Menu
▾
▴
Re: [Sshguard-users] Failed password attempts
|
From: Forrest A. <fo...@fo...> - 2007-11-01 14:11:38
|
I'm not sure how this applies to my question, as I have syslog working just fine on my system (FreeBSD). The FreeBSD systems use a modern syslog. This log below is from /var/log/auth.log, which is where all of SSH's entries go. I just felt that sshguard should pick up on this (or be tunable to do so, since Linux has a "faillog" subsystem which can lock out at the login: prompt) _F Mij wrote: > forrest, > > You know that syslog has the capability to dispatch logs depending on > rules, not > only deterministically to one same file. > Please follow the instructions on http://sshguard.sourceforge.net/doc/ > setup/setup.html > and particularly, for the syslog setup, follow the "Older flavour setup" > > > On 31/ott/07, at 17:05, Forrest Aldrich wrote: > > >> It seems reasonable that sshguard should be able to detect failed >> password attempts, too. I realize there is "faillog" on Linux >> systems >> for that, but not on FreeBSD. My system log was jammed with over >> 1000 of >> these entries from last night: >> >> Oct 31 10:03:22 gw sshd[55652]: Failed password for root from >> 213.186.38.84 port 53650 ssh2 >> Oct 31 10:03:23 gw sshd[55654]: Failed password for root from >> 213.186.38.84 port 44049 ssh2 >> Oct 31 10:03:24 gw sshd[55656]: Failed password for root from >> 213.186.38.84 port 49587 ssh2 >> Oct 31 10:03:25 gw sshd[55658]: Failed password for root from >> 213.186.38.84 port 41421 ssh2 >> Oct 31 10:03:25 gw sshd[55660]: Failed password for root from >> 213.186.38.84 port 36564 ssh2 >> Oct 31 10:03:26 gw sshd[55662]: Failed password for root from >> 213.186.38.84 port 35111 ssh2 >> Oct 31 10:03:27 gw sshd[55664]: Failed password for root from >> 213.186.38.84 port 49382 ssh2 >> >> >> >> >> ---------------------------------------------------------------------- >> --- >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a >> browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> _______________________________________________ >> Sshguard-users mailing list >> Ssh...@li... >> https://lists.sourceforge.net/lists/listinfo/sshguard-users >> > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Sshguard-users mailing list > Ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > |
