SSHGuard – Block Brute Force Attack in RHEL/CentOS 6.x

SSHGuard is an intrusion prevention system written in C language. SSHGuard parses server logs, determines malicious activity, and then bans malicious users via firewall rules.
SSHGuard protects many services out of the box:

Install and configure SSHGuard on RHEL/CentOS 6.x

Install sshguard.

# rpm -ivh http://flexbox.sourceforge.net/centos/5/i386/sshguard-1.5-2.el5.i386.rpm

Configure SSHGuard with Iptables:

The SSHGuard doesn’t have a configuration file. All you have to do is create a new chain for SSHGuard in iptables to insert blocking rules.
# iptables -N sshguard

Block all traffic from abusers:

# iptables -A INPUT -j sshguard

Block other services (SSH, FTP, POP, IMAP):

# iptables -A INPUT -m multiport -p tcp --destination-ports 21,22,110,143 -j sshguard

Now, save the iptables rule.

# service iptables save

That’s pretty much it. For more informtion about SSHGuard.

Exit mobile version