Menu
▾
▴
sshguard-maintainers — Support and announcements for package maintainers
You can subscribe to this list here.
| 2007 |
Jan
|
Feb
|
Mar
(9) |
Apr
(2) |
May
(3) |
Jun
(15) |
Jul
(1) |
Aug
|
Sep
|
Oct
(8) |
Nov
|
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
(4) |
Jun
|
Jul
(1) |
Aug
(1) |
Sep
|
Oct
(1) |
Nov
(2) |
Dec
|
| 2009 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2012 |
Jan
|
Feb
|
Mar
(3) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2013 |
Jan
|
Feb
|
Mar
(1) |
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2015 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
(4) |
Jun
|
Jul
|
Aug
(2) |
Sep
|
Oct
(1) |
Nov
|
Dec
(1) |
| 2016 |
Jan
(10) |
Feb
|
Mar
|
Apr
(2) |
May
(3) |
Jun
|
Jul
|
Aug
(8) |
Sep
|
Oct
(1) |
Nov
|
Dec
|
| 2017 |
Jan
(6) |
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2018 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
| 2019 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
(2) |
Oct
(2) |
Nov
|
Dec
|
| 2020 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2021 |
Jan
|
Feb
|
Mar
(2) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
| 2022 |
Jan
|
Feb
|
Mar
|
Apr
(2) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(1) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Kevin Z. <kev...@gm...> - 2023-07-05 17:52:41
|
Dear SSHGuard users, SSHGuard 2.4.3 is now available on SourceForge: https://sourceforge.net/projects/sshguard/files/sshguard/2.4.3/ This release adds and updates some attack signatures and corrects a whitelisting bug on 32-bit x86 and DNS resolution inside the FreeBSD capability sandbox. If you are not impacted by either bug, and do not require the updated signatures, then this update is optional. Added - Add signature for BIND - Add signature for Gitea - Add signature for Microsoft SQL Server for Linux - Add signature for OpenVPN Portshare - Add signature for user-defined HTTP attacks - Update signatures for Dovecot - Update signatures for Postfix Fixed - Fix memset off-by-one (whitelisting on 32-bit x86) - Resolve DNS names in capability mode using casper (FreeBSD) Regards, Kevin |
|
From: Jim S. <jseymour@LinxNet.com> - 2022-04-20 03:34:51
|
Hi All, There was a documentation bug in the example regex configuration files: The macro "<IPV_ANY_ADDR>" was mistakenly documented as "<IPV_ALL_ADDR>". It has been corrected as of the tarball published just now and noted in the ChangeLog. Sorry about that. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>. |
|
From: Jim S. <jseymour@LinxNet.com> - 2022-04-10 19:12:00
|
Hi All, I have created a regular expression attack parser addition/replacement for sshguard. It can be built to use either POSIX regexps or PCREs. (For PCRE builds you'll need either libpcreposix or libpcre, depending upon whether you specify USE_PCRE or USE_NATIVE_PCRE, respectively, along with their "-dev" packages.) It can either be pretty-easily integrated directly into sshguard or, as of sshguard-2.4.2, replace the stock parser w/o any changes to sshguard's code. But NOTE: The example regex config files do NOT contain all the signatures the stock sshguards do, and contain a couple I added that 1.7.0 did not have. It can be found here: https://jimsun.linxnet.com/atre_parser.html Current state is pretty raw. There's no "configure" stuff. The only thing it's been built and run upon are Linux boxen. There's no installer. Docs are kind of hit-or-miss. In short: If you're not code-savvy, this is probably not for you at this time. I have it integrated directly into my running instances of sshguard-1.7.0, as a follow-up check to the stock parsing engine, but I haven't done anything with 2.4.2, yet. That being said: "make" (with edits) *should* build a stand-alone parser for you that can be dropped right in as a replacement for the stock parser in 2.4.2. (At lease if you're using Linux.) For the stand-alone replacement parser for 2.4.2, which is also the test/debug utility, see the atre-parser_doc.txt file at https://jimsun.linxnet.com/downloads/atre/atre-parser_doc.txt As always, with this kind of stuff: Use at your own discretion and risk. Let me know what y'all think. Questions, comments, and suggestions are welcome. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>. |
|
From: Kevin Z. <kev...@gm...> - 2021-09-01 17:53:48
|
Hi there,
I'm writing to report an errata affecting whitelisting IPv6 addresses in
SSHGuard versions 1.5 through 2.4.2.
