Sshguard/zh-cn

sshguard is an intrusion prevention system that parses server logs, determines malicious activity, and uses the system firewall to block the IP addresses of malicious connections. sshguard is written in C so it does not tax an interpretor.

工作原理
sshguard is a simple daemon that continuously tracks one or more log files. It parses the log events that daemons send out in case of failed login attempts and then blocks any further attempts from those connections by updating the system's firewall.

不像名字暗示的那样， sshguard 不仅可以解析 SSH 日志. 它也支持多种邮件系统和一些 FTP 系统. 它支持的服务的详细列表可以在 sshguard.net 网站找到.

Emerge
安装 ：

Also make sure that is installed and used as the system firewall. At the time of writing, sshguard does not yet support.

More information about using and configuring IPtables can also be found on the IPtables article.

准备防火墙
sshguard 会使用 sshguard 链阻止恶意用户（通过阻止他们的 IP 地址）.

准备 iptable 链，并确保当检测到新的进入的连接会被触发：

监控日志文件
sshguard 背后的基本思路是，不通过 sshguard 的内置的配置文件，而是由管理员将需要监控的日志文件作为参数传给程序.

在 Gentoo 上，参数可以通过 文件进行配置：

确保日志文件对于运行 sshguard 的用户是可读的.

服务
把 sshguard 加入到默认的运行级别，然后启动：

参考

 * Iptables, 在 Gentoo 上安装和配置 iptables

外部资源
sshguard 文档 提供了进一步优化的所有信息.