Menu
▾
▴
Re: [Sshguard-users] Parser changes for FreeBSD
|
From: Mij <mi...@bi...> - 2008-01-05 14:23:39
|
this is a bug: the parser does not recognize pure numbers as valid
hostnames.
The fix is included in my local source and will be in the next
release. In the meantime
you can modify your local copy like this:
<if you use ports>
I) cd /usr/ports/security/sshguard
II) make patch
III) cd work/sshguard-1.0
</if you use ports>
modify src/attack_parser.y , locate block:
===
hostname:
WORD
| HOSTADDR
;
===
and modify it like this:
===
hostname:
WORD
| HOSTADDR
| INTEGER
;
===
<if you use ports>
cd ../../../sshguard-ipfw
make install
</if you use ports>
if you use sshguard-1.3 instead, look for block:
===
hostname:
WORD { $$ = $1; }
| HOSTADDR { $$ = $1; }
;
===
and modify like this
===
hostname:
WORD { $$ = $1; }
| INTEGER { snprintf(attackscanner_str,
MAXSCANBUFLEN, "%d", $1); $$ = attackscanner_str; }
| HOSTADDR { $$ = $1; }
;
===
thanks for reporting
On 01/gen/08, at 13:18, AngryWolf wrote:
> Hi,
>
> I have the same problem. My hostname starts with a number so break
> attempts
> aren't catched. Example:
>
> [root@123456 ~]# sshguard
> Dec 31 10:08:06 123456 sshd[62382]: Invalid user test from
> 202.130.138.94
> Dec 31 10:08:06 123456 sshd[62382]: Invalid user test from
> 202.130.138.94
> Dec 31 10:08:06 123456 sshd[62382]: Invalid user test from
> 202.130.138.94
> Dec 31 10:08:06 123456 sshd[62382]: Invalid user test from
> 202.130.138.94
> Dec 31 10:08:06 123456 sshd[62382]: Invalid user test from
> 202.130.138.94
> Dec 31 10:08:06 123456 sshd[62382]: Invalid user test from
> 202.130.138.94
>
> Nothing happened, however changing '123456' to 'localhost' in the
> keyboard
> input works:
>
> [root@123456 ~]# sshguard
> Dec 31 10:08:06 localhost sshd[62382]: Invalid user test from
> 202.130.138.94
> Dec 31 10:08:06 localhost sshd[62382]: Invalid user test from
> 202.130.138.94
> Dec 31 10:08:06 localhost sshd[62382]: Invalid user test from
> 202.130.138.94
> Dec 31 10:08:06 localhost sshd[62382]: Invalid user test from
> 202.130.138.94
> 55006 deny ip from 202.130.138.94 to me
>
> I'm using sshguard-ipfw-1.0_1 on FreeBSD 6.3-PRERELEASE.
>
> --
> AngryWolf
> ang...@fl...
>
> ----------------------------------------------------------------------
> ---
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
