Menu
▾
▴
[Sshguard-users] sshguard failing on Mavericks
|
From: Todd L. <lo...@gm...> - 2014-09-05 21:50:10
|
Hello folks,
I build and installed the macports version of sshguard using pf. There
appears to be some error in the parsing of the syslog, and sshguard appears
to be unable to even detect an ongoing attack. Running it in debug mode
produces the following output:
Starting parse
Entering state 0
Reading a token: --accepting rule at line 112 ("Sep 5 17:31:06 lion.local
launchservicesd[56]: ")
Next token is token SYSLOG_BANNER_PID ()
Shifting token SYSLOG_BANNER_PID ()
Entering state 1
Reading a token: --accepting rule at line 222 ("Application")
Next token is token WORD ()
Error: popping token SYSLOG_BANNER_PID ()
Stack now 0
Cleanup: discarding lookahead token WORD ()
Stack now 0
Checking to refresh sources...
Refreshing sources showed 0 changes.
Start polling.
Searching for fd 4 in list.
Starting parse
Entering state 0
Reading a token: --accepting rule at line 112 ("Sep 5 17:31:06 lion.local
WindowServer[136]: ")
Next token is token SYSLOG_BANNER_PID ()
Shifting token SYSLOG_BANNER_PID ()
Entering state 1
Reading a token: --accepting rule at line 226 ("[")
Next token is token '[' ()
Error: popping token SYSLOG_BANNER_PID ()
Stack now 0
Cleanup: discarding lookahead token '[' ()
Stack now 0
Checking to refresh sources...
Refreshing sources showed 0 changes.
Start polling.
- any suggestion on how I can begin to debug this issue would be greatly
appreciated.
-thanks!
|
