Menu
▾
▴
Re: [Sshguard-users] I can't get it to work.
|
From: Mij <mi...@bi...> - 2007-03-16 19:15:38
|
On 2007-03-16 16:28:03 +0100 Kuroro <inf...@gm...> wrote:
> On open suse 10.2 i ran configure --prefix=/usr
> --with-firewall=iptables
> made the changes in fwalls/command.h file from /sbin/ to
> /usr/sbin
> make && make install
> i added
> iptables -N sshguard
> iptables -A INPUT -p tcp --dport 22 -j sshguard
> then i ran
> tail -n0 -f /var/log/messages | /usr/sbin/sshguard &
>
> ssh from another machine to the opensuse 10.2 box and it blocked
> the
> ip.
>
> The only issue now on the redhat machine and the open suse computer is
> setting up syslog to fire up sshguard when it a login is attempted
> from ssh
>
> I tried the adding the settings in your readme file but it did not
> work on
> redhat nor opensuse
>
> OpenSuse uses syslog-ng while redhat uses syslog.conf
>
> On openSuse i added the settings as in the documentation
> filter sshlogs { facility(authpriv) and match(ssh); };
> destination sshguardproc { program("/usr/sbin/sshguard"); };
> log { source(src); filter(sshlogs); destination(sshguardproc); };
By default ssh logs with facility LOG_AUTH, not authpriv, so I don't
know why I suggested this. A correct one is instead
filter sshlogs { facility(auth, authpriv) and match("ssh"); };
[...]
I will fix this suggestion in the README file in the next release
> and on red hat
> # The authpriv file has restricted access.
> authpriv.*
> /var/log/secure
>
> authpriv.* |exec
> /usr/sbin/sshguard
Same here (with the exception that the suggestion is correct for this
one :) ),
so use instead
auth.*;authpriv.* | exec /usr/sbin/sshguard
Please try these and feel free to write in if they still do not work.
bye
> Both did not work, however both work when i run them manually on
> redhat
> tail -n0 -f /var/log/secure | /usr/sbin/sshguard &
> and on opensuse
> tail -n0 -f /var/log/message | /usr/sbin/sshguard &
>
> Keep up the good work
>
> Giovanni
|
