SSHGuard is an intrusion prevention system written in C language. SSHGuard parses server logs, determines malicious activity, and then bans malicious users via firewall rules.
SSHGuard protects many services out of the box:

  • sshd
  • Sendmail
  • Exim
  • dovecot
  • Cucipop
  • UWimap (imap, pop)
  • vsftpd
  • proftpd
  • pure-ftpd
  • FreeBSD ftpd

Install and configure SSHGuard on RHEL/CentOS 6.x

Install sshguard.

# rpm -ivh

Configure SSHGuard with Iptables:

The SSHGuard doesn’t have a configuration file. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules.

# iptables -N sshguard

Block all traffic from abusers:

# iptables -A INPUT -j sshguard

Block other services (SSH, FTP, POP, IMAP):

# iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard

Now, save the iptables rule.

# service iptables save

That’s pretty much it. For more informtion about SSHGuard.