From: Robert S <rob...@gm...> - 2007-07-03 21:20:01
|
> There are 2 basic kinds of attack: invalid user or invalid password. > The former is recognized on your system, the latter is not. There is > a parser attached that recognizes these logs. It has been integrated > in 1.1beta3. > > You can simply copy these files in a clean sshguard-1.0 package > (directory "src") and then run: > > cd src > bison -vd attack_parser.y > flex attack_scanner.l > > then recompile and reinstall. > Hi. Many thanks. That seems to work. I've done a debian startup script that seems to do the job. I hope it helps somebody: #! /bin/sh ### BEGIN INIT INFO # Provides: sshguard # Required-Start: $syslog # Required-Stop: $local_fs $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Sshguard initscript # Description: This file should be used to construct scripts to be # placed in /etc/init.d. ### END INIT INFO PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC="ssh guard service" NAME=sshguard PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME WHITELIST=/etc/sshguard.whitelist LOG=/var/log/auth.log . /lib/init/vars.sh . /lib/lsb/init-functions function startGuard { [ -e $WHITELIST ] && ARGS="-w $WHITELIST" sh -c "echo \$\$ > $PIDFILE && exec tail -n0 -f $LOG" | /usr/local/sbin/sshguard $ARGS return $? } do_start() { [ -e $PIDFILE ] && return 1 iptables -N sshguard iptables -I INPUT 1 -p tcp --dport 22 -j sshguard ip6tables -N sshguard ip6tables -A INPUT -p tcp --dport 22 -j sshguard startGuard & [ 0 -ne $? ] && return 2 || return 0 } do_stop() { kill `cat $PIDFILE` RETVAL=$? sleep 1 iptables -D INPUT -p tcp --dport 22 -j sshguard iptables -F sshguard iptables -X sshguard ip6tables -D INPUT -p tcp --dport 22 -j sshguard ip6tables -F sshguard ip6tables -X sshguard rm -f $PIDFILE return "$RETVAL" } case "$1" in start) log_daemon_msg "Starting $DESC" "$NAME" do_start case "$?" in 0|1) log_end_msg 0 ;; 2) log_end_msg 1 ;; esac ;; stop) log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) log_end_msg 0 ;; 2) log_end_msg 1 ;; esac ;; restart|force-reload) log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 exit 3 ;; esac |