Menu
▾
▴
Re: [Sshguard-users] problem with mac osx lion
|
From: Mij <mi...@ss...> - 2012-11-30 10:45:42
|
Bradley noticed a few days ago that OS X Lion switched from IPFW to PF – It was about time! –. If you use macports, they'll pick the right thing for you. -m On Nov 28, 2012, at 18:43 , Neal Piche <bje...@gm...> wrote: > I have mac osx lion and I got an error message in my log, here is the relevant section: > > Nov 28 07:03:58 phirestalker sshd[93189]: Received disconnect from 222.184.230.118: 11: Bye Bye > Nov 28 07:04:00 phirestalker sshd[93192]: Invalid user cgi from 222.184.230.118 > Nov 28 07:04:00 phirestalker sshd[93193]: input_userauth_request: invalid user cgi > Nov 28 07:04:00 phirestalker sshd[93193]: Received disconnect from 222.184.230.118: 11: Bye Bye > Nov 28 07:04:02 phirestalker sshd[93194]: Invalid user richie from 222.184.230.118 > Nov 28 07:04:02 phirestalker sshd[93195]: input_userauth_request: invalid user richie > Nov 28 07:04:02 phirestalker sshd[93195]: Received disconnect from 222.184.230.118: 11: Bye Bye > Nov 28 07:04:04 phirestalker sshd[93201]: Invalid user shirsh from 222.184.230.118 > Nov 28 07:04:04 phirestalker sshd[93204]: input_userauth_request: invalid user shirsh > Nov 28 07:04:04 phirestalker sshd[93204]: Received disconnect from 222.184.230.118: 11: Bye Bye > Nov 28 07:04:06 phirestalker sshd[93227]: Received disconnect from 222.184.230.118: 11: Bye Bye > Nov 28 07:04:08 phirestalker sshd[93234]: Received disconnect from 222.184.230.118: 11: Bye Bye > Nov 28 07:04:10 phirestalker sshd[93236]: Received disconnect from 222.184.230.118: 11: Bye Bye > Nov 28 07:04:12 phirestalker sshd[93237]: Invalid user system from 222.184.230.118 > Nov 28 07:04:12 phirestalker sshguard[11459]: Blocking 222.184.230.118:4 for >630secs: 40 danger in 4 attacks over 12 seconds (all: 40d in 1 abuses over 12s). > Nov 28 07:04:12 phirestalker sshd[93238]: input_userauth_request: invalid user system > Nov 28 07:15:18 phirestalker sshguard[11459]: Command "/sbin/ipfw delete 55036" exited 69 > Nov 28 07:15:18 phirestalker sshguard[11459]: Release command failed. Exited: -1 > > it seems to block the person correctly but then tries and fails to unban them. In the unban it is using ipfw but from what I understand lion has switched to pf. A pf.conf is present and filled with things that seem to correlate with the system firewall. The funny thing is ipfw seems to be present as well but non-functional as I had fail2ban installed before and it said it was blocking and the IPs continued to hammer ssh. I have NO idea what is going on, I have found no reference to config files for sshguard in the documentation so how can I get it to use pf instead even though it is on mac and thinks it should use ipfw? > > Thanks > ------------------------------------------------------------------------------ > Keep yourself connected to Go Parallel: > TUNE You got it built. Now make it sing. Tune shows you how. > http://goparallel.sourceforge.net > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
