Menu
▾
▴
Re: [SSHGuard-users] sshguard on trunk with debian
|
From: Daniel A. <co...@da...> - 2016-12-09 00:19:04
|
On Thu, Dec 8, 2016, at 19:12, jungle Boogie wrote: > Hi All, > > First, I don't know how to determine the version of sshguard I'm > currently running, but I compiled it from master on the 5th. So it's a > version from around that time. You’re running an experimental build from the master branch that hasn’t been released . So there is no version number to refer to other than the latest git commit hash of the master branch when you built it. December 5th? Then your version is master/ff69989. > It looks like this latest version now includes a config file: > https://bitbucket.org/sshguard/sshguard/src/1fcd467b78ea5a4ddcba6efb3920cea860839e31/examples/sshguard.conf.sample?at=master&fileviewer=file-view-default > > and a service file: > https://bitbucket.org/sshguard/sshguard/src/1fcd467b78ea5a4ddcba6efb3920cea860839e31/examples/sshguard.service?at=master&fileviewer=file-view-default You should set your configuration in the config file instead of in the service file. I’ve removed the switches from the example service file to encourage people to use the configuration file instead. (Making changes to the service file shouldn’t be necessary for anyone but distribution package maintainers.) https://bitbucket.org/sshguard/sshguard/pull-requests/17 > I have the service running and it's using that file: > 1324 ? Ss 0:00 /bin/sh /usr/local/sbin/sshguard -w > /etc/sshguard.whitelist -l /var/log/auth.log -b > 60:/var/db/sshguard/blacklist.db > 1325 ? S 0:00 /bin/sh /usr/local/sbin/sshguard -w > /etc/sshguard.whitelist -l /var/log/auth.log -b > 60:/var/db/sshguard/blacklist.db > > (don't quite know why I have two running instances) How did you start it? and under which distro? > However, it's not actively blocking traffic and the /var/db/sshguard > directory doesn't exist. That would be because the -l option doesn’t exist. At least, I’ve never seen it before and I can’t find it anywhere but in the example service file. You should add the log files you want to monitor to the FILES option in the configuration file. Move the other options there too, it should be easier to maintain that way. > iptables: > -P INPUT ACCEPT > -P FORWARD ACCEPT > -P OUTPUT ACCEPT > -N sshguard > -A INPUT -p tcp -m tcp --dport 22 -j sshguard > > > Any suggestions on what I should do to have sshugard read the > /var/log/auth.log and start blocking? I do believe the issue is that SSHGuard isn’t monitoring any log files because of the aforementioned configuration issue. -- Daniel Aleksandersen https://www.slightfuture.com/ |
