sshguard-pf 无法阻挡ssh攻击，不知何解

f5b

安装配置sshguard
cd /usr/ports/security/sshguard-pf
make install clean
vi etc/syslog.conf
添加

1. auth.info;authpriv.info     |exec /usr/local/sbin/sshguard

复制代码

服务器有两个网卡，so
vi /etc/pf.conf  内容如下

1. table <sshguard> persist
   
2. 
   
3. set skip on lo
   
4. 
   
5. scrub in
   
6. 
   
7. block in quick on egress proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
   
8. pass in
   
9. pass out

复制代码

/etc/rc.d/syslog reload


top  found

1. 
   
2. 7907 root        2  44    0  7184K  1612K nanslp  4   0:00  0.00% sshguard

复制代码

tail -f /var/log/auth.log
测试ssh攻击，看起来sshguard没有发挥作用

1. 
   
2. Dec 26 10:29:47 b sshd[1077]: Server listening on 0.0.0.0 port 22.
   
3. Dec 26 10:29:47 b sshguard[1079]: Started successfully [(a,p,s)=(4, 420, 1200)],now ready to scan.
   
4. Dec 26 10:32:18 b sshd[1202]: error: PAM: authentication error for illegal user a from 10.0.0.88
   
5. Dec 26 10:32:18 b sshd[1202]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49700 ssh2
   
6. Dec 26 10:32:18 b sshd[1202]: error: PAM: authentication error for illegal user a from 10.0.0.88
   
7. Dec 26 10:32:18 b sshd[1202]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49700 ssh2
   
8. Dec 26 10:32:23 b sshd[1206]: Invalid user a from 10.0.0.88
   
9. Dec 26 10:32:23 b sshd[1206]: error: PAM: authentication error for illegal user a from 10.0.0.88
   
10. Dec 26 10:32:23 b sshd[1206]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49701 ssh2
    
11. Dec 26 10:32:23 b sshd[1206]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
12. Dec 26 10:32:23 b sshd[1206]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49701 ssh2
    
13. Dec 26 10:32:29 b sshd[1210]: Invalid user a from 10.0.0.88
    
14. Dec 26 10:32:29 b sshd[1210]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
15. Dec 26 10:32:29 b sshd[1210]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49702 ssh2
    
16. Dec 26 10:32:29 b sshd[1210]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
17. Dec 26 10:32:29 b sshd[1210]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49702 ssh2
    
18. Dec 26 10:32:34 b sshd[1214]: Invalid user a from 10.0.0.88
    
19. Dec 26 10:32:34 b sshd[1214]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
20. Dec 26 10:32:34 b sshd[1214]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49703 ssh2
    
21. Dec 26 10:32:34 b sshd[1214]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
22. Dec 26 10:32:34 b sshd[1214]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49703 ssh2
    
23. Dec 26 10:32:39 b sshd[1218]: Invalid user a from 10.0.0.88
    
24. Dec 26 10:32:39 b sshd[1218]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
25. Dec 26 10:32:39 b sshd[1218]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49704 ssh2
    
26. Dec 26 10:32:39 b sshd[1218]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
27. Dec 26 10:32:39 b sshd[1218]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49704 ssh2
    
28. Dec 26 10:32:43 b sshd[1222]: Invalid user a from 10.0.0.88
    
29. Dec 26 10:32:44 b sshd[1222]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
30. Dec 26 10:32:44 b sshd[1222]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49705 ssh2
    
31. Dec 26 10:32:44 b sshd[1222]: error: PAM: authentication error for illegal user a from 10.0.0.88
    
32. Dec 26 10:32:44 b sshd[1222]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49705 ssh2
    
33. Dec 26 10:32:48 b sshd[1226]: Invalid user a from 10.0.0.88
    

复制代码

f5b

环境
freebsd 8.1 release
sshguard 1.4