Menu
▾
▴
[SSHGuard-users] sshguard on trunk with debian
|
From: jungle B. <jun...@gm...> - 2016-12-08 18:12:19
|
Hi All, First, I don't know how to determine the version of sshguard I'm currently running, but I compiled it from master on the 5th. So it's a version from around that time. It looks like this latest version now includes a config file: https://bitbucket.org/sshguard/sshguard/src/1fcd467b78ea5a4ddcba6efb3920cea860839e31/examples/sshguard.conf.sample?at=master&fileviewer=file-view-default and a service file: https://bitbucket.org/sshguard/sshguard/src/1fcd467b78ea5a4ddcba6efb3920cea860839e31/examples/sshguard.service?at=master&fileviewer=file-view-default I have the service running and it's using that file: 1324 ? Ss 0:00 /bin/sh /usr/local/sbin/sshguard -w /etc/sshguard.whitelist -l /var/log/auth.log -b 60:/var/db/sshguard/blacklist.db 1325 ? S 0:00 /bin/sh /usr/local/sbin/sshguard -w /etc/sshguard.whitelist -l /var/log/auth.log -b 60:/var/db/sshguard/blacklist.db (don't quite know why I have two running instances) However, it's not actively blocking traffic and the /var/db/sshguard directory doesn't exist. iptables: -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N sshguard -A INPUT -p tcp -m tcp --dport 22 -j sshguard Any suggestions on what I should do to have sshugard read the /var/log/auth.log and start blocking? Thanks! -- ------- inum: 883510009027723 sip: jun...@si... |
