Menu
▾
▴
Re: [Sshguard-users] I can't get it to work.
|
From: Mij <mi...@bi...> - 2007-03-14 09:31:45
|
> Hi all.
>
> I installed sshguard on Open suse. by
>
> ./configure --prefix=/usr --with-firewall=iptables
>
> make
>
> su - root
>
> make install
>
> i add
> iptables -N sshguard
> iptables -A INPUT -p tcp --dport 22 -j sshguard
this is correct
> chmod +s /usr/sbin/sshguard
please don't make sshguard setuid. Besides being useless, this is very
lame and dangerous. A local user could simply run sshguard and feed it
some crafted lines of text with arbitrary IP addresses and make the
machine block them. This is a major mistake.
> then i edit
>
> /etc/syslog-ng/syslog-ng.conf
>
>
> concatenate
>
> filter sshlogs { facility(authpriv) and match(ssh); };
> destination sshguardproc { program("/usr/sbin/sshguard"); };
> log { source(src); filter(sshlogs); destination(sshguardproc); };
>
> killall -HUP syslog-ng
this is correct
> ln -s /usr/sbin/ip* /sbin/
not idea what this orrible thing should serve for :)
> then i ssh with the wrong password 3 times and it does sshguard does not
start automatically nor it blocks ip. I started sshguard manually with
-a 2
> -p 3& and it starts but it does not block ips.
sshguard detects attackers by analyzing log entries it's given in its
standard input. If it's not started by syslog-ng, the problem is in
syslog-ng configuration. But for spotting this problem, just try to run
sshguard manually like this (as root!):
tail -n0 -F /var/log/auth.log | /usr/sbin/sshguard
replace auth.log with the file in which sshd logs to, find it with:
cd /var/log
grep -rl 'sshd\[' .
> After i tried it on a redhat 3.0 AS test server. with a few variations
to the configuration but again it did not start the sshguard nor it
blocked the
> ip.
>
> Did i missed anything on the configuration?
>
> Any help is appreciated.
Please try to run sshguard as said above, try some logins as non-existent
user for example, and report what happens.
>
>
> Giovanni
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
>
|
