Menu
▾
▴
[SSHGuard-users] Can't Get it to work
|
From: Bob W. <bob...@ed...> - 2018-06-25 20:53:05
|
I have sshguard version 2.1.0 installed on Devuan 2.0 (a debian variant without systemd). I am running sshd under daemon tools and using multilog, but auth.log also registers failed attempts. I have also set up sshguard to run under daemontools. Here is my run script: > #!/bin/sh > > export SSHGUARD_DEBUG=1 > exec 2>&1 > exec /usr/local/sbin/sshguard I have tried configuring the sshgaurd.conf file to watch auth.log or the sshd multilog which I put in /var/log/sshd/current. In the /usr/local/etc/sshguard.conf file I set the FILE variable to /var/log/sshd/current. When I run sshgaurd, the output is this: > trap: SIGINT: bad trap > sshguard[16082]: whitelist: add IPv4 block: 127.0.0.0 with mask 8. > sshguard[16082]: whitelist: add '127.0.0.1' as plain IPv4. > sshguard[16082]: whitelist: add plain IPv4 127.0.0.1. > sshguard[16082]: Now monitoring attacks. > Chain INPUT (policy DROP) > target prot opt source destination > sshguard all -- 0.0.0.0/0 0.0.0.0/0 > ACCEPT all -- 127.0.0.1 127.0.0.1 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 3 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 11 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8 > ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 0 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8095 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 > > Chain FORWARD (policy DROP) > target prot opt source destination > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > Chain sshguard (1 references) > target prot opt source destination But when I try to login with bad password sshguard does not seem to recognize it. There is nothing in the sshguard log. What am I doing wrong?? -- Bob Wooldridge EDM Incorporated http://www.edm-inc.com |
