[Sshguard-users] blacklisting IPs that are whitelisted

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I have my home fixed IP set int he whitelist or sshguard but when I was unable to login to the server remotely this weekend, I discovered that that IP had been added to the top of /etc/hosts.allow with a DENY.

when running, sshgiard shows up:

/usr/local/sbin/sshguard -b 40:/var/db/sshguard/blacklist.db -l /var/log/auth.log -l /var/log/maillog -a 40 -p 420 -s 1200 -w /usr/local/etc/sshguard.whitelist -i /var/run/sshguard.pid

/usr/local/etc/sshguard.whitelist contains IP addresses, one per line:

230.240.250.260
230.240.250.261
260.1.2.5
etc

I just started up sshguard and again, it blacklisted my IP.

$ head -3 /etc/hosts.allow 
###sshguard###
ALL : 230.240.250.260 : DENY
###sshguard###
$ cat /usr/local/etc/sshguard.whitelist 
230.240.250.260
230.240.250.261
260.1.2.5

(obviously those are not real IPs, but the two IPs *are* identical)

-- 
Realizing the importance of the case, my men are rounding up twice the
usual number of suspects.

[Sshguard-users] blacklisting IPs that are whitelisted

Intelligently block brute-force attacks by aggregating system logs

[Sshguard-users] blacklisting IPs that are whitelisted