Menu
▾
▴
Re: [Sshguard-users] sshguard won't work on debian or ubuntu
|
From: Mij <mi...@bi...> - 2007-06-26 12:48:25
|
On 26/giu/07, at 13:50, Robert S wrote: > I have installed sshguard using the following with debian/etch (the > same occurs with ubuntu): > > ./configure --with-firewall=iptables --with-iptables=/sbin > make > make install > > I have used the recommended method for installation with syslog and > syslog-ng. In both cases sshguard won't start when I start > syslog/syslog-ng - ie, it does not appear in the system log or when I > do 'ps ax'. for the archives, mind a couple of things on this problem: 1) some older syslogd implementations do not support forwarding to external processes, and overwrite the binary with a FIFO; both debian 3.1 and ubuntu feisty are among them afaik. See http://sshguard.sourceforge.net/doc/setup/loggingsyslog.html 2) for syslogd, external procs are not started when syslogd is restarted, but at the first occurrence of a log for them. So, restart syslogd and try a ssh login before checking ps. > If I use the "tail" method I get the following, and > sshguard is not activated when a failed login occurs: > > # tail -n0 -F /var/log/auth.log | /usr/local/sbin/sshguard > /usr/local/sbin/sshguard: line 1: syntax error near unexpected > token `(' > /usr/local/sbin/sshguard: line 1: `Jun 25 07:37:56 etch sshd[10186]: > (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh > ruser= rhost=myhost.mydomain.com.au user=robert' > > This is strange, because when a failed login occurs, the following > appears in my logs (I have tried disabling PAM): > > Jun 27 07:41:27 myhost sshd[19437]: Failed password for robert from > 192.168.2.40 port 39753 ssh2 > Jun 27 07:41:28 myhost sshd[19437]: Failed password for robert from > 192.168.2.40 port 39753 ssh2 > Jun 27 07:41:30 myhost sshd[19437]: Failed password for robert from > 192.168.2.40 port 39753 ssh2 I am interested in your report. Could you please: 1) disable syslog config for sshguard 2) reinstall sshguard [[ these ones are for making sure no former problem 1) applies ]] 3) run sshguard from the command line as /usr/local/sbin/sshguard (add the "-d" argument if you're using 1.0-beta1) thanks > I have installed it on a gentoo machine and it works flawlessly. > > Does anybody know how to get this to work? > > ---------------------------------------------------------------------- > --- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users |
