Saturday, November 24, 2012

Installing SSHblock

This morning, i tried to set up SSHblock which can be used to block users who are abusing the SSH protocol and tried to brute force and gained access to the server.

It's really simple to configure SSHblock since the installation script has done it for you and all you have to do is read the instructions and or warning that came out and fix that and re-run the script again. Even though the script couldn't find the path used in Slackware, but it seems that it will finally place the rc scripts to /etc/rc.d/, which is the correct place in Slackware. That's awesome.

Since it's a PERL scripts, it requires other CPAN modules. SSHblock originally only requires SWATCH to be installed, but SWATCH itself requires 3 modules to be installed:
  • Date::Calc
  • Date::Manip
  • File::Tail
Don't forget to install iptables as well since it will be used to block the IP addresses who tried to enter our server.

You can start the SSHblock service by adding execute permission on /etc/rc.d/rc.sshblock and then start it using /etc/rc.d/rc.sshblock start

If you wish to see the list of IP blocked, you can use /etc/rc.d/rc/sshblock list and if you wish to clear all the blocked IPs, use /etc/rc.d/rc.sshblock clear