Menu
▾
▴
Re: [SSHGuard-users] OpenSMTPD and SSHGuard?
|
From: Kevin Z. <kev...@gm...> - 2018-05-26 16:58:16
|
On 05/26/2018 08:38, Júlio Maranhão wrote:
> On 25 May 2018 at 14:38, Kevin Zheng <kev...@gm...> wrote:
>>
>> An older version of SSHGuard is available on OpenBSD:
>>
>> security/sshguard
>>
>> SSHGuard does not recognize log messages from OpenSMTPD.
>
> In your (members) opinion, is SSHGuard mature? I.e., is it done for
> what it does propose/declare in the website (few bugs)?
Being completely biased, I would say so.
The code is separated into well-defined components with well-defined
interfaces. In fact, the recent changes that updated attack signatures
have only changed one binary ('sshg-parser'). You could even write your
own sshg-parser and continue to use the rest of SSHGuard as-is.
Both the blocker ('sshg-blocker') and parser ('sshg-parser') logic work
with minimal privileges. While I still had OpenBSD to test on, both
pledge "dns" and "stdio". I'd be happy to help you update this.
> Sorry for these questions. I am only used to a python-based software
> and Linux. I need to assess the OpenBSD + Dovecot + OpenSMTPD +
> SSHGuard. Your anwer is clear: no go.
>
> What about Postfix instead of OpenSMTPD?
I think it's better to choose the SMTPD you want. I would be confident
running OpenSMTPD without SSHGuard, but would still install SSHGuard to
reduce the amount of log noise.
We do recognize some SASL login errors from Postfix, but most likely
they need to be updated or expanded, as well.
> P.S.: Interesting C/yacc code. If the only problem is OpenSMTPD and
> low interest/priority, I am willing to work it.
I'd be happy to help take a look at adding OpenSMTPD signatures.
--
Kevin Zheng
kev...@gm... | ke...@be... | PGP: 0xC22E1090
|
