[Sshguard-users] sshguard on OSX 10.5 and ipfw (ipv6)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Anyone on this list have access to a OSX 10.5 dev environment that is
willing to test some patches ?

I have a patch for ipfw firewall and ipv6 that I have tested on
FreeBSD 7, and OSX (ppc) 10.4, but I would prefer someone test with
OSX 10.5 or even snow leopard (intel or ppc) as well.

1)  Get base code here:
     svn co https://sshguard.svn.sourceforge.net/svnroot/sshguard sshguard

2)  Get the patches (both) of them from here:  (save to the
sshguard/trunk directory from step 1)
     https://sourceforge.net/tracker/?func=detail&aid=2777559&group_id=188282&atid=924687

3)  Apply patches and configure/build

su root
cd sshguard/trunk
patch <osx_configure_ac_patch.txt
pushd src/fwalls
patch <../../ipfw_ipv6_patch_2.txt
popd
autoreconf
./configure --with-firewall=ipfw
make clean && make

4)  If all builds well, try running sshguard with the "-d" parameter
and paste the following attack example:

e.g.  src/sshguard -d

Attack Example:  (if your email client wraps the string to multiple
lines, make sure it is one line before you paste into the sshguard
debug terminal)

Apr 30 12:19:08 minimac sshd[7097]: Failed keyboard-interactive/pam
for invalid user asdf from 2001:db8::1 port 57453 ssh2

Paste the attack example into the terminal 4 times and you should see
the following at the end:

Running command: '/sbin/ip6fw add 55045 drop ipv6 from 2001:db8::1 to any'.
55045 deny ipv6 from 2001:db8::1 to any
Command exited 0.
First sight of offender '2001:db8::1:6', adding to offenders list.

If you see any other exit code than "Command exited 0.", please paste
the entire output buffer in a response email.

--Thanks!

-_Dave H

[Sshguard-users] sshguard on OSX 10.5 and ipfw (ipv6)

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] sshguard on OSX 10.5 and ipfw (ipv6)