PROBLEM
Whitelisting an IPv6 address causes an extra zero byte to be written
beyond the end of a stack variable due to a logic error in memset().
IMPACT
Whitelisting an IPv6 address may cause sshg-blocker to abort on startup
due to a stack check failure if compiled with '-fstack-protector'.
If stack checks are not enabled, the security impact is still likely low
because the overflow is always one zero byte, regardless of the
whitelist input. Further, the whitelist is configured by the system
administrator.
In practice, this crash only seems to happen on 32-bit systems. The
exact cause is unknown, but likely due to differences in structure
alignment and padding ("slop") between 32 and 64-bit systems. On 64-bit
systems, the extra byte may just be written to struct padding.
WORKAROUND
Do not whitelist IPv6 addresses.
SOLUTION
Either:
1. Upgrade to Git version 0403ed3b or later, or,
2. Apply the attached source patch to the 2.4.2 release and reinstall.
Thanks,
Kevin
|
|
From: Kevin B. <kev...@gm...> - 2021-03-19 04:48:17
|
On 2021/03/16 11:19, Kevin Zheng wrote:
> Dear SSHGuard users,
>
> SSHGuard 2.4.2 is now available from SourceForge [1].
Just came to refresh the RPM that I've been creating so as to deploy
SSHGuard 2.4.2 here, and noticed that I still have a patch in my SPEC
files, which I took from a 2.4.0 SRPM that OpenSUSE was using that has
been doing the following for a while now:
$ less ../SOURCES/sshguard-gcc5.patch
diff -crB sshguard-2.3.1/src/blocker/sshguard_whitelist.c sshguard-2.3.1-dev/src/blocker/sshguard_whitelist.c
*** sshguard-2.3.1/src/blocker/sshguard_whitelist.c 2018-12-16 03:41:51.000000000 +0100
--- sshguard-2.3.1/src/blocker/sshguard_whitelist.c 2019-01-24 09:34:29.600313298 +0100
***************
*** 18,23 ****
--- 18,24 ----
* SSHGuard. See http://www.sshguard.net
*/
+ #define _GNU_SOURCE
#include <arpa/inet.h>
#include <assert.h>
#include <netdb.h>
I haven't seen any OpenSUSE 2.4.2 SRPMs yet, but can still see the
patch in their 2.4.1 SRPM payload, vis:
$ rpm -qlp sshguard-2.4.1-42.10.src.rpm
warning: sshguard-2.4.1-42.10.src.rpm: Header V3 RSA/SHA256 Signature, key ID ee3d166a: NOKEY
sshguard-2.4.1.tar.gz
sshguard-gcc5.patch
sshguard.conf
sshguard.init
sshguard.service
sshguard.spec
sshguard.whitelist
$
and note in their 2.4.1 SPEC-file that is says
...
Source0: http://sourceforge.net/projects/%{name}/files/%{name}/%{version}/%{name}-%{version}.tar.gz
Source1: sshguard.conf
Source2: sshguard.service
Source3: sshguard.init
Source4: sshguard.whitelist
# PATCH-FIX-UPSTREAM sshguard-gcc5.patch
Patch0: sshguard-gcc5.patch
...
