Menu
▾
▴
Re: [Sshguard-users] confused about what to expect
|
From: Emmanuel <el...@ms...> - 2016-01-21 19:46:23
|
> To: ssh...@li... > From: kev...@gm... > Date: Thu, 21 Jan 2016 11:38:52 -0800 > Subject: Re: [Sshguard-users] confused about what to expect > > On 01/21/2016 10:51, Emmanuel wrote: > > I run sshguard without any flags so far. sending journalctl data to it with > > > > /bin/sh -c 'journalctl --no-pager -q -f -t sshd | sed -u > > "s/\\[[0-9]*\\]//" | docker run -i --name sshguard --rm --net=host > > --privileged mischief/sshguard:1.6.0' > > > > the 'sed' part is meant to strip the PID info as I understand sshguard > > tries to match PIDs but CoreOS uses inetd sshd and sshguard would reject > > that > > I've never run SSHGuard using systemd(8) before, so I won't be much help > there. You've made sure that the logs are coming out of the pipe? Out of the Pipe to SSHGUARD, YES!Then I'm not sure how I can check what sshguard does or gets > > Prior I have set: > > /usr/sbin/iptables -D INPUT -j sshguard > > /usr/sbin/ip6tables -D INPUT -j sshguard > > /usr/sbin/iptables -A INPUT -j sshguard > > /usr/sbin/ip6tables -A INPUT -j sshguard > > > > I would expect sshguard to create iptables rules, but I don't see any > > even though my journalctl logs show attacks happening. > > I would like to know: > > > > *1) what should the rules look like?* > > Not sure (as I don't run iptables). I'm sure someone on this list knows. > > > *2) How is the 'score' calculated? I see the default is 40, but what > > does 40 equate to in terms of number of attempts etc?* > > Each attempt (currently) adds a score of 10. The default is to block an > address when the score reaches 40 (4 attacks).OK thanks! > > > *3) Does sshguard logs banned addresses somewhere?* > > SSHGuard logs what it does to syslog. Is there any way to redirect this to stdout for example? > > Best, > Kevin > > -- > Kevin Zheng > kev...@gm... | ke...@kd... | PGP: 0xC22E1090 > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
