configure sshblack installation settings


Im trying to set up sshblack ( which is an automatic blacklisting program to stop hackers.  My knowledge of linux is pretty limited and i suspect that the answer is obvious.

I have sshblack up and running but when trying to complete the howto from (ttp:// i have got to the point where the perl script  on thier site has been copied and all the correct paths set. the following instructions are:

[root@luggage sshblack]# cp sshblack /etc/init.d
[root@luggage sshblack]# ls -al /etc/init.d/sshblack
-rwxr-xr-x  1 root root 1863 Dec 11 15:03 /etc/init.d/sshblack
[root@luggage sshblack]# chkconfig --add sshblack
[root@luggage sshblack]# chkconfig --list sshblack
sshblack        0:off   1:off   2:on    3:on    4:on    5:on    6:off

on my server:
[root@vpstream init.d]# ls -al /etc/init.d/sshblack
-rw-r--r--    1 root     root         2893 Jul  1 13:07 /etc/init.d/sshblack
so i chmod to 755  and made it the same as their example

the problem i want answered is on my server  2:off is set to off.
[root@vpstream init.d]# chkconfig --list sshblack
sshblack        0:off   1:off   2:off   3:on    4:on    5:on    6:off

I would like to know how to turn this on. (i suspect it is as simple and obvious as the chmod which wasnt included in the instructions)

And also:
service sshblack restart
is supposed to restart this program but it comes back with
[root@vpstream init.d]# service sshblack restart
(-): (-): No such file or directory

thank you for your help.


Who is Participating?
xDamoxConnect With a Mentor Commented:

Open the /etc/pam.d/sshd and add the following line:

auth     required     /lib/security/ config=/etc/security/pam_abl.conf

I would suggest you try pam_abl, what distrobution are you using?
ussherAuthor Commented:
redhat linux el3 it is a virtual server but unmanaged so i have to take care of security myself. i have rkhunter and logwatcher going which tell me i have hacking attempts now i want to block them.

Why is pam_abl better thatn sshblack?

I origionally wanted to use APF and BFD but could not  get  APF to work on my VPS because iptables needed to be reconfigured on the hardware node which would change all the VPS in my hosting companys server array so they suggested SSHBLACK.  

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


pam_abl can be configured with any services and its easy to configure,

ussherAuthor Commented:

OK i installed pam_abl  i think everything went ok, on make install there was one line that made me nervious "/bin/sh: line 1: cd: t: No such file or directory"

here is what i did:

pam_abl  pam_abl-0.2.3.tar.gz
[root@vpstream pam_abl]# make install
make: *** No rule to make target `install'.  Stop.
[root@vpstream pam_abl]# cd pam_abl
[root@vpstream pam_abl]# make install
cc -Wall -fPIC   -c -o pam_abl.o pam_abl.c
cc -Wall -fPIC   -c -o log.o log.c
cc -Wall -fPIC   -c -o config.o config.c
cc -Wall -fPIC   -c -o rule.o rule.c
ld -x --shared -ldb -lpthread -o pam_abl.o log.o config.o rule.o
install --mode=755 --strip /lib/security
#install --mode=644 conf/pam_abl.conf /etc/security
install -d --mode=755 /var/lib/abl
for d in t tools ; do cd $d && make install && cd .. ; done
/bin/sh: line 1: cd: t: No such file or directory
make[1]: Entering directory `/root/downloads/pam_abl/pam_abl/tools'
cc -Wall   -c -o log.o log.c
cc -Wall   -c -o config.o config.c
cc -Wall   -c -o rule.o rule.c
cc -Wall   -c -o pam_abl.o pam_abl.c
cc -ldb -lpthread -o pam_abl log.o config.o rule.o pam_abl.o
install --mode=755 --strip pam_abl /usr/bin
make[1]: Leaving directory `/root/downloads/pam_abl/pam_abl/tools'
[root@vpstream pam_abl]# cp conf/pam_abl.conf /etc/security
[root@vpstream pam_abl]# pico /etc/security/pam_abl.conf
[root@vpstream pam_abl]# cd /etc/security
[root@vpstream security]# ls
access.conf  chroot.conf  console.apps  console.perms  group.conf  limits.conf  pam_abl.conf  pam_env.conf  time.conf
[root@vpstream security]# pam_abl /etc/security/pam_abl.conf
Failed users:
Failed hosts:
[root@vpstream security]#

the instructions say to add some lines to the PAM config where is that file that im supposed to add these lines to?

Typically is added to the auth stack as a required module just before whatever modules actually peform authentication. Here's a fragment of the PAM config for a production server that is running pam_abl:
auth      required      /lib/security/
auth      required      /lib/security/ config=/etc/security/pam_abl.conf
auth      sufficient      /lib/security/ likeauth nullok
auth      required      /lib/security/


ussherAuthor Commented:
thanks very much

auth       required service=system-auth
auth       required
account    required service=system-auth
password   required service=system-auth
session    required service=system-auth
session    required
session    optional
auth     required     /lib/security/ config=/etc/security/pam_abl.conf

so im good to go now?  thanks.


When a failed attempt happends as root type:


and you will get something like this:

Failed users:
    nfsnobody (1)
        Not blocking
Failed hosts: (2)
        Not blocking (1)
        Not blocking (1)
        Not blocking (1)
        Not blocking (1)
        Not blocking
ussherAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.