Menu
▾
▴
Re: [Sshguard-users] Newbie questions about SSHGUARD install
|
From: Mij <mi...@ss...> - 2010-01-06 22:03:08
|
On Jan 5, 2010, at 18:29 , Michael Sheehan wrote: > I'm a relative n00b to linux having recently ported a wordpress blog over to a cloud server running CentOS 5.4. I installed Webmin (to make my life a bit easier hopefully). I wanted to prevent unauthorized brute force ssh logins so I found sshguard. I read through all of the documentation and did the install (or so I thought). It ran fine it seemed but after rebooting, I cannot tell if it is performing as expected. I see lots of login attempts from my LogWatch file, and many from the same IP address so I now think that my install is not working. My sshguard.fifo file seems to be "updated" regularly though... As a general rule, please always indicate - the version of sshguard you are running - how you installed it (from the OS package manager, or from sources) > I have a few questions that hopefully someone can help me answer (and please provide "entry level" responses as I may be documenting on a blog post later): > 1) How can I tell if sshguard is running? ps ax | grep sshguard > 2) It seems that my IP tables is not updated with the proper configuration (at least when I look at it via webmin or the actual Meaning you don't see an "sshguard" chain after rebooting? Your OS doesn't preserve the firewall configuration across reboots. I will add some links to the documentation to explain this. If you run CentOS, see http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-iptables.html at "iptables-save" > IP tables file). What is the proper way to check the IPtables functionality and install it properly (especially via Webmin)? > 3) Is there a way to set up a unique "sshguard" log file that only shows actions done by sshguard You can with syslog-ng, but it seems CentOS uses plain syslog. With syslog, you cannot. > 4) How stable is the beta release (1.5b)? For the SVN in general, the core is fairly stable, but the front-ends to the firewall and the logging systems may sometimes have problems. As we can only test some of them, we need to get users to report on the rest. As a rule of thumb, the SVN version you can run in production by keeping an eye on it. > 5) What is the upgrade process for 1.5 from 1.4? configure and make as usual, killall sshguard, then make install > Thanks for the help! > > -Michael > ------------------------------------------------------------------------------ > This SF.Net email is sponsored by the Verizon Developer Community > Take advantage of Verizon's best-in-class app development support > A streamlined, 14 day to market process makes app distribution fast and easy > Join now and get one step closer to millions of Verizon customers > http://p.sf.net/sfu/verizon-dev2dev > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
