SSHGuard – Block Brute Force Attack in RHEL/CentOS 6.x

SSHGuard is an intrusion prevention system written in C language. SSHGuard parses server logs, determines malicious activity, and then bans malicious users via firewall rules.
SSHGuard protects many services out of the box:

  • sshd
  • Sendmail
  • Exim
  • dovecot
  • Cucipop
  • UWimap (imap, pop)
  • vsftpd
  • proftpd
  • pure-ftpd
  • FreeBSD ftpd

Install and configure SSHGuard on RHEL/CentOS 6.x

Install sshguard.

# rpm -ivh http://flexbox.sourceforge.net/centos/5/i386/sshguard-1.5-2.el5.i386.rpm

Configure SSHGuard with Iptables:
[ads]
The SSHGuard doesn’t have a configuration file. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules.

# iptables -N sshguard

Block all traffic from abusers:

# iptables -A INPUT -j sshguard

Block other services (SSH, FTP, POP, IMAP):

# iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard

Now, save the iptables rule.

# service iptables save

That’s pretty much it. For more informtion about SSHGuard.

1 thought on “SSHGuard – Block Brute Force Attack in RHEL/CentOS 6.x”

  1. I would like to congratulate you for this work and say that I really enjoy your tutorials.

    I have only one question, does this work for centos 7?

    Reply

Leave a Comment