Re: [SSHGuard-users] Call for testing and feedback for SSHGuard 2.0

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Mon, Jan 2, 2017, at 23:19, Kevin Zheng wrote:
> Hi there,
> 
> A lot of work to get SSHGuard working with new log sources (journalctl, 
> macOS log) and backends (firewalld, ipset) has happened in 2.0.
> 
> The new version also uses a configuration file.
> 
> Some deprecated backends have been resurrected (hosts, ipfilter).
> 
> Most importantly, SSHGuard has been split into several processes piped 
> into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). 
> sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be 
> sandboxed in its default configuration (without pid file, whitelist, 
> blacklisting) and has not been tested sandboxed in other configurations.
> 
> The sshguard program is now a driver script that glues everything 
> together. It's probably still a little fragile.
> 
> Some cleanup work remains. Documentation is also being updated.
> 
> I encourage package maintainers and people with suitable test 
> environments to give the new code a shot and provide feedback.

My Fedora 25 systems with a journalctl and firewalld setup seems quite
happy with everything, except the Ctrl+C error message I reported. That
issue is completely trivial, of course.

> The experimental code is available on SourceForge as 1.99.0 [1].
> 
> [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.99.0/
-- 
Daniel Aleksandersen
https://daniel.priv.no/

Re: [SSHGuard-users] Call for testing and feedback for SSHGuard 2.0

Intelligently block brute-force attacks by aggregating system logs

Re: [SSHGuard-users] Call for testing and feedback for SSHGuard 2.0