Menu
▾
▴
Re: [Sshguard-users] problem with first configuration - linux syslog-ng
|
From: Giurrero G. <giu...@ho...> - 2009-02-03 20:16:49
|
From: mi...@bi... To: ssh...@li... Date: Tue, 3 Feb 2009 20:39:08 +0100 Subject: Re: [Sshguard-users] problem with first configuration - linux syslog-ng On Feb 3, 2009, at 2:25 PM, Giurrero Giurrero wrote:Dear experts, I've installed sshguard 1.3 on my SuSE Linux 11.0 with syslog-ng support following the standard istruction:http://sshguard.sourceforge.net/doc/setup/loggingsyslog-ng.html When I restart the syslog: killall -HUP syslog-ng I can't find any sshguard process: ps ax | grep sshguard after the killall in my /var/logs/messages I've: Feb 3 13:53:21 sole sshguard[26718]: Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan. Feb 3 13:53:23 sole sshguard[26718]: Got exit signal, flushing blocked addresses and exiting... Feb 3 13:53:23 sole sshguard[26718]: Run command "/usr/sbin/iptables -F sshguard ; /usr/sbin/ip6tables -F sshguard": exited 1. AFAIR syslog-ng uses a lazy execution, where services for target X are started only when the first log entry arrives for X. That is, check with ps onlyafter having produced some suitable log msgs. If I try to log in in my system with ssh using a name that doesn't exist I find in my /var/logs/messages: Feb 3 14:20:55 sole sshd[18050]: Invalid user xyz from 192.168.0.1 Feb 3 14:20:55 sole syslog-ng[2029]: I/O error occurred while writing; fd='14', error='Broken pipe (32)' Feb 3 14:20:56 sole sshd[18050]: error: PAM: User not known to the underlying authentication module for illegal user xyz from 1 92.168.0.1 Feb 3 14:20:56 sole sshd[18050]: Failed keyboard-interactive/pam for invalid user xyz from 192.168.0.1 port 56372 ssh2 Feb 3 14:20:56 sole syslog-ng[2029]: I/O error occurred while writing; fd='14', error='Broken pipe (32)' Feb 3 14:20:56 sole sshd[18050]: error: PAM: User not known to the underlying authentication module for illegal user xyz from 1 92.168.0.1 Feb 3 14:20:56 sole sshd[18050]: Failed keyboard-interactive/pam for invalid user xyz from 192.168.0.1 port 56372 ssh2 Feb 3 14:20:56 sole syslog-ng[2029]: I/O error occurred while writing; fd='14', error='Broken pipe (32)' Feb 3 14:20:57 sole sshd[18050]: error: PAM: User not known to the underlying authentication module for illegal user xyz from 1 92.168.0.1 Feb 3 14:20:57 sole sshd[18050]: Failed keyboard-interactive/pam for invalid user xyz from 192.168.0.1 port 56372 ssh2 any message in some other log file that explains why that broken pipe? Syslog-ng can't start sshguard successfully, did you double check the pathsshguard is at in your system, when copy-pasting from the documentation? the path are all ok. As root I can do: sshguard, iptable, ... but if I do: /usr/sbin/iptables -F ssh, I got: iptables: No chain/target/match by that name _________________________________________________________________ Quali sono le più cliccate della settimana? http://livesearch.it.msn.com/ |
