Sources or package?
Sshguard runs on a variety of systems, many of which already provide a ready-made package for it. Whenever you can install directly from your OS's package management system, go that way: it's just simpler and faster.
There are some instances where you may need to install from sources. If your package manager does not provide sshguard, or provides an outdated version, or one compiled without some options you need.
Compiling and installing
The process goes as follows:
- you fetch the source code
- you pick the appropriate firewall system for your OS
- you compile and install
Fetching sources
Your options are (either/or):
- download the latest stable source distribution
- fetch the latest code committed from the repository
Which to choose? The latest stable is easier to fetch, and unlikely to give surprises. The code from the repository, on the other hand, may contain newer features.
If you want to get the repository code (you need the SubVersion client: check for the svn command), run these commands:
mkdir sshguard cd sshguard svn checkout https://sshguard.svn.sourceforge.net/svnroot/sshguard/trunk/ ./
You can browse the repository from the web interface as well.
Pick the appropriate firewall backend
Decompress first the source package sshguard-X.Y.tar.bz2 and get into the source root.
Decide which blocking backend you are going to use. These are the typical associations of backends with operating systems:
| OS | blocking backend | label |
|---|---|---|
| MacOS X | FreeBSD IPFirewall | ipfw |
| Linux | netfilter | iptables |
| many BSDs | the OpenBSD Packet Filter | pf |
| IBM AIX | AIX firewall | aix |
| others or no firewall | tcp wrappers' /etc/hosts.allow | hosts |
The complete list of firewall backends is:
- pf
- ipfw
- iptables
- ipfilter
- hosts
- aix
- null
If you have no idea which backend to choose, hosts is the most portable choice.
Compiling and installing
Configure the source code:
./configure --with-firewall=<label>
e.g., for linux:
./configure --with-firewall=iptables
Some customizations are available for the configuration process (see also ./configure --help):
- --prefix=dir install sshguard under a non-default directory
- pf:
- --with-pfctl=path Specify the full path for the pfctl command (Default: autodetect from PATH)
- ipfw:
- --with-ipfw=path Specify the full path for the ipfw command (Default: autodetect from PATH)
- --with-ipfw-rules-range=MIN-MAX Specify the IDs range in which sshguard can put its block rules (Default: "55000-55050")
- iptables:
- --with-iptables=path Specify the full path of the iptables command (Default: autodetect from PATH)
- hosts:
- --with-hostsfile=file Specify what file to use as hosts.allow (Default: /etc/hosts.allow)
Finally, compile the source code and install the result the usual way:
make make installThis will install the sshguard binary into /usr/local/sbin (or what other PREFIX you indicated), and the sshguard man page sshguard(8).