[Sshguard-users] SSHguard constantly exiting under OpenBSD

[Keven T. <byt...@sh...>]

Greetings to all.

I've been trying to get SSHguard running *reliably* on several OpenBSD  
4.4 boxes. They all exhibit the same problem.

I've installed sshguard (both 1.4-rc2 and svn) and have it currently  
running as root (though I doubt this has anything to do with the  
problem) via Syslog. The relevant syslog.conf line is:
auth.info;auth.priv	|exec /usr/sbin/sshguard

SSHguard launches as expected when there's authlog traffic, and works  
just fine. I can hammer the box from the LAN and SSHguard adds the IP  
addresses to the pf table. That's all fine and great.

The problem is, that SSHguard constantly "exits". I'm not sure if this  
is a SSHguard problem or something OpenBSD related, because I can't  
find anything in syslog's man page about this and there's nothing in  
my crontabs that would otherwise interfere with SSHguard.

What happens is that every ~5-20 minutes (it seems completely  
random?), SSHguard prints the following in authlog:
"Jan 14 02:33:23 gw sshguard[28260]: Releasing 10.0.1.140 after 488  
seconds."
"Jan 14 02:33:23 gw sshguard[28260]: Got exit signal, flushing blocked  
addresses and exiting..."

10.0.1.140 is one of /several/ systems I used to test SSHguard- there  
were about ~10 IP's in the blocklist in this case, the latest one was  
blocked/added at 02:33:07, only ~16 seconds before SSHguard once again  
exited for no apparent reason. Obviously, when SSHguard exited, the  
entire table was flushed. There's no way the last IP that was blocked  
had exceeded 420 seconds prior to SSHguard "getting an exit signal".

I'm not sure why it does this. Once SSHguard cleanly exits (due to the  
above "signal"), syslogd restarts it as soon as there's authlog  
traffic again and SSHguard runs anywhere from 5-20 minutes before  
exiting. Rinse, repeat. It will do this all day, basically.

I have no idea if this is by design, or what is going on here. Any  
ideas?

Cheers,
-KT