Menu
▾
▴
Re: [SSHGuard-users] Flush Blacklist
|
From: Kevin Z. <kev...@gm...> - 2016-08-04 20:33:52
|
On 08/04/2016 13:04, mai...@ne... wrote: > Right now I am not able to delete IP addresses from the blacklist. I > already deleted the sshguard database at > /var/db/sshguard/blacklist.db and I flushed the pf table „sshguard“. > The problem is that as soon as I restart the sshguard service via > „service sshguard restart“ it seems to be that sshguard inspect the > old log file again and add the same old ip addresses to the database > which leads to blocking the old ip addresses I deleted before. I remember this bug has come up before. What version of SSHGuard are you using? I suspect it's a bug that's since been fixed in LogSuck. You can work around this issue until the next release by piping the logs to SSHGuard (e.g. tail -F -n 0 /var/log/auth.log | sshguard ...). > The suspect thing is that the blacklist is used even I didn’t set any > parameter in the rc.conf. Yes, the FreeBSD rc.d script (/usr/local/bin/rc.d/sshguard) enables blacklisting by default. > Is there any official way to permanent delete some IP addresses from > the blacklist without manipulating the system log ? No, because the behavior you're reporting is a bug :) SSHGuard *should* never read log entries that came before it started. Thanks, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
