Menu
▾
▴
Re: [Sshguard-users] Read blacklist.db
|
From: Cedric J. <ssh...@te...> - 2011-10-12 11:36:28
|
Hello again! thank you for your answer - I'll have a look at gentoo overlays to see if there's some -9999 ebuild. Cheers, C. On Wed, 12 Oct 2011 13:31:50 +0200, Mij wrote: > On Oct 12, 2011, at 13:21 , Cedric Jeanneret wrote: > >> Hello! >> >> How can I read and edit the blacklist db file ? While doing "file >> sshguard.db", it tells me it's some odd "raw G3 data, byte-padded", >> which seems to be used for fax content... I'me guessing that's not >> true. > > In sshguard-1.5 blacklists are in SimCList serialization format, > which is > binary (see http://mij.oltrelinux.com/devel/simclist/ ). > > In a recent commit on the SVN, blacklists are stored in > human-readable > format. Wait some weeks for have that appear in a release, or compile > the sources from the SVN as described in > http://www.sshguard.net/docs/setup/compile-install/#fetch-code > > >> My final goal is to be able to get blacklisted addresses (and all >> datas >> I can get from this DB) to do some stats. > > You can extract the IPs with a command such as: > > strings /path/to/blacklist | grep -Eo "([0-9]+\.){3}[0-9]+" > > For extracting IPv6 addresses check out the regex in the sshguard > sources. > > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and > makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2d-oct > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
