SSHGuard – Block Brute Force Attack in RHEL/CentOS 6.x
SSHGuard is an intrusion prevention system written in C language. SSHGuard parses server logs, determines malicious activity, and then bans malicious users via firewall rules.
SSHGuard protects many services out of the box:
- UWimap (imap, pop)
- FreeBSD ftpd
Install and configure SSHGuard on RHEL/CentOS 6.x
# rpm -ivh http://flexbox.sourceforge.net/centos/5/i386/sshguard-1.5-2.el5.i386.rpm
Configure SSHGuard with Iptables:
The SSHGuard doesn’t have a configuration file. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules.
# iptables -N sshguard
Block all traffic from abusers:
# iptables -A INPUT -j sshguard
Block other services (SSH, FTP, POP, IMAP):
# iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard
Now, save the iptables rule.
# service iptables save
That’s pretty much it. For more informtion about SSHGuard.