so was just wondering if there was a way to have that conditionally
defined, presumably for builds where one doesn't use a GNU compiler,
and/or whether it was indicative of some GNU-specific extensions used
in
sshguard_whitelist.c
Kevin Buckley
|
|
From: Kevin Z. <kev...@gm...> - 2021-03-16 03:19:38
|
Dear SSHGuard users, SSHGuard 2.4.2 is now available from SourceForge [1]. There are not many changes from 2.4.1; the most significant changes are to recognize some new attack signatures from Postfix and remove some attack signatures for SSH and Cyrus that were false positive-prone. **Added** - Recognize rejections from Postfix's postscreen daemon - The parser can now be changed using the *PARSER* and *POST_PARSER* options **Changed** - Remove some false positive attack signatures for SSH and Cyrus - Adjust log verbosity of some log messages - The *firewalld* backend now uses *firewall-cmd* instead of *iptables* to flush block lists Regards, Kevin [1] https://sourceforge.net/projects/sshguard/files/sshguard/2.4.2/ |
|
From: Kevin Z. <kev...@gm...> - 2020-08-16 17:40:10
|
Dear SSHGuard users, SSHGuard 2.4.1 is now available. (The release was cut July 31st; this release announcement is late.) **Added** - Recognize RFC 5424 syslog banners - Recognize busybox syslog -S banners - Recognize rsyslog banners - Recognize web services TYPO3, Contao, and Joomla - Update signatures for Dovecot - Update signatures for OpenSSH **Changed** - Whitelist entire 127.0.0.0/8 and ::1 block - Whitelist file allows inline comments **Fixed** - Fix FILES and LOGREADER configuration file options Regards, Kevin |
|
From: Kevin Z. <kev...@gm...> - 2019-10-24 18:19:06
|
On 10/24/19 5:08 AM, Christopher Engelhard wrote: > Hi, > just wanted to let you know that sshguard was added to the Fedora > repositories [1][2]. It's already available in rawhide and the Fedora 31 > updates-testing repository, and should be in F29-30 updates-testing shortly. > > I expect to push the packages to stable soon(-ish), after the Fedora 31 > release. > > There will also be packages for CentOS/RHEL 6-8 via EPEL, no concrete > timetable yet. Glad to hear! I'll add a link to the "Downloads" page on the website. Regards, Kevin -- Kevin Zheng kev...@gm... | ke...@be... XMPP: ke...@ee... |
|
From: Christopher E. <ce...@lc...> - 2019-10-24 12:06:32
|
Hi, just wanted to let you know that sshguard was added to the Fedora repositories [1][2]. It's already available in rawhide and the Fedora 31 updates-testing repository, and should be in F29-30 updates-testing shortly. I expect to push the packages to stable soon(-ish), after the Fedora 31 release. There will also be packages for CentOS/RHEL 6-8 via EPEL, no concrete timetable yet. Best, Christopher [1] https://src.fedoraproject.org/rpms/sshguard [2] https://apps.fedoraproject.org/packages/sshguard (page hasn't updated yet) |
|
From: Christopher E. <ce...@lc...> - 2019-09-24 08:30:24
|
Hi, sshguard should also work with sysvinit, you'd just have to write your own init script to replace the systemd service file & use FILES instead of LOGREADER as the log source. I have RPM packages of sshguard on COPR, including for CentOS 6 + sysvinit, so you could try those: https://copr.fedorainfracloud.org/coprs/lcts/sshguard/ I see no reason why that package shouldn't be buildable on CentOS 5 as well, so that would be a simple way to get a sysvinit-compatible version for your older servers - though I've never tried. Christopher On 9/24/2019 4:29 AM, Kelvin Ma wrote: > I have several CentOS 5.3 servers. I want to use sshguard but I also > wish that it will send notification email upon blocking IP address. > > I know sshguard 2.1 ~2.4 which has backend can support this feature. > > > Can I install sshguard 2.1 on CentOS 5.3. However, I notice that > sshguard need run systemd which is absent in CentOS 5.3. > > What version of sshguard should I install? > > How about CentOS 6? > > Best Regards, > > Kelvin > > > > _______________________________________________ > sshguard-maintainers mailing list > ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-maintainers > |
|
From: Kelvin Ma <bk...@hk...> - 2019-09-24 02:44:52
|
I have several CentOS 5.3 servers. I want to use sshguard but I also wish that it will send notification email upon blocking IP address. I know sshguard 2.1 ~2.4 which has backend can support this feature. Can I install sshguard 2.1 on CentOS 5.3. However, I notice that sshguard need run systemd which is absent in CentOS 5.3. What version of sshguard should I install? How about CentOS 6? Best Regards, Kelvin |
|
From: Kevin Z. <kev...@gm...> - 2019-06-10 16:03:30
|
