Menu
▾
▴
Re: [SSHGuard-users] Issue restarting sshguard
|
From: Burton S. <Bu...@Bu...> - 2017-01-18 23:27:47
|
When you run ./configure it creates sshg-fw.sh from the skeleton and whichever fw type you picked. Look in src/fwalls for the scripts.
If my iptables setup isn't having flush called, it's likely your's isn't either. Have to look in the sshguard.c source for the call to flush to see what conditions bypass it.
OK...
fw_flush is in finisher() which is called at the end of the program via atexit().
IF it is called,
static void finishup(void) {
sshguard_log(LOG_INFO, "Exiting on %s",
exit_sig == SIGHUP ? "SIGHUP" : "signal");
if (fw_flush() != FWALL_OK) {
sshguard_log(LOG_ERR, "fw: failed to flush blocked addresses");
}
So you would see the log message and then if the flush failed the 2nd message. I'm not seeing it. Next step would be to instrument the called code and log the call to the script and the chain at the end.
-----Burton
-----Original Message-----
From: li...@la... [mailto:li...@la...]
Sent: Wednesday, January 18, 2017 2:39 PM
To: Kevin Zheng <kev...@gm...>; BSt...@ac...; ssh...@li...
Subject: Re: [SSHGuard-users] Issue restarting sshguard
A funny thing about sshguard on FreeBSD IPFW is table 22 isn't flushed ever as far as I can tell. When I do a reboot, the table is still there. In fact, I'd like to know how that is done. The tables I create with scripts need to be created after booting.
I'm still on 1.7. I had done some program updates a few days ago and made the VPS lose networking, though it was working after the updates. I only discovered the issue after booting after a backup. A good thing I had two images!
Original Message
From: Kevin Zheng
Sent: Wednesday, January 18, 2017 10:30 AM
To: BSt...@ac...; ssh...@li...
Subject: Re: [SSHGuard-users] Issue restarting sshguard
On 01/18/17 03:45, Burton Strauss wrote:
> If sshguard shuts down other than cleanly, and you restart it, the
> blocklist rules get doubled.
>
> Does it hurt anything to add a flush command first? For iptables it
> would be:
In 1.7, if SSHGuard exits cleanly it should issue a 'flush' command before exiting. In 2.0, sshg-blocker sets 'flushonexit' and sshg-fw flushes before exiting.
What version are you using? What backend are you using? If you're able to, does 2.0 fix your issue?
Best,
Kevin
--
Kevin Zheng
kev...@gm... | ke...@be... | PGP: 0xC22E1090
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________
sshguard-users mailing list
ssh...@li...
https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
