Menu
▾
▴
Re: [Sshguard-users] Push to multiple hosts/firewalls?
|
From: Mij <mi...@ss...> - 2012-04-22 12:51:39
|
Hello Nick, > We're looking to setup sshguard on our central syslog server and have > sshgaurd dynamically change the firewall rules on multiple hosts > (running iptables), thus reducing the ability for an attacker to walk > our IP ranges. > > Has anyone attempted a configuration like this before, or does anyone > have thoughts on how we should proceed? This is one scenario SSHGuard has been designed to address. You run SSHGuard on the central server (syslog collector); SSHGuard will trigger a "block" or "release" action. You need to write the script to issue the concrete command to block/release the address on the remote server. You can do this by writing a simple command list in command_remotes.h with definitions of COMMAND_BLOCK , COMMAND_RELEASE etc. See one example in http://sshguard.svn.sourceforge.net/viewvc/sshguard/trunk/src/fwalls/command_iptables.h?view=markup The next version of SSHGuard will support doing this with a simple script that receives the relevant parameters (action, address, target service) from the command line or the environment. michele |
