Menu
▾
▴
Re: [SSHGuard-users] SSHGuard not working in MacOS 10.12 (Sierra)
|
From: Kevin Z. <kev...@gm...> - 2017-01-02 05:20:19
|
Hi Doug, On 01/01/2017 21:44, Doug Niven wrote: > I’m pretty sure SSHGuard is unable to work in MacOS 10.12 (Sierra) > because of how Apple recently changed logging in this new OS upgrade. > No longer are failed SSH logins recorded in /var/log/system.log or > any other system log file, because Apple has moved to “unified > logging”. Thanks for the report. > A Terminal command like the following will show some of the > information we’re after, but I’m not sure how this would need to be > incorporated into SSHGuard to allow it to work as before: > > % log show --predicate '(eventMessage CONTAINS "maximum > authentication attempts exceeded")' --style syslog —info Now, will this command be like `tail` and give us a pipe with new messages like they come in, or like dmesg and just give us a view of the buffer? > If anyone has any suggestions or ideas please let me know, since I’m > a big fan of SSHGuard and would to have it work in Sierra. This sounds a bit like the situation with journalctl on Linux. This is being solved by piping journalctl output to SSHGuard (see commit edd8414 in what will become 2.0). Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
