Menu
▾
▴
[Sshguard-users] sshguard stops itself?
|
From: Frans M. <fr...@bl...> - 2010-12-16 02:20:50
|
I successfully installed sshguard on our debian system using the latest Debian version (1.4). However, after a while sshguard is stopped automatically. >From the log I read the following: Dec 15 06:25:01 production CRON[3260]: pam_unix(cron:session): session opened for user root by (uid=0) Dec 15 06:25:02 production sshguard[3083]: Run command "/sbin/iptables -F sshguard ; /sbin/ip6tables -F sshguard": exited 1. Dec 15 06:26:46 production CRON[3260]: pam_unix(cron:session): session closed for user root Can anybody tell me how to avoid that sshguard is stopped? Thanks in advance, Frans I installed sshguard by the following procedure: Install sshguard using aptitude. Type: mkfifo /var/log/sshguard.fifo Add the following line to /etc/rsyslog.conf: # sshguard auth.info;authpriv.info |/var/log/sshguard.fifo Make sure sshguard starts at reboot by adding the file /etc/init.d/sshguard with the following content: #!/bin/sh cat /var/log/sshguard.fifo | /usr/sbin/sshguard & Make the file be recognized as an init script by running from the command lines: chmod +x /etc/init.d/sshguard* *update-rc.d sshguard defaults 80 Make the following rule set for iptables by typing on the console: iptables -N sshguard # for regular IPv4 support: iptables -A INPUT -j sshguard # block all traffic from abusers that sshguard regards bad It seems that the lines below work for Ipv6 support but I did not yet use it ip6tables -N sshguard ip6tables -A INPUT -j sshguard Now make a file with these rules that iptables can read by typing: iptables-save > /etc/myiptables.conf Make sure these start at bootup by creating the file /etc/network/if-pre-up.d/iptables and add the lines: #!/bin/bash (add only if not yet there) /sbin/iptables-restore < /etc/ myiptables.conf The files need to be executable so change the permissions: chmod +x /etc/network/if-pre-up.d/iptables chmod +x /etc/myiptables.conf |
