Sshguard protects networked hosts from the today's widespread brute force attacks against ssh servers. It detects such attacks and blocks the author's address with a firewall rule.
This project is BSD licensed.
How sshguard works
Sshguard monitors ssh servers from their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall.
Messages describing dangerous activity can be easily customized with regular expressions; this makes sshguard theorically usable with any login server, and in general anything that logs something, although no experiments have been made outside ssh.
Sshguard can operate all the major firewalling systems:
- PF (OpenBSD, FreeBSD, NetBSD, DragonFly BSD)
- netfilter/iptables (Linux)
- IPFIREWALL/ipfw (FreeBSD, Mac OS X)
Here are some key features of "Sshguard":
· a very large part of these tools are simple scripts. So, they require a permanent interpreter application which usually takes a lot of system memory. Which, on servers, is very precious.
· Sshguard is written in C, and designed to be 0-impact on system resources.
· several tools require customization (hack & play).
· Sshguard is designed for extreme ease of use (plug & play).
· many tools are OS- or firewall-specific (usually Linux).
· Sshguard is designed to work on many OSes and can operate several firewall systems; see Compatibility.
· nearly all tools are constraintly written for their operating scenario.
· Sshguard can be extended for operating with custom/proprietary firewalls with very very few effort.
What's New in This Release: [ read full changelog ]
· This release includes many new features (touchiness, automatic permanent blacklisting, IPv6 whitelisting, and more), many bugfixes to the logic, and some fixes and additions to the log analyzer.