I am trying to get sshguard working with Centos 7, whilst it seems that it's now running, it never blocks any intrusion attempts.
I have compiled sshguard from source and I'm using it in conjunction with iptables, I think it may not be parsing what I expect.
Since I'm *very* new at systemd/7 (long time RHEL user though) I could well be wrong about how I've written (ported) the systemd stuff.
Corrections, suggestions or diagnostic tool suggestions welcome, I've googled this one to death, only arch seems to have doco on sshguard+systemd which I've followed as well as I can. See below for a output:
systemctl status sshguard output:
Code: Select all
systemctl status sshguard
sshguard.service - Block hacking attempts
Loaded: loaded (/usr/lib/systemd/system/sshguard.service; enabled)
Active: active (running) since Mon 2014-09-08 16:40:42 WST; 14min ago
Main PID: 10361 (sshguard-journa)
CGroup: /system.slice/sshguard.service
ââ10361 /bin/sh /usr/lib/systemd/system/sshguard-journalctl -b /var/db/sshguard/blacklist.db SYSLOG_FACILITY=4 SYSLOG_FACILITY=10
ââ10362 /bin/journalctl -afb -p info -n1 -o cat SYSLOG_FACILITY=4 SYSLOG_FACILITY=10
ââ10363 /usr/local/sbin/sshguard -l- -b /var/db/sshguard/blacklist.db
Code: Select all
# sshguard -v
sshguard 1.5.0
Copyright (c) 2007,2008 Mij <mij@sshguard.net>
This is free software; see the source for conditions on copying.
Code: Select all
# uname -a
Linux shodan 3.14.17-grsec #4 SMP Fri Sep 5 11:22:06 WST 2014 x86_64 x86_64 x86_64 GNU/Linux
Code: Select all
59 3056 sshguard tcp -- any any anywhere anywhere tcp dpt:ssh
Code: Select all
]# cat /usr/lib/systemd/system/sshguard-journalctl
#!/bin/sh
SSHGUARD_OPTS=$1
shift
LANG=C /bin/journalctl -afb -p info -n1 -o cat "$@" | /usr/local/sbin/sshguard -l- $SSHGUARD_OPTS
Code: Select all
# cat /usr/lib/systemd/system/sshguard.service
[Unit]
Description=Block hacking attempts
After=iptables.service ip6tables.service network.target
Wants=iptables.service ip6tables.service
[Service]
ExecStart=/usr/lib/systemd/system/sshguard-journalctl "-b /var/db/sshguard/blacklist.db" SYSLOG_FACILITY=4 SYSLOG_FACILITY=10
[Install]
WantedBy=multi-user.target
Mike.
EDIT: FWIW, I've probably written the systemd unit file/s wrong or named/placed them incorrectly: still don't have a full grasp of this stuff.