Dear SSHGuard users, SSHGuard 2.4.0 is now available. If you are running an earlier version, and had issues with SSHGuard leaving processes running after killing the wrong process, you can upgrade to get a fix. **Added** - Match "Failed authentication attempt" for Gitea **Changed** - Log human-readable service names instead of service code **Fixed** - Correctly terminate child processes when ``sshguard`` is killed **Removed** - No longer accept logs given via standard input Regards, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xEACF0F76C22E1090 XMPP: ke...@ee... |
|
From: Kevin Z. <kev...@gm...> - 2019-01-01 15:32:21
|
Hi there, SSHGuard 2.3.1 is available. This release fixes two bugs reported after the 2.3.0 release, both because sshg-parser failed to detect some attacks that were previously detected. **Fixed** - Fix OpenSSH "Did not receive identification string" - Fix syslog banner detection on macOS Happy 2019, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Kevin Z. <kev...@gm...> - 2018-12-16 03:08:35
|
Hi there, SSHGuard 2.3.0 is now available! **Added** - Add signatures for Courier IMAP/POP and OpenVPN - Add signatures for TLS failures against Cyrus IMAP - Match more attacks against SSHD, Cockpit, and Dovecot - Update SSH invalid user signature for macOS **Changed** - Add to and remove from ipfw table quietly - Reduce "Connection closed... [preauth]" score to 2 - Switch ipsets to hash:net **Fixed** - Don't recreate existing ipsets - Match more log banners (Fix greedy SYSLOG_BANNER) -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Kevin Z. <kev...@gm...> - 2018-07-09 19:42:20
|
Hi there, SSHGuard 2.2.0 is now available for download on SourceForge [1]. **Added** - Add '--disable-maintainer-mode' in configure for package maintainers - BusyBox log banner detection - Match Exim "auth mechanism not supported" - Match Exim "auth when not advertised" - Match Postfix greylist early retry - OpenSMTPD monitoring support - Recognize IPv6 addresses with interface name **Changed** - Ignore CR in addition to LF - Only log attacks if not already blocked or whitelisted **Fixed** - Use correct signal names in driver shell script [1] https://sourceforge.net/projects/sshguard/files/sshguard/ -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Jos C. <ssh...@cl...> - 2017-12-02 19:26:08
|
Dear team,, Thanks, that is good news! Just to inform you that currently sshguard-2.0.0_1 is the most recent update of the FreeBSD ports collection. Dan, can you push 2.1.0 to our FreeBSD ports community? Thanks and keep up the good work, BR, Jos Op 9-11-2017 om 9:28 schreef Kevin Zheng: > SSHGuard 2.1.0 is available. > > Added > - Add **nftables** backend > - Add monitoring support for new service: Cockpit, Linux server dashboard > - Match "maximum authentication attempts" for SSH > - Match Debian-style "Failed password for invalid user" for SSH > - Add monitoring support for new service: Common webserver probes, in > Common Log Format > - Match 'Disconnecting invalid user' for SSH > - Add monitoring support for new service: WordPress, in Common Log Format > - Add monitoring support for new service: SSHGuard > - Firewall backends now support blocking subnets. > - Add new IPV6_SUBNET and IPV4_SUBNET configuration options. Defaults to > traditional single-address blocking. > > Changed > - Log whitelist matches with higher priority > > Fixed > - Match port number in "invalid user" attack > - FirewallD backend reloads firewall configuration less often. > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > _______________________________________________ > sshguard-users mailing list > ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users -- With both feed on the ground you will never make a step forward |
|
From: Kevin Z. <kev...@gm...> - 2017-11-09 08:28:17
|
SSHGuard 2.1.0 is available. Added - Add **nftables** backend - Add monitoring support for new service: Cockpit, Linux server dashboard - Match "maximum authentication attempts" for SSH - Match Debian-style "Failed password for invalid user" for SSH - Add monitoring support for new service: Common webserver probes, in Common Log Format - Match 'Disconnecting invalid user' for SSH - Add monitoring support for new service: WordPress, in Common Log Format - Add monitoring support for new service: SSHGuard - Firewall backends now support blocking subnets. - Add new IPV6_SUBNET and IPV4_SUBNET configuration options. Defaults to traditional single-address blocking. Changed - Log whitelist matches with higher priority Fixed - Match port number in "invalid user" attack - FirewallD backend reloads firewall configuration less often. -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Daniel A. <co...@da...> - 2017-10-08 20:46:52
|
