Menu
▾
▴
Re: [SSHGuard-users] More debugging output
|
From: Kevin Z. <kev...@gm...> - 2018-09-27 15:25:39
|
On 9/27/18 2:55 AM, Frank Steiner wrote: > Hi, > > just a little proposal for an improvment: trying to figure out why certain > actions get the matches/score they do, it would be very helpful if the > "Attack from..." messages could contain the rule that matched. Like > "Attack from xxx on service 100 (SSH_MAXAUTH) with danger.." > > I had to patch that myself to figure out why so many rules matched > for my ssh, but I just added stupid print statements in attack_scanner.c, > so I cannot offer a valid patch for this. Have you tried running sshg-parser in libexec? The output is currently a bit cryptic, but it'll tell you which rule was matched. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
