Menu
▾
▴
Re: [Sshguard-users] SSHguard constantly exiting under OpenBSD
|
From: Mij <mi...@bi...> - 2009-01-14 19:01:13
|
Hello Keven, Do you have log rotation? Log rotation causes processes to be signaled for opening the new log files. This is often the case causing those message in log files. On Jan 14, 2009, at 11:09 AM, Keven Tipping wrote: > Okay, I just did some quick debugging here. > > It appears like SSHguard is exiting the main loop in sshguard.c. For > whatever reason, on OpenBSD 4.4, the line: > while (fgets(buf, MAX_LOGLINE_LEN, stdin) != NULL) > > Is indeed returning NULL. This causes the loop to break and exit(0) is > called, resulting in the "Got exit signal" message. According to > google (and I'm not a programmer), this is caused either by fgets > encountering EOF or some other error. > > Any ideas to as why this is occurring? > > -KT > > On Jan 14, 2009, at 2:47 AM, Keven Tipping wrote: > >> Greetings to all. >> >> I've been trying to get SSHguard running *reliably* on several >> OpenBSD >> 4.4 boxes. They all exhibit the same problem. >> >> I've installed sshguard (both 1.4-rc2 and svn) and have it currently >> running as root (though I doubt this has anything to do with the >> problem) via Syslog. The relevant syslog.conf line is: >> auth.info;auth.priv |exec /usr/sbin/sshguard >> >> SSHguard launches as expected when there's authlog traffic, and works >> just fine. I can hammer the box from the LAN and SSHguard adds the IP >> addresses to the pf table. That's all fine and great. >> >> The problem is, that SSHguard constantly "exits". I'm not sure if >> this >> is a SSHguard problem or something OpenBSD related, because I can't >> find anything in syslog's man page about this and there's nothing in >> my crontabs that would otherwise interfere with SSHguard. >> >> What happens is that every ~5-20 minutes (it seems completely >> random?), SSHguard prints the following in authlog: >> "Jan 14 02:33:23 gw sshguard[28260]: Releasing 10.0.1.140 after 488 >> seconds." >> "Jan 14 02:33:23 gw sshguard[28260]: Got exit signal, flushing >> blocked >> addresses and exiting..." >> >> 10.0.1.140 is one of /several/ systems I used to test SSHguard- there >> were about ~10 IP's in the blocklist in this case, the latest one was >> blocked/added at 02:33:07, only ~16 seconds before SSHguard once >> again >> exited for no apparent reason. Obviously, when SSHguard exited, the >> entire table was flushed. There's no way the last IP that was blocked >> had exceeded 420 seconds prior to SSHguard "getting an exit signal". >> >> I'm not sure why it does this. Once SSHguard cleanly exits (due to >> the >> above "signal"), syslogd restarts it as soon as there's authlog >> traffic again and SSHguard runs anywhere from 5-20 minutes before >> exiting. Rinse, repeat. It will do this all day, basically. >> >> I have no idea if this is by design, or what is going on here. Any >> ideas? >> >> Cheers, >> -KT >> >> ------------------------------------------------------------------------------ >> This SF.net email is sponsored by: >> SourcForge Community >> SourceForge wants to tell your story. >> http://p.sf.net/sfu/sf-spreadtheword >> _______________________________________________ >> Sshguard-users mailing list >> Ssh...@li... >> https://lists.sourceforge.net/lists/listinfo/sshguard-users > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
