SSHGuard is an intrusion prevention system that parses server logs, determines malicious activity, and uses the system firewall to block the IP addresses of malicious connections.
SSHGuard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using one of several firewall backends, including iptables, ipfw, and pf.
The software runs on a machine as a small daemon, and receives log messages (in a number of ways, e.g. from syslog). When it determines that address X did something bad to service Y, it fires a rule in the machine’s firewall (one of the many supported) for blocking X.
SSHGuard keeps X blocked for some time, then releases it automatically.
Key Features
- Easy to set up, simple one-line command to use
- Touchiness and automatic blacklisting.
- Full IPv6 support.
- Monitor multiple log files at once and handles log rotation and temporary log files automatically.
- Small system footprint.
- Sophisticated whitelisting.
- Recognizes many logging formats transparently.
- Handles host names or addresses in log files.
- Supports the following log formats: cockpit, Common Log Format, macOS log , metalog, multilog, raw log files, syslog, syslog-ng, and systemd journal
- Recognizes attacks against: OpenSSH, Sendmail, Exim, Dovecot, Cucipop, UWimap (IMAP, POP), vsftpd, Postfix, proftpd, pure-ftpd, and FreeBSD ftpd.
- Integrates with the following firewall backends: FirewallID, ipfw, IPFILTER, netfilter/iptables, netfilter/ipset, PF, tcpd’s host.allow, and IBM AIX’s firewall.
- Simple, extensible firewall interface.
Website: www.sshguard.net
Support: Documentation, SourceForge Project Site, Git repository
Developer: Mij
License: BSD License
SSHGuard is written in C. Learn C with our recommended free books and free tutorials.
Related Software
| Intrusion Prevention for SSH | |
|---|---|
| Fail2Ban | Intrusion prevention software framework written in Python |
| SSHGuard | Protects hosts from brute-force attacks against SSH and other services |
| denyhosts | Helps thwart SSH server attacks |
| iptables | Configure the Linux 2.4.x and later packet filtering ruleset |
| CSF | ConfigServer Security & Firewall |
| reaction | Daemon that scans program outputs for repeated patterns, and takes action |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Discovered a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |