Menu
▾
▴
sshguard-users
|
From: Micheal B. <mb...@gm...> - 2014-10-31 22:16:55
|
<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>I am using ufw (https://launchpad.net/ufw) and would like to know how to configure it to correctly work with sshguard. I saw the guide (http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/) which shows a number of iptables commands but I must admit that with ufw, the rule setup does not use these. I would like to keep the configuration within the ufw syntax if possible. Can someone point me to a guide that shows how to configure ufw with sshguard or is this not possible?</div></div></body></html> |
|
From: Laurent A. <l.a...@fr...> - 2014-10-31 22:26:05
|
I did it with fail2ban Le 31/10/2014 23:03, Micheal Blue a écrit : > I am using ufw (https://launchpad.net/ufw) and would like to know how > to configure it to correctly work with sshguard. I saw the guide > (http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/) > which shows a number of iptables commands but I must admit that with > ufw, the rule setup does not use these. I would like to keep the > configuration within the ufw syntax if possible. Can someone point me > to a guide that shows how to configure ufw with sshguard or is this > not possible? > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
|
From: <jo...@te...> - 2014-11-01 11:30:05
|
Le vendredi, 31 Oct 2014 23:29:28 +0100, Laurent Alebarde <l.a...@fr...> a écrit : > I did it with fail2ban Apart from some functional differences, the big difference between the two is that sshguard as a compiled application, meaning that it is not a script, which results in faster execution. Not only sshguard is compiled, the parsing expressions also are. Cheers. |
|
From: <jo...@te...> - 2014-11-01 11:27:36
|
Le vendredi, 31 octobre 2014 23:03:55 +0100, "Micheal Blue" <mb...@gm...> a écrit : Hello, > I am using ufw (https://launchpad.net/ufw) and would like to know how > to configure it to correctly work with sshguard. I saw the guide > (http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/) > which shows a number of iptables commands but I must admit that with > ufw, the rule setup does not use these. I would like to keep the > configuration within the ufw syntax if possible. Can someone point > me to a guide that shows how to configure ufw with sshguard or is > this not possible? I think you got it wrong at the beginning, presuming you are running a Linux machine. I do not use ufw although a quick look shows that it uses iptables. ufw is a front end, like many others, like Shorewall for instance, to the just about only one mechanism in Linux that can make firewalls, that is, iptables. It means that there is no problem at all. Since both ufw and sshguard are using iptables, there is nothing to do. Cheers. |
|
From: Micheal B. <mb...@gm...> - 2014-11-02 09:07:46
|
Sent: Saturday, November 01, 2014 at 6:27 AM From: "jo...@te..." <jo...@te...> To: ssh...@li... Cc: mb...@gm... Subject: Re: [Sshguard-users] help configuring sshguard with ufw Le vendredi, 31 octobre 2014 23:03:55 +0100, "Micheal Blue" <mb...@gm...> a écrit : Hello, > I am using ufw (https://launchpad.net/ufw) and would like to know how > to configure it to correctly work with sshguard. I saw the guide > (http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/[http://www.sshguard.net/docs/setup/firewall/netfilter-iptables/]) > which shows a number of iptables commands but I must admit that with > ufw, the rule setup does not use these. I would like to keep the > configuration within the ufw syntax if possible. Can someone point > me to a guide that shows how to configure ufw with sshguard or is > this not possible? I think you got it wrong at the beginning, presuming you are running a Linux machine. I do not use ufw although a quick look shows that it uses iptables. ufw is a front end, like many others, like Shorewall for instance, to the just about only one mechanism in Linux that can make firewalls, that is, iptables. It means that there is no problem at all. Since both ufw and sshguard are using iptables, there is nothing to do. Cheers. Yes, I am using Arch Linux. There is an sshgaurd package in the official repos. But I am confused since the docs show to manually add rules which is something I have never done before. When you said there is nothing to do, When I install sshgaurd, the package manager says: -- You should add chains to your firewall: -- iptables -N sshguard -- iptables -A INPUT -p tcp --dport 22 -j sshguard -- ip6tables -N sshguard -- ip6tables -A INPUT -p tcp --dport 22 -j sshguard -- touch /etc/iptables/ip6tables.rules if you don't use IPv6 -- For more information, see https://wiki.archlinux.org/index.php/Sshguard The package comes with a systemd service: [Unit] Description=Block hacking attempts After=iptables.service ip6tables.service network.target Wants=iptables.service ip6tables.service [Service] ExecStart=/usr/lib/systemd/scripts/sshguard-journalctl "-b /var/db/sshguard/blacklist.db" SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 [Install] WantedBy=multi-user.target |
|
From: <jo...@te...> - 2014-11-02 11:16:11
|
Le dimanche, 2 novembre 2014 10:07:37 +0100, "Micheal Blue" <mb...@gm...> a écrit : Your original query is: > Can someone point > > me to a guide that shows how to configure ufw with sshguard or is > > this not possible? So I basically replied that there's nothing to do. What I meant is, of course, that there's nothing to do *extra* to regular configuration. With your query specifically, there is no guide to search for. Because ufw uses iptables. And sshguard also works with iptables. They both use the same. So nothing extra to do. This said, of course you have to configure sshguard and do any regular normal steps. And in this case, it means to add the iptables target because sshguard will add to the blocked IPs to this. If it's not there, then no blocking can ever happen. I'm not yet familiar with systemd, so for how to automatically add these at each boot you will have to see the Arch Linux pages. |
|
From: Laurent A. <l.a...@fr...> - 2014-11-02 10:06:43
|
Anyway, here is how I did it with fail2ban:
Extract of 2 examples of /etc/fail2ban/jail.local
[ssh]
enabled = true
action = ufw-all
port = 36247
filter = sshd
logpath = /var/log/auth.log
maxretry = 2
[nginx-auth]
enabled = true
filter = nginx-auth
action = ufw-nginx-full
# sendmail[name=nginx-auth]
logpath = /var/log/nginx*/*error*.log
bantime = 3600 # 1 hour
maxretry = 3
/etc/fail2ban/action.d/ufw-all.conf :
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 1 deny from <ip>
actionunban = ufw delete deny from <ip>
/etc/fail2ban/action.d/ufw-nginx-full.conf
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = ufw insert 2 deny from <ip> to any app "Nginx Full"
actionunban = ufw delete deny from <ip> to any app "Nginx Full"
Le 01/11/2014 12:29, jo...@te... a écrit :
> Le vendredi, 31 Oct 2014 23:29:28 +0100,
> Laurent Alebarde <l.a...@fr...> a écrit :
>
>> I did it with fail2ban
> Apart from some functional differences, the big difference between the
> two is that sshguard as a compiled application, meaning that it is not
> a script, which results in faster execution. Not only sshguard is
> compiled, the parsing expressions also are.
>
> Cheers.
>
|
|
From: <jo...@te...> - 2014-11-02 11:17:58
|
Le dimanche, 02 novembre 2014 11:10:05 +0100, Laurent Alebarde <l.a...@fr...> a écrit : > Anyway, here is how I did it with fail2ban: The anyway is relative. With some devices, it is important to run binaries instead of scripts. You'd be amazed to see how many of these devices actually provide services to the population, such as electricty and transports. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X