Menu
▾
▴
Re: [Sshguard-users] SSHguard constantly exiting under OpenBSD
|
From: Keven T. <byt...@sh...> - 2009-01-14 10:09:16
|
Okay, I just did some quick debugging here. It appears like SSHguard is exiting the main loop in sshguard.c. For whatever reason, on OpenBSD 4.4, the line: while (fgets(buf, MAX_LOGLINE_LEN, stdin) != NULL) Is indeed returning NULL. This causes the loop to break and exit(0) is called, resulting in the "Got exit signal" message. According to google (and I'm not a programmer), this is caused either by fgets encountering EOF or some other error. Any ideas to as why this is occurring? -KT On Jan 14, 2009, at 2:47 AM, Keven Tipping wrote: > Greetings to all. > > I've been trying to get SSHguard running *reliably* on several OpenBSD > 4.4 boxes. They all exhibit the same problem. > > I've installed sshguard (both 1.4-rc2 and svn) and have it currently > running as root (though I doubt this has anything to do with the > problem) via Syslog. The relevant syslog.conf line is: > auth.info;auth.priv |exec /usr/sbin/sshguard > > SSHguard launches as expected when there's authlog traffic, and works > just fine. I can hammer the box from the LAN and SSHguard adds the IP > addresses to the pf table. That's all fine and great. > > The problem is, that SSHguard constantly "exits". I'm not sure if this > is a SSHguard problem or something OpenBSD related, because I can't > find anything in syslog's man page about this and there's nothing in > my crontabs that would otherwise interfere with SSHguard. > > What happens is that every ~5-20 minutes (it seems completely > random?), SSHguard prints the following in authlog: > "Jan 14 02:33:23 gw sshguard[28260]: Releasing 10.0.1.140 after 488 > seconds." > "Jan 14 02:33:23 gw sshguard[28260]: Got exit signal, flushing blocked > addresses and exiting..." > > 10.0.1.140 is one of /several/ systems I used to test SSHguard- there > were about ~10 IP's in the blocklist in this case, the latest one was > blocked/added at 02:33:07, only ~16 seconds before SSHguard once again > exited for no apparent reason. Obviously, when SSHguard exited, the > entire table was flushed. There's no way the last IP that was blocked > had exceeded 420 seconds prior to SSHguard "getting an exit signal". > > I'm not sure why it does this. Once SSHguard cleanly exits (due to the > above "signal"), syslogd restarts it as soon as there's authlog > traffic again and SSHguard runs anywhere from 5-20 minutes before > exiting. Rinse, repeat. It will do this all day, basically. > > I have no idea if this is by design, or what is going on here. Any > ideas? > > Cheers, > -KT > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
