sshguard & systemd

Issues related to applications and software problems
Post Reply
DrMikeDuke
Posts: 4
Joined: 2014/09/08 08:45:29

sshguard & systemd

Post by DrMikeDuke » 2014/09/08 09:00:12

Good afternoon all,

I am trying to get sshguard working with Centos 7, whilst it seems that it's now running, it never blocks any intrusion attempts.
I have compiled sshguard from source and I'm using it in conjunction with iptables, I think it may not be parsing what I expect.

Since I'm *very* new at systemd/7 (long time RHEL user though) I could well be wrong about how I've written (ported) the systemd stuff.
Corrections, suggestions or diagnostic tool suggestions welcome, I've googled this one to death, only arch seems to have doco on sshguard+systemd which I've followed as well as I can. See below for a output:

systemctl status sshguard output:

Code: Select all

systemctl status sshguard
sshguard.service - Block hacking attempts
   Loaded: loaded (/usr/lib/systemd/system/sshguard.service; enabled)
   Active: active (running) since Mon 2014-09-08 16:40:42 WST; 14min ago
 Main PID: 10361 (sshguard-journa)
   CGroup: /system.slice/sshguard.service
           ââ10361 /bin/sh /usr/lib/systemd/system/sshguard-journalctl -b /var/db/sshguard/blacklist.db SYSLOG_FACILITY=4 SYSLOG_FACILITY=10
           ââ10362 /bin/journalctl -afb -p info -n1 -o cat SYSLOG_FACILITY=4 SYSLOG_FACILITY=10
           ââ10363 /usr/local/sbin/sshguard -l- -b /var/db/sshguard/blacklist.db
SSHGUARD Version

Code: Select all

# sshguard -v
sshguard 1.5.0

Copyright (c) 2007,2008 Mij <mij@sshguard.net>
This is free software; see the source for conditions on copying.
Uname

Code: Select all

# uname -a
Linux shodan 3.14.17-grsec #4 SMP Fri Sep 5 11:22:06 WST 2014 x86_64 x86_64 x86_64 GNU/Linux
iptables

Code: Select all

 59  3056 sshguard   tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
sshguard-journalctl

Code: Select all

]# cat /usr/lib/systemd/system/sshguard-journalctl
#!/bin/sh
SSHGUARD_OPTS=$1
shift
LANG=C /bin/journalctl -afb -p info -n1 -o cat "$@" | /usr/local/sbin/sshguard -l- $SSHGUARD_OPTS
sshguard.service

Code: Select all

# cat /usr/lib/systemd/system/sshguard.service
[Unit]
Description=Block hacking attempts
After=iptables.service ip6tables.service network.target
Wants=iptables.service ip6tables.service

[Service]
ExecStart=/usr/lib/systemd/system/sshguard-journalctl "-b /var/db/sshguard/blacklist.db" SYSLOG_FACILITY=4 SYSLOG_FACILITY=10

[Install]
WantedBy=multi-user.target
Thanks kindly,

Mike.


EDIT: FWIW, I've probably written the systemd unit file/s wrong or named/placed them incorrectly: still don't have a full grasp of this stuff.
Last edited by DrMikeDuke on 2014/09/09 02:50:24, edited 1 time in total.

User avatar
TrevorH
Forum Moderator
Posts: 29438
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: sshguard & systemd

Post by TrevorH » 2014/09/08 09:03:36

I see you mention iptables. Did you disable firewalld or does sshguard know about firewalld and use it?
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

DrMikeDuke
Posts: 4
Joined: 2014/09/08 08:45:29

Re: sshguard & systemd

Post by DrMikeDuke » 2014/09/08 10:37:23

Hi,

Thanks for the quick moderation. Firewalld is disabled (so far as I can tell)

Code: Select all

systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: inactive (dead)
sshguard was built (from source) with iptables support during ./configure.


Cheers.



EDIT: Worth mentioning, I see dmesg reporting iptables blocking/accepting traffic from my other rules OK.

hsafe
Posts: 1
Joined: 2015/09/23 06:41:53

Re: sshguard & systemd

Post by hsafe » 2015/09/23 07:03:31

Hello
Allow me to say that this is the first post of me. I used to read this wiki much of the time for almost anything and find the answers to my questions, particularly the replies from Trevor.
Now am surprised on the same scenario: hhsguard+Centos7 and I am stock as the same. Oddly the sshguard site had poor documentation and online search did not yield any solution. Have had experience setting it up in Arch and worked like a gem particularly that it is so small and nibble. Can somebody try to find out what went wrong for the set up ?
Many many thanks

User avatar
TrevorH
Forum Moderator
Posts: 29438
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: sshguard & systemd

Post by TrevorH » 2015/09/23 07:35:53

If it is manipulating iptables rules directly and firewalld is running then firewalld probably immediately removes any newly added rules. To work properly sshguard would need to talk to firewalld and not insert iptables rules itself. You could try removing firewalld and using iptables.service instead and see if that makes it work.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: UK

Re: sshguard & systemd

Post by giulix63 » 2015/09/23 08:24:03

I just noticed sshguard has recently started to be actively maintained again after a gap of four years. It's one of the projects I looked at when I was looking for a similar solution. I wanted a compiled (vs. interpreted) solution that would work with systemd, possibly natively, and use ipset. I used failban for a while, but found it overkill for my needs, so I wrote something very lightweight and simple that, along with shorewall, is currently doing the job for me. I called it sshwsd: SSH Watch SystemD version. It's still in a very beta stage.
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

User avatar
AlanBartlett
Forum Moderator
Posts: 9324
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: sshguard & systemd

Post by AlanBartlett » 2015/09/23 14:00:07

DrMikeDuke wrote: Uname

Code: Select all

# uname -a
Linux shodan 3.14.17-grsec #4 SMP Fri Sep 5 11:22:06 WST 2014 x86_64 x86_64 x86_64 GNU/Linux
That is not a CentOS 7 kernel. So that we have the full picture, please post the output returned by the following --

rpm -qa kernel\* | sort
rpm -qa \*release\* | sort
Image 100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Post Reply

Return to “CentOS 7 - Software Support”