how does that protect us from ftp or sendmail bruteforce? Link to comment Share on other sites More sharing options...
Viloresi 0 Posted July 2, 2014 Share Posted July 2, 2014 exactly the port is 22 the ftp standard one, so the ftp should be protected with this method. But just the server files will be protected and NOT the database Link to comment Share on other sites More sharing options...
Premium Shogun 4614 Posted August 27, 2014 Premium Share Posted August 27, 2014 22 is ssh port Link to comment Share on other sites More sharing options...
Management Karbust 4926 Posted September 6, 2014 Management Share Posted September 6, 2014 If we change the ssh port this automaticly change? If not, how its possible to change? Thanks Link to comment Share on other sites More sharing options...
Premium Shogun 4614 Posted September 8, 2014 Premium Share Posted September 8, 2014 You need to change the port in both /etc/ssh/sshd_config and /etc/pf.conf 1 Link to comment Share on other sites More sharing options...
Management Karbust 4926 Posted September 10, 2014 Management Share Posted September 10, 2014 OK Thanks Link to comment Share on other sites More sharing options...
Recommended Posts