Install & configure SSHGuard via Fabric

We should install and configure SSHGuard in order to cut down on the number of attempts attackers can make to login to our servers.

I would recommend giving a 10 minute ban to any IP that has more than 8 authentication failures in 10 minutes.

SSHGuard docs: Sshguard | Documentation

Looks like SSHGuard has some sensible defaults already according to it’s man page.

  • It uses a “dangerousness” value to track who should be banned, with different attacks being worth more or less points.
  • It bans at 30 dangerousness points.
  • It bans for ~2 minutes, with each successive ban being 1.5x longer than the last.
  • It forgets about you completely in ~30 minutes

I think this should be perfectly sufficient for Freeside’s uses.

Edit: Ouch! Looks like there isn’t a package for Fedora yet (ugh! Every other distro has one…). While I don’t mind compiling from source personally, it’s something I’d really rather avoid in this instance.

We should investigate alternatives for Fedora first (such as fail2ban, but that’s heavier on resources) before resorting to compiling from source.

There are a few copr repos for SSHGuard

Nvm none of them are trust worthy, I suggest just compiling it locally (can be done with the fabric) and then distributing it along with the config files.

Once the fabric2 branch in my fork of the Freeside-Fabfiles repo is merged sshguard can be deployed to all the servers

1 Like

This topic was automatically closed after 24 hours. New replies are no longer allowed.