Re: [Sshguard-users] sshguard won't work on debian or ubuntu

[Robert S <rob...@gm...>]

> There are 2 basic kinds of attack: invalid user or invalid password.
> The former is recognized on your system, the latter is not. There is
> a parser attached that recognizes these logs. It has been integrated
> in 1.1beta3.
>
> You can simply copy these files in a clean sshguard-1.0 package
> (directory "src") and then run:
>
> cd src
> bison -vd attack_parser.y
> flex attack_scanner.l
>
> then recompile and reinstall.
>

Hi.  Many thanks.  That seems to work.  I've done a debian startup
script that seems to do the job.  I hope it helps somebody:

#! /bin/sh
### BEGIN INIT INFO
# Provides:          sshguard
# Required-Start:    $syslog
# Required-Stop:     $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Sshguard initscript
# Description:       This file should be used to construct scripts to be
#                    placed in /etc/init.d.
### END INIT INFO
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="ssh guard service"
NAME=sshguard
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
WHITELIST=/etc/sshguard.whitelist
LOG=/var/log/auth.log
. /lib/init/vars.sh
. /lib/lsb/init-functions
function startGuard {
    [ -e $WHITELIST ] && ARGS="-w $WHITELIST"
    sh -c "echo \$\$ > $PIDFILE && exec tail -n0 -f $LOG" |
/usr/local/sbin/sshguard $ARGS
    return $?
    }

do_start()
{
    [ -e $PIDFILE ] && return 1
    iptables -N sshguard
    iptables -I INPUT 1 -p tcp --dport 22 -j sshguard
    ip6tables -N sshguard
    ip6tables -A INPUT -p tcp --dport 22 -j sshguard
    startGuard &
    [ 0 -ne $? ] && return 2 || return 0
}
do_stop()
{
    kill `cat $PIDFILE`
    RETVAL=$?
    sleep 1
    iptables -D INPUT -p tcp --dport 22 -j sshguard
    iptables -F sshguard
    iptables -X sshguard
    ip6tables -D INPUT -p tcp --dport 22 -j sshguard
    ip6tables -F sshguard
    ip6tables -X sshguard
	rm -f $PIDFILE
	return "$RETVAL"
}
case "$1" in
  start)
	log_daemon_msg "Starting $DESC" "$NAME"
	do_start
	case "$?" in
		0|1)	log_end_msg 0 ;;
		2) 	log_end_msg 1 ;;
	esac
	;;
  stop)
	log_daemon_msg "Stopping $DESC" "$NAME"
	do_stop
	case "$?" in
		0|1)	log_end_msg 0 ;;
		2)	log_end_msg 1 ;;
	esac
	;;
  restart|force-reload)
	log_daemon_msg "Restarting $DESC" "$NAME"
	do_stop
	case "$?" in
	  0|1)
		do_start
		case "$?" in
			0) log_end_msg 0 ;;
			1) log_end_msg 1 ;; # Old process is still running
			*) log_end_msg 1 ;; # Failed to start
		esac
		;;
	  *)
	  	# Failed to stop
		log_end_msg 1
		;;
	esac
	;;
  *)
	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
	exit 3
	;;
esac