Menu
▾
▴
Re: [SSHGuard-users] Log human-readable service IDs instead of numbers?
|
From: Ryan R. <rr...@ro...> - 2018-11-02 20:49:50
|
Kevin, If you are using "Internet" based services for what you are doing I suggest you follow the rules in RFC's that outline how IANA, etc handle these issues. If you are running private networks for telecommuncations services that don't need to be or use any Internet standards but are fine if your customer do but won't help them police your customers or are considering it then you probably shouldn't be the one to give IANA and the IETF and ARIN, etc... a double handled middle fingers salute and should leave that to an expert. Ryan On 11/2/2018 10:41 AM, Kevin Zheng wrote: > Hi Ryan, > > While it might be useful to cross-reference these internal > representations with an external database like /etc/services, right now > we're just focused on the internal representation. > > There should be no functional change with this suggested change, except > that the log messages get better because they would come up as readable > strings instead of "service codes". > > Regards, > Kevin > > On 11/2/18 10:35 AM, Ryan Root wrote: >> Kevin, >> >> It would be a normal programming decision to decide to take that info >> from a systems default "/etc/services" file which can be modified by a >> user or look to other databases. The decision to override or not >> override a local system administrators decisions about modifications >> that could be correct for common port names in services is one of the >> programming and process issues that are considered with your question. >> At least with FreeBSD that is the default file location >> "/etc/services". However, until some of the things about fingering are >> fixed in the default FreeBSD install in the hosts.allow file some are >> not going to be able to use that database of service numbers to common >> names. However, keep in mind. Those are just port numbers and can be >> easily faked so it's only helpful to some degree... >> >> Does OpenBSD and other distributions have similar inappropriate finger >> references in hosts.allow? >> >> Ryan >> >> On 11/2/2018 9:36 AM, Kevin Zheng wrote: >>> On 11/2/18 3:59 AM, Christopher Engelhard wrote: >>>> Hi, >>>> currently, SSHGuard repots attacks as 'Attack from service <number> from >>>> ...'. Though over time I have learned the numbers of the various >>>> services, it would be much more helpful to the user if this were changed >>>> to something like 'Attack from service <short service name> from ...'. >>>> >>>> AFAICT, SSHGuard mostly uses SERVICE_<NAME> constants internally anyway, >>>> and those are assigned a number in attack.h. >>>> >>>> Is there a technical reason for mapping SERVICE_<NAME> to numbers >>>> instead of a name? I'd be happy to attempt a patch to change this, but >>>> of course only if it actually makes sense to do so. >>> No technical reason, and it's a change we've discussed and wanted but >>> just haven't gotten around to making. Go ahead if you'd like! >>> >> >> >> _______________________________________________ >> sshguard-users mailing list >> ssh...@li... >> https://lists.sourceforge.net/lists/listinfo/sshguard-users >> > |
