Re: [SSHGuard-users] getting sshguard to work on macOS Big Sur

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Jin,

On 6/15/21 11:31 AM, Jin Choi wrote:
> I noticed that sshguard was not working for me on recent versions of 
> macOS because the necessary information from sshd wasn’t getting 
> reported by the log stream. I dug into it a little bit and found the 
> following to work (from 
> https://superuser.com/questions/1565891/how-to-get-ssh-logs-and-send-to-remote-syslog-server-in-macos 
> <https://superuser.com/questions/1565891/how-to-get-ssh-logs-and-send-to-remote-syslog-server-in-macos>):
> 
> LOGREADER="/usr/bin/log stream --process sshd --info --style syslog 
> --predicate \"messageType = 'info'\""

Thanks for reporting this. Do you know if this new syntax is 
backwards-compatible with older versions like Catalina?

> Also, pfctl is no longer enabled on startup by default. The easiest way 
> to get it enabled persistently without trying to mess with SIP protected 
> files is to enable “stealth mode” in the system firewall 
> (https://stackoverflow.com/questions/51017493/how-to-enable-pfctl-on-boot-time-on-mac-os 
> <https://stackoverflow.com/questions/51017493/how-to-enable-pfctl-on-boot-time-on-mac-os>).

This would be good to add to the sshguard-setup(7) man page.

Re: [SSHGuard-users] getting sshguard to work on macOS Big Sur

Intelligently block brute-force attacks by aggregating system logs

Re: [SSHGuard-users] getting sshguard to work on macOS Big Sur