Menu
▾
▴
Re: [SSHGuard-users] BLACKLIST_FILE
|
From: Kevin Z. <kev...@gm...> - 2017-01-08 18:59:44
|
On 01/06/17 20:55, Doug Niven wrote: > Thanks for your help getting SSHGuard working for me last weekend in > MacOS Sierra, it’s working well. Glad to hear. > I do see the following in the .conf file, which I’ve uncommented: > > # Colon-separated blacklist threshold and full path to blacklist > file. # (optional, no default) > BLACKLIST_FILE=90:/usr/local/etc/blacklist > > However, on all of our machines, the blacklist remains empty and > untouched. Am I missing a step to make this work? These machines get > hammered pretty hard, and even in my testing with SSH Brute Enforcer > (https://github.com/R4stl1n/SSH-Brute-Forcer) I don’t see any changes > to this file. I'm not sure what's going on here. If you look at SSHGuard's own log messages, do you ever see 'blocking [address] forever'? > Also: if I manually add an IP or range to the blacklist, will this > also be sent to PF somehow? No. SSHGuard will only read the blacklist file when you restart it. It blocks everything in the blacklist at startup. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
