Menu
▾
▴
Re: [Sshguard-users] sshguard stops itself?
|
From: Mij <mi...@ss...> - 2011-01-12 17:09:18
|
Hi Frans, On Dec 16, 2010, at 02:53 , Frans Middelkoop wrote: > I successfully installed sshguard on our debian system using the latest Debian version (1.4). > However, after a while sshguard is stopped automatically. > From the log I read the following: > > Dec 15 06:25:01 production CRON[3260]: pam_unix(cron:session): session opened for user root by (uid=0) > Dec 15 06:25:02 production sshguard[3083]: Run command "/sbin/iptables -F sshguard ; /sbin/ip6tables -F sshguard": exited 1. > Dec 15 06:26:46 production CRON[3260]: pam_unix(cron:session): session closed for user root > > Can anybody tell me how to avoid that sshguard is stopped? Checking out your setup, SSHGuard is likely restarted by syslog by log rotation procedures, so you should not be concerned with that. If you have psychological aversion to that, consider running sshguard with native Log Sucking mode (see http://www.sshguard.net/docs/setup/getlogs/log-sucker/ ). As a side note, the "exited 1" message is likely up to ip6tables, since you mention you didn't configure its tables. In that case, you can get over that too. > Thanks in advance, > Frans > > I installed sshguard by the following procedure: > Install sshguard using aptitude. > Type: > mkfifo /var/log/sshguard.fifo > > Add the following line to /etc/rsyslog.conf: > # sshguard > auth.info;authpriv.info |/var/log/sshguard.fifo > > Make sure sshguard starts at reboot by adding the file /etc/init.d/sshguard with the following content: > #!/bin/sh > cat /var/log/sshguard.fifo | /usr/sbin/sshguard & > > Make the file be recognized as an init script by running from the command lines: > chmod +x /etc/init.d/sshguard > update-rc.d sshguard defaults 80 > > > Make the following rule set for iptables by typing on the console: > iptables -N sshguard # for regular IPv4 support: > iptables -A INPUT -j sshguard # block all traffic from abusers that sshguard regards bad > It seems that the lines below work for Ipv6 support but I did not yet use it > ip6tables -N sshguard > ip6tables -A INPUT -j sshguard > > Now make a file with these rules that iptables can read by typing: > iptables-save > /etc/myiptables.conf > > Make sure these start at bootup by creating the file /etc/network/if-pre-up.d/iptables and add the lines: > #!/bin/bash (add only if not yet there) > /sbin/iptables-restore < /etc/ myiptables.conf > > The files need to be executable so change the permissions: > chmod +x /etc/network/if-pre-up.d/iptables > chmod +x /etc/myiptables.conf > > ------------------------------------------------------------------------------ > Lotusphere 2011 > Register now for Lotusphere 2011 and learn how > to connect the dots, take your collaborative environment > to the next level, and enter the era of Social Business. > http://p.sf.net/sfu/lotusphere-d2d_______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
