Menu
▾
▴
Re: [Sshguard-users] sshguard-1.5-r1 on gentoo: log entries missed
|
From: Robert S <rob...@gm...> - 2010-04-29 12:59:12
|
Hi. As suggested the statement below fixed the logging issue. const int sshguard_log_minloglevel = LOG_INFO; However, there appears to be a problem with process authentication: Apr 29 22:49:29 myhost sshd[8307]: User root from xxx.xxx.xxx.99 not allowed because none of user's groups are listed in AllowGroups Apr 29 22:49:29 myhost sshguard[8310]: Running 'ps axo pid,ppid'. Apr 29 22:49:29 myhost sshguard[8301]: Process 8307 is not child of 4547. Apr 29 22:49:29 myhost sshguard[8301]: Ignore attack as pid '8307' has been forged for service 100. # ps ax |grep sshguard 8301 pts/1 Sl+ 0:00 /usr/src/local/sshguard/trunk/src/sshguard -l /var/log/auth.log -b /usr/local/var/sshguard/blacklist.db -w /etc/sshguard.whitelist -f 100:/var/run/sshd.pid This problem goes away when I omit the "-f 100:/var/run/sshd.pid" option |
