Sources or package?

Sshguard runs on a variety of systems, many of which already provide a ready-made package for it. Whenever you can install directly from your OS's package management system, go that way: it's just simpler and faster.

There are some instances where you may need to install from sources. If your package manager does not provide sshguard, or provides an outdated version, or one compiled without some options you need.

Compiling and installing

The process goes as follows:

  1. you fetch the source code
  2. you pick the appropriate firewall system for your OS
  3. you compile and install

Fetching sources

Your options are (either/or):

Which to choose? The latest stable is easier to fetch, and unlikely to give surprises. The code from the repository, on the other hand, may contain newer features.

If you want to get the repository code (you need the SubVersion client: check for the svn command), run these commands:

mkdir sshguard
cd sshguard
svn checkout https://sshguard.svn.sourceforge.net/svnroot/sshguard/trunk/ ./

You can browse the repository from the web interface as well.

Pick the appropriate firewall backend

Decompress first the source package sshguard-X.Y.tar.bz2 and get into the source root.

Decide which blocking backend you are going to use. These are the typical associations of backends with operating systems:

OSblocking backendlabel
MacOS XFreeBSD IPFirewallipfw
Linuxnetfilteriptables
many BSDsthe OpenBSD Packet Filterpf
IBM AIXAIX firewallaix
others or no firewalltcp wrappers' /etc/hosts.allowhosts

The complete list of firewall backends is:

  • pf
  • ipfw
  • iptables
  • ipfilter
  • hosts
  • aix
  • null

If you have no idea which backend to choose, hosts is the most portable choice.

Compiling and installing

Configure the source code:

./configure --with-firewall=<label>

e.g., for linux:

./configure --with-firewall=iptables

Some customizations are available for the configuration process (see also ./configure --help):

  • --prefix=dir install sshguard under a non-default directory
  • pf:
    • --with-pfctl=path Specify the full path for the pfctl command (Default: autodetect from PATH)
  • ipfw:
    • --with-ipfw=path Specify the full path for the ipfw command (Default: autodetect from PATH)
    • --with-ipfw-rules-range=MIN-MAX Specify the IDs range in which sshguard can put its block rules (Default: "55000-55050")
  • iptables:
    • --with-iptables=path Specify the full path of the iptables command (Default: autodetect from PATH)
  • hosts:
    • --with-hostsfile=file Specify what file to use as hosts.allow (Default: /etc/hosts.allow)

Finally, compile the source code and install the result the usual way:

make
make install

This will install the sshguard binary into /usr/local/sbin (or what other PREFIX you indicated), and the sshguard man page sshguard(8).

Latest Releases View all»

  • sshguard 1.5 This is a milestone release, coming after 18 months ...
  • sshguard 1.5 Sshguard monitors services through their logging activity. It reacts ...
  • sshguard 1.5rc4 This release candidate fixes the last known bugs submitted ...

F.A.Q. View all»