Menu
▾
▴
Re: [Sshguard-users] sshguard working but not blocking, functioning in debug mode
|
From: Mij <mi...@bi...> - 2009-07-22 09:45:23
|
On Jul 22, 2009, at 04:02 , Peter Beckman wrote: > On Tue, 21 Jul 2009, Mij wrote: > >> >> On Jul 21, 2009, at 21:17 , Peter Beckman wrote: >> >>> On Tue, 21 Jul 2009, Mij wrote: >>> >>>> Naturally the same machinery is used for blocking with or without - >>>> d, so >>>> if in the latter case it works, is sshguard run as root from the >>>> syslog >>>> instance? >>> >>> syslogd is running as root, and since I've tested it in the past and >>> it >>> has worked, and I haven't updated anything, I was surprised to see >>> the >>> failure. >> >> 2 things: >> 1) you show that with -d the address is visible in the PF table after >> blocking. >> What about the normal run? > > Wasn't around at the time of the attack, I only get notified at the > end of > the day when I get emailed the log. > > I upgraded to 1.4rc5 and tested manually, and it blocked successfully. > Hopefully the bot-net tries again soon, and I'll see if the issue was > resolved by upgrading. On that front rc5 should not behave any different to prior versions. > PS -- If you were bored, you could always create a few new FreeBSD > Ports: > > sshguard-devel > sshguard-devel-pf (or modify the sshguard-pf to have a flag to use > sshguard-devel) > > I built a pseudo-hack port, but didn't spend enough time to figure > out how > to install it as sshguard-devel-1.4rc5 without figuring out how to > tell it > to download sshguard-1.4rc5.tar.gz from SourceForge. Probably could > with > some time and effort, the former of which I have none of! The current port I will update just before releasing 1.4stable. Some users submitted some modifications to its "automation scripts". Hopefully I'll find time to get hold of those too. You're welcome to submit a "sshguard-devel" port. As we take so long before declaring stables (1.3 was 10 months ago?) a -devel port may make sense. |
