Re: [Sshguard-users] sshguard-1.5-r1 on gentoo: log entries missed

[Robert S <rob...@gm...>]

Unfortunately process authentication isn't working.  I received 953
"Ignore" messages today:

# grep sshguard /var/log/messages
May  3 18:22:26 hostname sshguard[25226]: Ignore attack as pid '9922'
has been forged for service 100.
May  3 18:22:29 hostname sshguard[9927]: Running 'ps axo pid,ppid'.
May  3 18:22:29 hostname sshguard[25226]: Process 9925 is not child of 4639.
May  3 18:22:29 hostname sshguard[25226]: Ignore attack as pid '9925'
has been forged for service 100.
May  3 18:22:31 hostname sshguard[9930]: Running 'ps axo pid,ppid'.
May  3 18:22:31 hostname sshguard[25226]: Process 9928 is not child of 4639.
May  3 18:22:31 hostname sshguard[25226]: Ignore attack as pid '9928'
has been forged for service 100.
May  3 18:22:34 hostname sshguard[9933]: Running 'ps axo pid,ppid'.
May  3 18:22:34 hostname sshguard[25226]: Process 9931 is not child of 4639.

There was only one "hit" resulting in a block

I'm using direct feeding from a fifo:

# cat /var/log/sshguard.fifo | /usr/local/sbin/sshguard -b
/usr/local/var/sshguard/blacklist.db -w /etc/sshguard.whitelist -f
100:/var/run/sshd.pid