Menu
▾
▴
Re: [SSHGuard-users] sshguard restart loop when using syslogd
|
From: Kevin Z. <kev...@gm...> - 2016-05-11 18:42:02
|
On 05/09/2016 23:42, Jef Poskanzer wrote: > I'm sure that would fix the restart looping, as I suggested in my > initial message. At the moment I can't start using the rc.d script > for other reasons, which actually could be considered a bug in > sshguard. Ok, since you asked so nicely I'll explain. My auth.log > doesn't get much traffic and hasn't been rotated in years. When > sshguard starts up it reads the whole file, sees all of my own > logins happening at the current instant, and marks me as an > attacker. It may have something to do with syslog lines not > including the year - maybe sshguard parses the yearless timestamps > past today's date as being in the future? SSHGuard should certainly not be reading your entire auth.log at startup. What version of SSHGuard are you using? Are you just using the standard invocation from rc.d (no other options set)? > There's already a note in http://www.sshguard.net/docs/setup/ about > syslogd terminating and restarting sshguard, although it's not > completely accurate. If the devs don't want to lower the log level > of the exiting messages to LOG_DEBUG to prevent the restarting, > then perhaps just correct this note and add the "!-sshguard" > tweak I worked out. A doc change is always easier than a code > change right? Could you clarify which part is inaccurate? I'd like to fix it ASAP. Thanks, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
