Menu
▾
▴
Re: [Sshguard-users] problem with mac osx lion
|
From: Bradley G. <pi...@ma...> - 2012-11-30 15:18:30
|
In MacPorts, we configure sshguard for Lion with: --with-pfctl=/sbin/pfctl --with-firewall=pf Regards, Bradley Giesbrecht (pixilla) On Nov 30, 2012, at 2:45 AM, Mij wrote: > Bradley noticed a few days ago that OS X Lion switched from IPFW to PF – It was about time! –. > If you use macports, they'll pick the right thing for you. > > -m > > > On Nov 28, 2012, at 18:43 , Neal Piche <bje...@gm...> wrote: > >> I have mac osx lion and I got an error message in my log, here is the relevant section: >> >> Nov 28 07:03:58 phirestalker sshd[93189]: Received disconnect from 222.184.230.118: 11: Bye Bye >> Nov 28 07:04:00 phirestalker sshd[93192]: Invalid user cgi from 222.184.230.118 >> Nov 28 07:04:00 phirestalker sshd[93193]: input_userauth_request: invalid user cgi >> Nov 28 07:04:00 phirestalker sshd[93193]: Received disconnect from 222.184.230.118: 11: Bye Bye >> Nov 28 07:04:02 phirestalker sshd[93194]: Invalid user richie from 222.184.230.118 >> Nov 28 07:04:02 phirestalker sshd[93195]: input_userauth_request: invalid user richie >> Nov 28 07:04:02 phirestalker sshd[93195]: Received disconnect from 222.184.230.118: 11: Bye Bye >> Nov 28 07:04:04 phirestalker sshd[93201]: Invalid user shirsh from 222.184.230.118 >> Nov 28 07:04:04 phirestalker sshd[93204]: input_userauth_request: invalid user shirsh >> Nov 28 07:04:04 phirestalker sshd[93204]: Received disconnect from 222.184.230.118: 11: Bye Bye >> Nov 28 07:04:06 phirestalker sshd[93227]: Received disconnect from 222.184.230.118: 11: Bye Bye >> Nov 28 07:04:08 phirestalker sshd[93234]: Received disconnect from 222.184.230.118: 11: Bye Bye >> Nov 28 07:04:10 phirestalker sshd[93236]: Received disconnect from 222.184.230.118: 11: Bye Bye >> Nov 28 07:04:12 phirestalker sshd[93237]: Invalid user system from 222.184.230.118 >> Nov 28 07:04:12 phirestalker sshguard[11459]: Blocking 222.184.230.118:4 for >630secs: 40 danger in 4 attacks over 12 seconds (all: 40d in 1 abuses over 12s). >> Nov 28 07:04:12 phirestalker sshd[93238]: input_userauth_request: invalid user system >> Nov 28 07:15:18 phirestalker sshguard[11459]: Command "/sbin/ipfw delete 55036" exited 69 >> Nov 28 07:15:18 phirestalker sshguard[11459]: Release command failed. Exited: -1 >> >> it seems to block the person correctly but then tries and fails to unban them. In the unban it is using ipfw but from what I understand lion has switched to pf. A pf.conf is present and filled with things that seem to correlate with the system firewall. The funny thing is ipfw seems to be present as well but non-functional as I had fail2ban installed before and it said it was blocking and the IPs continued to hammer ssh. I have NO idea what is going on, I have found no reference to config files for sshguard in the documentation so how can I get it to use pf instead even though it is on mac and thinks it should use ipfw? >> >> Thanks >> ------------------------------------------------------------------------------ >> Keep yourself connected to Go Parallel: >> TUNE You got it built. Now make it sing. Tune shows you how. >> http://goparallel.sourceforge.net >> _______________________________________________ >> Sshguard-users mailing list >> Ssh...@li... >> https://lists.sourceforge.net/lists/listinfo/sshguard-users > > > ------------------------------------------------------------------------------ > Keep yourself connected to Go Parallel: > TUNE You got it built. Now make it sing. Tune shows you how. > http://goparallel.sourceforge.net > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
