Menu
▾
▴
Re: [SSHGuard-users] Tiny fix to security/sshguard to allow use of daemon_flags
|
From: Kevin Z. <kev...@gm...> - 2021-07-16 19:03:53
|
Hi all, On 7/16/21 12:41 PM, Sven F. wrote: > The website first page: > > sshguard can read log messages from standard input (suitable for > piping from syslog) > > But since (openbsd 6.8) 2.4.1 > > # cat /var/log/authlog | sshguard > sshguard: /etc/sshguard.conf is missing FILES and LOGREADER; please specify one > > It s in the release note of 2.4.0: > > No longer accept logs given via standard input > > And it makes no sense at all given the statement of the home page The home page is out of date. I will go update the home page. Originally, SSHGuard allowed piping logs to its standard input, for the purpose of piping from syslog. However, folks were unhappy about SSHGuard restarting every 24-hours or so, forgetting the attackers that it had kept in memory. I don't know if OpenBSD's syslog has this behavior, but my man page says (about piping output to commands): The command itself runs with stdout and stderr redirected to /dev/null. Upon receipt of a SIGHUP, syslogd(8) will close the pipe to the process. If the process did not exit voluntarily, it will be sent a SIGTERM signal after a grace period of up to 60 seconds. It was decided that it was better not to support piping from standard input, than to deal with this. > Is there a proposed workaround using a silly LOGREADER ? I believe your workaround works, but please be aware of the above issue if you choose to pipe from syslogd. Since I have you OpenBSD folks around, how's pledge() support working out? I have not tested on OpenBSD for some time now. Thanks, Kevin |
