Menu
▾
▴
Re: [SSHGuard-users] Multiple instances of sshguard on startup
|
From: Kevin Z. <kev...@gm...> - 2018-01-05 02:36:04
|
On 01/04/2018 13:26, John Haynes wrote: > When I start sshguard, like this: >> sudo ./sshguard -l /var/log/auth.log > > it seems that three separate sshguard processes are spawned: >> ps -A | grep sshg > 1486 pts/1 00:00:00 sshguard > 1487 pts/1 00:00:00 sshguard > 1488 pts/1 00:00:00 sshg-parser > 1489 pts/1 00:00:00 sshg-blocker > 1491 pts/1 00:00:00 sshguard > 1492 pts/1 00:00:00 sshg-fw-hosts > > Is this normal? Everything seems to be working, but I'm perplexed as to > how three instances are started. (Unless this is intentional, in which > case there's nothing to see here...) This is normal. The 'sshguard' processes are actually subshells spawned when you started 'sshguard' (it's a shell script). All the actual work is being done in a pipeline from the logs -> sshg-parser -> sshg-blocker -> sshg-fw-hosts. I don't see a sshg-logtail in this list; are you piping logs to SSHGuard? That has caused problems for other users in the past so we discourage it. > The following may or may not not be related, but I also had to change > the first non-comment line of the sbin/sshguard script from: > trap "trap - SIGTERM && kill 0" SIGINT SIGTERM EXIT > to: > trap "trap - TERM && kill 0" INT TERM EXIT > to avoid the following error on starting or interrupting the script: > trap: SIGTERM: bad trap That's a bug. I've fixed it in 2ed7e0a which will make it into the next release. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
