Sshguard/ja

sshguard は侵入防止システムです. サーバーのログを精査して害意ある行動を検出し、危害を加えようとする接続元IPアドレスを拒絶するファイアーウォールを用います. sshguard は、C言語で書かれており、インタプリターは不要です.

How it works
sshguard is a simple daemon that continuously tracks one or more log files. It parses the log events that daemons send out in case of failed login attempts and then blocks any further attempts from those connections by updating the system's firewall.

Unlike what the name implies, sshguard does not only parse SSH logs. It also supports many mail systems as well as a few FTP ones. A full listing of supported services can be found on the sshguard.net website.

Emerge
Install :

Also make sure that is installed and used as the system firewall. At the time of writing, sshguard does not yet support.

More information about using and configuring IPtables can also be found on the IPtables article.

Preparing the firewall
When sshguard blocks any malicious users (by blocking their IP addresses), it will use the sshguard chain.

Prepare the chain, and make sure it is also triggered when new incoming connections are detected:

Watching logfiles
The basic idea behind sshguard is that the administrator passes on the log file(s) to watch as options to the application - there is no native sshguard configuration file.

On Gentoo, the options can be best configured in the file:

Make sure that the log files are accessible for the runtime user that sshguard uses.

Service
Have sshguard be started by default by adding it to the default runlevel, and then start it:

参考

 * Iptables, for installing and configuring iptables on Gentoo

外部の情報
The sshguard documentation provides all the information needed to further tune the application.