Menu
▾
▴
[Sshguard-users] sshguard-pf 1.4 not work in FreeBSD 8.1 release, have much test, the same problem
|
From: Marcus <f5...@gm...> - 2010-12-28 01:34:15
|
I have ask the same question in forums.freebsd.org, no reply solved the problem. ------------ in /etc/syslog.conf have two lines auth.info;authpriv.info |/usr/local/sbin/sshguard auth.info;authpriv.info /var/log/auth.log # /etc/rc.d/syslogd reload /etc/pf.conf have only 5 lines ext_if="bce1" table <sshguard> persist block in quick on $ext_if from <sshguard> pass in pass out # pfctl -f /etc/pf.conf # top | grep sshg 1296 root 2 44 0 7184K 1604K nanslp 0 0:00 0.00% sshguard test the brute force ssh, nothing found excecpt ---------- Dec 28 09:32:13 b sshguard[1445]: Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan. Dec 28 09:32:42 b sshd[1447]: Invalid user a from 10.0.0.88 Dec 28 09:32:42 b sshd[1447]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:32:42 b sshd[1447]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49464 ssh2 Dec 28 09:32:43 b sshd[1447]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:32:43 b sshd[1447]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49464 ssh2 Dec 28 09:32:48 b sshd[1451]: Invalid user a from 10.0.0.88 Dec 28 09:32:48 b sshd[1451]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:32:48 b sshd[1451]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49465 ssh2 Dec 28 09:32:48 b sshd[1451]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:32:48 b sshd[1451]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49465 ssh2 Dec 28 09:32:52 b sshd[1455]: Invalid user ab from 10.0.0.88 Dec 28 09:32:52 b sshd[1455]: error: PAM: authentication error for illegal user ab from 10.0.0.88 Dec 28 09:32:52 b sshd[1455]: Failed keyboard-interactive/pam for invalid user ab from 10.0.0.88 port 49466 ssh2 Dec 28 09:32:52 b sshd[1455]: error: PAM: authentication error for illegal user ab from 10.0.0.88 Dec 28 09:32:52 b sshd[1455]: Failed keyboard-interactive/pam for invalid user ab from 10.0.0.88 port 49466 ssh2 Dec 28 09:32:56 b sshd[1459]: Invalid user a from 10.0.0.88 Dec 28 09:32:56 b sshd[1459]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:32:56 b sshd[1459]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49467 ssh2 Dec 28 09:32:56 b sshd[1459]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:32:56 b sshd[1459]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49467 ssh2 Dec 28 09:33:00 b sshd[1463]: Invalid user a from 10.0.0.88 Dec 28 09:33:00 b sshd[1463]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:33:00 b sshd[1463]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49468 ssh2 Dec 28 09:33:01 b sshd[1463]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:33:01 b sshd[1463]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49468 ssh2 Dec 28 09:33:04 b sshd[1479]: Invalid user a from 10.0.0.88 Dec 28 09:33:05 b sshd[1479]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:33:05 b sshd[1479]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49469 ssh2 Dec 28 09:33:05 b sshd[1479]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:33:05 b sshd[1479]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49469 ssh2 Dec 28 09:33:09 b sshd[1483]: Invalid user a from 10.0.0.88 Dec 28 09:33:09 b sshd[1483]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:33:09 b sshd[1483]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49470 ssh2 Dec 28 09:33:09 b sshd[1483]: error: PAM: authentication error for illegal user a from 10.0.0.88 Dec 28 09:33:09 b sshd[1483]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49470 ssh2 |
