Re: [Sshguard-users] new installation

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Apr 16, 2009, at 19:09 , Adam Cohen wrote:

> greetings,
> I've recently installed sshguard 1x. on a Redhat box and it seems to  
> be
> working well.  However, I noticed the following on my system log:
>
> Apr 14 14:43:22 prod-02 sshguard[23831]: Releasing 4 after 1239745402
> seconds.
> Apr 14 14:43:22 prod-02 sshguard[23831]: Release command failed.  
> Exited: -1
>
> Seems like the dynamic removal of blocked hosts from iptables is
> failing.   iptables -L shows multiple entries for the same host on the
> sshguard chain.  Is this a valid conclusion?

yes, reasonable if releasing fails.

> Any ideas on why or how to fix?

can you run sshguard manually, as root:

/usr/local/bin/sshguard -d -a2 -p10

and then paste *2 times* as its input one line like:
Apr 12 10:11:12 foo sshd[1234]: Invalid user root from 1.2.3.4

it should block the address. Wait some seconds, it should release it.
If you still see the "Release command failed. Exited: -1", there
should now be more debug info. Please send that in.

>
> thanks
>
> -- 
> Adam Cohen
> IT Manager
> Energy Biosciences Institute
> 109 Calvin Lab
> 642-7709
>
>
> ------------------------------------------------------------------------------
> Stay on top of everything new and different, both inside and
> around Java (TM) technology - register by April 22, and save
> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
> 300 plus technical and hands-on sessions. Register today.
> Use priority code J9JMT32. http://p.sf.net/sfu/p
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users

Re: [Sshguard-users] new installation

Intelligently block brute-force attacks by aggregating system logs

Re: [Sshguard-users] new installation