Skip to content
/ SSH-Guardian Public

Similar to Fail2Ban but much effective in case your SSH password was compromised

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cbusuioceanu/SSH-Guardian

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
sshguardian.sh
sshguardian.sh
 
 
update.sh
update.sh
 
 

Repository files navigation

SSH Guardian Build Status

Similar to Fail2Ban but much effective in case your SSH password was compromised

1. git clone https://github.com/cbusuioceanu/SSH-Guardian.git

2. Mandatory: add your local IP address and public IP address to allowed_hosts. Failure to do this, you will get blocked from accessing the server!

3. This script will ask you details for the Mailing Notification System. Make sure you have an account so you can use it to send Notification messages to your day to day mail.

4. Before adding the CRON job, first, run the script: bash sshguardian.sh -> enter asked details about Notification email

5. Create CRON job: sudo crontab -e then add * * * * * /usr/bin/bash /root/sshguardian.sh

6. After one minute, your script should start and run in background every 0.6 seconds. Check out logs in /var/log/sshguardion.sh

7. Done!

Developed, used and tested on CentOS.

LOG examples

Thu Jun 14 22:18:22 EEST 2018 IP=192.168.5.101 from PORT=62930 using SSHD_PROCESS=1442 -> current allowed IP running under that Pid
Thu Jun 14 22:18:22 EEST 2018 IP=192.168.5.101 from PORT=63287 using SSHD_PROCESS=48271
Thu Jun 14 22:18:22 EEST 2018 IP=192.168.5.101 from PORT=62930 using SSHD_PROCESS=1442
Thu Jun 14 22:18:22 EEST 2018 IP=192.168.5.101 from PORT=63287 using SSHD_PROCESS=48271
Thu Jun 14 22:18:23 EEST 2018 IP=192.168.5.101 from PORT=62930 using SSHD_PROCESS=1442
Thu Jun 14 22:18:23 EEST 2018 IP=192.168.5.101 from PORT=63287 using SSHD_PROCESS=48271
Thu Jun 14 22:18:24 EEST 2018 IP=192.168.5.101 from PORT=62930 using SSHD_PROCESS=1442
Thu Jun 14 22:18:24 EEST 2018 IP=192.168.5.101 from PORT=63287 using SSHD_PROCESS=48271
Thu Jun 14 22:18:24 EEST 2018 IP=192.168.5.101 from PORT=62930 using SSHD_PROCESS=1442
Thu Jun 14 22:18:24 EEST 2018 INTRUDER_ALERT IP=192.168.5.206 from PORT=54985 using SSHD_PROCESS=707 | INTRUDER_IP=192.168.5.206 will be blocked! -> Intruder IP
Thu Jun 14 22:18:24 EEST 2018 IP=192.168.5.101 from PORT=63287 using SSHD_PROCESS=48271
Thu Jun 14 22:18:25 EEST 2018 IP=192.168.5.101 from PORT=62930 using SSHD_PROCESS=1442
Thu Jun 14 22:18:25 EEST 2018 INTRUDER_ALERT IP=192.168.5.206 from PORT=54985 using SSHD_PROCESS=708 | INTRUDER_IP=192.168.5.206 will be blocked! -> Intruder IP
Thu Jun 14 22:18:25 EEST 2018 IP=192.168.5.101 from PORT=63287 using SSHD_PROCESS=48271

About

Similar to Fail2Ban but much effective in case your SSH password was compromised

Topics

ssh security ssh-server security-tools ssh-guardian ssh-password

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages