sshguard-pf 配合 pf
# cd /usr/ports/security/sshguard-pf
# make install clean
# vim /etc/syslog.conf
把”#auth.info;authpriv.info |exec /usr/local/sbin/sshguard”這行前面的註解消掉。
# vim/etc/pf.conf
加入:
table <sshguard> persist block in quick on $ext_if from <sshguard> label "ssh bruteforce"
pf重載入規刖,syslogd也一樣:
# pfctl -f /etc/pf.conf
# /etc/rc.d/syslogd restart
看到/var/log/auth.log裡面有出現下列訊息就是成功了:
Aug 17 15:02:40 rsync_taipie sshguard[844]: Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan.
另外.
# pfctl -Tshow -tsshguard (可以看看是否 table 內已有 block)