Re: [SSHGuard-users] simple install of sshguard on ubuntu 18 20 versions

[Amit D. <ami...@gm...>]

Hi Kevin,

After adding the ufw before rules for sshguard as mentioned in
https://wiki.archlinux.org/title/Sshguard#UFW sshguard works as expected
blocking unauthorized attempts.

This option i have tried before rasing the question here, not sure maybe
because of sshguard version 1.7.3 version on ubuntu 20 initially used.
For debian 10 , ubuntu 16.04 they are stright fwd with apt commands.

Anyway thanks for your help.

Thanks,
Amit




On Fri, Dec 3, 2021 at 4:43 PM Amit Das <ami...@gm...> wrote:

>
> Hi Kevin,
>
> I am getting the output as seen in the attachment. Did u mean pipe or
> redirect  not clear?.
>
> Also my sshguard version is 1.7.3 (tried on other 2.3.1 , 2.3.4  versions
> too). I have tried on multiple vms , aws vms and dedicated servers. First
> unauthorized attempt is blocked by sshguard but later on its not blocking
> as seen in the auth logs. Not seen in journalctl logs its blocking.   Dont
> understand why sshguard drops after blocking first time and passed to sshd
> in auth logs.eventhough sshguard service is running all time.
>
> Not sure whats wrong my backend config or from ubuntu maintainer  or the
> version issues on latest ubuntu 18, ubuntu 20.
>
> Thanks,
> Amit
>
>
> On Fri, Dec 3, 2021 at 12:27 AM Kevin Zheng <kev...@gm...> wrote:
>
>> Hi Amit,
>>
>> On 12/1/21 11:41 AM, Amit Das wrote:
>> > # Log reader command (optional, no default)
>> > LOGREADER="LANG=C /usr/bin/journalctl -afb -p info -n1 -t sshd -t
>> vsftpd
>> > -o cat"
>>
>> Could you check that your LOGREADER command is actually giving you the
>> log output from sshd?
>>
>> That is, run this command at the command line, and see if any failed
>> login messages are coming through:
>>
>> $ /usr/bin/journalctl -afb -p info -n1 -t sshd -t vsftpd -o cat
>>
>> If they are coming through, pipe the output to `sshg-parser -a` and make
>> sure the attacks you expect to be recognized are marked with an asterisk.
>>
>> Regards,
>> Kevin
>>
>