Re: [Sshguard-users] problem with first configuration - linux syslog-ng

[Mij <mi...@bi...>]

see http://sshguard.sourceforge.net/doc/setup/blockingiptables.html


On Feb 3, 2009, at 21:16 , Giurrero Giurrero wrote:

>
>
> From: mi...@bi...
> To: ssh...@li...
> Date: Tue, 3 Feb 2009 20:39:08 +0100
> Subject: Re: [Sshguard-users] problem with first configuration -  
> linux	syslog-ng
>
>
> On Feb 3, 2009, at 2:25 PM, Giurrero Giurrero wrote:
>
> Dear experts,
>  I've installed sshguard 1.3 on my SuSE Linux 11.0 with syslog-ng  
> support following the standard istruction:http://sshguard.sourceforge.net/doc/setup/loggingsyslog-ng.html
>
> When I restart the syslog:
>
>   killall -HUP syslog-ng
>
> I can't find any sshguard process:
>
> ps ax | grep sshguard
>
>
> after the killall in my /var/logs/messages I've:
>
> Feb  3 13:53:21 sole sshguard[26718]: Started successfully  
> [(a,p,s)=(4, 420, 1200)], now ready to scan.
> Feb  3 13:53:23 sole sshguard[26718]: Got exit signal, flushing  
> blocked addresses and exiting...
> Feb  3 13:53:23 sole sshguard[26718]: Run command "/usr/sbin/ 
> iptables -F sshguard ; /usr/sbin/ip6tables -F sshguard": exited 1.
>
> AFAIR syslog-ng uses a lazy execution, where services for target X  
> are started only when the first log entry arrives for X. That is,  
> check with ps only
> after having produced some suitable log msgs.
>
>
> If I try to log in in my system with ssh using a name that doesn't  
> exist I find in my /var/logs/messages:
>
> Feb  3 14:20:55 sole sshd[18050]: Invalid user xyz from 192.168.0.1
> Feb  3 14:20:55 sole syslog-ng[2029]: I/O error occurred while  
> writing; fd='14', error='Broken pipe (32)'
> Feb  3 14:20:56 sole sshd[18050]: error: PAM: User not known to the  
> underlying authentication module for illegal user xyz from 1
> 92.168.0.1
> Feb  3 14:20:56 sole sshd[18050]: Failed keyboard-interactive/pam  
> for invalid user xyz from 192.168.0.1 port 56372 ssh2
> Feb  3 14:20:56 sole syslog-ng[2029]: I/O error occurred while  
> writing; fd='14', error='Broken pipe (32)'
> Feb  3 14:20:56 sole sshd[18050]: error: PAM: User not known to the  
> underlying authentication module for illegal user xyz from 1
> 92.168.0.1
> Feb  3 14:20:56 sole sshd[18050]: Failed keyboard-interactive/pam  
> for invalid user xyz from 192.168.0.1 port 56372 ssh2
> Feb  3 14:20:56 sole syslog-ng[2029]: I/O error occurred while  
> writing; fd='14', error='Broken pipe (32)'
> Feb  3 14:20:57 sole sshd[18050]: error: PAM: User not known to the  
> underlying authentication module for illegal user xyz from 1
> 92.168.0.1
> Feb  3 14:20:57 sole sshd[18050]: Failed keyboard-interactive/pam  
> for invalid user xyz from 192.168.0.1 port 56372 ssh2
>
> any message in some other log file that explains why that broken  
> pipe? Syslog-ng can't start sshguard successfully, did you double  
> check the path
> sshguard is at in your system, when copy-pasting from the  
> documentation?
>
> the path are all ok. As root I can do: sshguard, iptable, ... but if  
> I do: /usr/sbin/iptables -F ssh, I got:
>
> iptables: No chain/target/match by that name
>
>
> Scoprilo insieme ai nuovi servizi Windows Live! Messenger 9: oltre  
> le parole.  
> ------------------------------------------------------------------------------
> Create and Deploy Rich Internet Apps outside the browser with  
> Adobe(R)AIR(TM)
> software. With Adobe AIR, Ajax developers can use existing skills  
> and code to
> build responsive, highly engaging applications that combine the  
> power of local
> resources and data with the reach of the web. Download the Adobe AIR  
> SDK and
> Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com_______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users