Menu
▾
▴
[SSHGuard-maintainers] sshguard 2.5.0 release candidate
|
From: Kevin Z. <kev...@gm...> - 2025-03-16 07:24:03
|
Dear SSHGuard users and maintainers, It has been some time since the last versioned SSHGuard release, and it's time to cut a new version for the benefit of packagers and users. If you are able and comfortable to compile from source and deploy on test/production systems, your early testing and feedback is appreciated so that we can squash any late-breaking bugs before the release. You can check out a copy of the release candidate code from: https://bitbucket.org/sshguard/sshguard.git The two main changes are: 1. Non-privileged processes such as the parser can now switch users after starting. Previously, they only used OS-level sandboxing mechanisms if available (Capsicum on FreeBSD and pledge on OpenBSD). 2. The web log (CLF) parser was refactored to fix some false positives and provide flexibility in defining new attacks. While the new web log parser passes all existing and new tests, there may be some regressions in cases that are not currently covered by tests. The draft change log is below: **Added** - Add attack signatures for Proxmox VE - Update signatures for: - Cyrus - Exim - OpenSSH - Postfix - Add option to write Prometheus-compatible metrics - Add option to change sandboxable-processes to an unprivileged user **Changed** - Any HTTP 401 response is now recognized as an attack - Code improvements in in log banner and web (CLF) parsers. If there are regressions, please file a bug report with example attacks so that they can be added to our tests. **Fixed** - Fix configure issues when the shell is not bash - Fix false positives in web (CLF) log detection with "mail" in the request Your efforts in testing the release candidate are appreciated! Regards, Kevin |
