Menu
▾
▴
Re: [Sshguard-users] Problem with blocking "strings" not being IPs
|
From: Peter V. <sku...@gm...> - 2014-11-14 20:09:15
|
Hi Kevin,
thanks for quick reply. Running syslog-ng version 3.1.3-3.
filter sshlogs { facility(auth, authpriv) and not match("sshguard"
value("MESSAGE")); };
destination sshguardproc {
program("/usr/sbin/sshguard -w <some_IP>/24"
log { source(s_src); filter(sshlogs); destination(sshguardproc); };
No other [white,black]listing.
On Fri, Nov 14, 2014 at 9:02 PM, Kevin Zheng <kev...@gm...> wrote:
> Hi Peter,
>
> On 11/14/2014 13:51, Peter Viskup wrote:
> > anybody seeing/saw similar messages? Once this occur the SSH isn't
> > accessible at least our Zabbix monitoring reporting that.
> >
> > Jun 4 21:31:43 server sshguard[8003]: Releasing <B0><EB><C0>^A after
> 1372366479 seconds.
> > Jun 4 21:31:43 server sshguard[8003]: Setting environment:
> SSHG_ADDR=4;SSHG_ADDRKIND=4;SSHG_SERVICE=100.
> > Jun 4 21:31:43 server sshguard[8003]: Run command "case $SSHG_ADDRKIND
> in 4) exec /sbin/iptables -D sshguard -s $SSHG_ADDR -j DROP ;;
> > 6) exec /sbin/ip6tables -D sshguard -s $SSHG_ADDR -j DROP ;; *) exit -2
> ;; esac": exited 1.
> > Jun 4 21:31:43 server sshguard[8003]: Release command failed. Exited: -1
>
> This sounds like SSHGuard picking up some invalid IP addresses and
> passing them on. Are you using Log Sucker or syslog?
>
> Additionally, something could have been happening with the blacklist
> database. What whitelist/blacklist settings are you using?
>
> Thanks,
> Kevin Zheng
>
> --
> Kevin Zheng
> kev...@gm... | ke...@kd... | PGP: 0xC22E1090
>
>
> ------------------------------------------------------------------------------
> Comprehensive Server Monitoring with Site24x7.
> Monitor 10 servers for $9/Month.
> Get alerted through email, SMS, voice calls or mobile push notifications.
> Take corrective actions from your mobile device.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
>
|
