Skip to content

Instantly share code, notes, and snippets.

@WillSquire

WillSquire/install_sshguard_freebsd.md

Last active June 8, 2016 11:15
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save WillSquire/b0546bb8ab901f16555aba2e953767d9 to your computer and use it in GitHub Desktop.
Save WillSquire/b0546bb8ab901f16555aba2e953767d9 to your computer and use it in GitHub Desktop.
Download ZIP
Install SSHGuard on FreeBSD
Raw
install_sshguard_freebsd.md

sshguard

Sshguard helps protect against brute-force attacks on the SSH protocol, doing a simular duty as Fail2Ban does on Linux (which is also avalible on FreeBSD). To install sshguard:

cd /usr/ports/security/sshguard-ipfw/
sudo make config-recursive
sudo make install clean

Next open up /etc/rc.conf:

sudo ee /etc/rc.conf

Enabled and configure the sshguard failed connection attempts like so and save/exit (altering the following values as required):

< 1.6.4

sshguard_enable="YES"
sshguard_safety_thresh="30"
sshguard_pardon_min_interval="600"
sshguard_prescribe_interval="7200"

>= 1.6.4

sshguard_enable="YES"
sshguard_danger_thresh="30"
sshguard_release_interval="600"
sshguard_reset_interval="7200"

Begin sshguard service:

sudo service sshguard start
Raw
install_sshguard_freebsd.sh
#!/bin/sh
if ! pkg info ipfw; then
echo 'Requires port "ipfw".';
echo 'Aborting.';
exit 1;
fi
#####################################
# Variables
#####################################
SSHGUARD_PORT_DIR="/usr/ports/security/sshguard-ipfw";
RC_CNF_DIR="/etc/rc.conf";
#####################################
# Functions
#####################################
# set_line()
#
# Searches a file for an old string in each line of the file. If the
# old string is found within a line, the entire contents of the line
# gets replaced with a new string. Else (if the old string is not
# found) the new string gets added to the last line of the file.
#
# Uses sed command (BSD version, not GNU)
# @author Will Squire <will_squire@hotmail.co.uk>
#
# @example set_line "max_connections =" "max_connections = 501" /var/db/mysql/my.cnf
#
# @param $old_string
# @param $new_string
# @param $file
set_line() {
sed -i '' '/.*'"$1"'.*/{
h
s/.*/'"$2"'/
}
${
x
/^$/{
s//'"$2"'/
H
}
x
}' $3
}
#####################################
# Installation
#####################################
# Download and install
if ! pkg info sshguard-ipfw; then
make install distclean -DBATCH -C $SSHGUARD_PORT_DIR;
fi
#####################################
# Configuration
#####################################
## Set environment variables in rc.conf
set_line "sshguard_enable=" 'sshguard_enable="YES"' $RC_CNF_DIR;
set_line "sshguard_danger_thresh=" 'sshguard_danger_thresh="30"' $RC_CNF_DIR;
set_line "sshguard_release_interval=" 'sshguard_release_interval="600"' $RC_CNF_DIR;
set_line "sshguard_reset_interval=" 'sshguard_reset_interval="7200"' $RC_CNF_DIR;
# Start or restart SSHGuard if already running
if service sshguard status; then
service sshguard restart;
else
service sshguard start;
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment