Menu
▾
▴
Re: [SSHGuard-users] Log human-readable service IDs instead of numbers?
|
From: Ryan R. <rr...@ro...> - 2018-11-02 17:35:27
|
Kevin, It would be a normal programming decision to decide to take that info from a systems default "/etc/services" file which can be modified by a user or look to other databases. The decision to override or not override a local system administrators decisions about modifications that could be correct for common port names in services is one of the programming and process issues that are considered with your question. At least with FreeBSD that is the default file location "/etc/services". However, until some of the things about fingering are fixed in the default FreeBSD install in the hosts.allow file some are not going to be able to use that database of service numbers to common names. However, keep in mind. Those are just port numbers and can be easily faked so it's only helpful to some degree... Does OpenBSD and other distributions have similar inappropriate finger references in hosts.allow? Ryan On 11/2/2018 9:36 AM, Kevin Zheng wrote: > On 11/2/18 3:59 AM, Christopher Engelhard wrote: >> Hi, >> currently, SSHGuard repots attacks as 'Attack from service <number> from >> ...'. Though over time I have learned the numbers of the various >> services, it would be much more helpful to the user if this were changed >> to something like 'Attack from service <short service name> from ...'. >> >> AFAICT, SSHGuard mostly uses SERVICE_<NAME> constants internally anyway, >> and those are assigned a number in attack.h. >> >> Is there a technical reason for mapping SERVICE_<NAME> to numbers >> instead of a name? I'd be happy to attempt a patch to change this, but >> of course only if it actually makes sense to do so. > No technical reason, and it's a change we've discussed and wanted but > just haven't gotten around to making. Go ahead if you'd like! > |