Hello, SSHGuard 2.1 is just around the corner, and you can grab the release candidate from SourceForge: https://sourceforge.net/projects/sshguard/files/sshguard/2.0.99/ There isn’t much news regarding distribution this time around. There should be one new file for a new firewall backend included for 2.1. Otherwise things should be a smooth update from 2.0 to 2.1. If you haven’t updated to 2.0 yet, please note that flags should be removed in favor of the sshguard.conf file. Please report any issues in the issue tracker: https://bitbucket.org/sshguard/sshguard/issues?status=new&status=open Here are some of the changes and new features in this release: * New nftables sets firewall backend for Linux. * New service for brute-force login attempts against Cockpit dashboard for Linux. * New service for web app probes. Supports any server logging to NCIS common log format. * New service for brute-force login attempts against WordPress’ wp-login.php from NCIS common log format logs. * New service for SSHGuard lets you process and respond to logs from remote instances and block attackers across all your servers (e.g. using systemd-journal-remote). * LOGREADER and FILES log sources can now be configured and used at the same time. * Can now block entire subnets in response to attacks. Subnet size configurable with new IPV6_SUBNET and IPV4_SUBNET options (default to one address). Notably, attacks from the same subnet isn’t yet detected as one attack-source, but this is likely to change in a future version. * Updated matching rules for various services and environments. Regards, -- Daniel ‘da2x’ Aleksandersen SSHGuard contributor https://www.daniel.priv.no |
|
From: Daniel A. <co...@da...> - 2017-03-08 11:51:34
|
Hi all, SSHGuard 2.0.0 has been released! Here are some of the highlights: * sshguard.conf is now required and most configuration has moved here. * New FirewallD, ipset, and ipfilter firewall backends for Linux. * Support for Capsicum sandboxing on FreeBSD and pledge() on OpenBSD. * All firewall backend scripts are now installed by default. Read more highlights on the SSHGuard blog: https://www.sshguard.net/litenewz/feeds/14 There has been a lot of changes to how SSHGuard is configured in this release. Most notable, piped commands and runtime flags should be moved from the init script to the permanent configuration file. The release contains example configurations for systemd and the journal on Linux, launchd and os_log on macOS, as well as a fully documented sshguard.conf in examples/. Maintainers and distributors should make sure to update their distribution-specific configurations accordingly. Get the release on SourceForge: https://sourceforge.net/projects/sshguard/files/sshguard/2.0.0/ Ideas? Contributions? Bugs? Questions? Reach out through the bug tracker or mailing lists! https://bitbucket.org/sshguard/sshguard/issues -- Daniel ‘da2x’ Aleksandersen |
|
From: Kevin Z. <kev...@gm...> - 2017-01-19 17:27:20
|
On 01/19/17 09:17, William Woodruff wrote: > Speaking for brew, we generally like it when upstreams bundle a > configuration (or tell us what a good default one would look like). It > makes installation simpler and allows us to direct users to the > program's community instead of fielding program-specific support > ourselves. We have a sample configuration in the source distribution (see examples/sshguard.conf.sample). We're not sure how to install it since every OS seems to want it in a different place. The sample configuration has been updated substantially since the preview was released. Check on Bitbucket: https://bitbucket.org/sshguard/sshguard/src/46d9a3d604900b39d66a046017a84887462d27d2/examples/sshguard.conf.sample?at=master&fileviewer=file-view-default > Not a problem. In a way, it was good that we accidentally bumped > to 1.99 - we're now prepared to handle changes in the stable release ;) Hopefully this won't be too bumpy. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: William W. <wi...@tu...> - 2017-01-19 17:17:13
|
> On 01/19/2017 11:44 AM, Kevin Zheng wrote: >> On 01/19/17 07:03, William Woodruff wrote: >> * Will a default configuration akin to 1.7.1's functionality be >> available? > > Not decided. Currently, all backends are built and installed and the > backend is selected at runtime using the configuration file (the BACKEND > variable, a path to a sshg-fw executable). > > One idea would be for packagers to ship the default configuration file > with the BACKEND and other defaults set appropriately (e.g. LOGREADER on > macOS 10.12). But I want to hear suggestions from package maintainers. > Speaking for brew, we generally like it when upstreams bundle a configuration (or tell us what a good default one would look like). It makes installation simpler and allows us to direct users to the program's community instead of fielding program-specific support ourselves. >> We accidentally packaged your (experimental) 1.99 release a while ago, >> but came across these issues and have since reverted back to 1.7.1: >> >> https://github.com/Homebrew/homebrew-core/issues/8657 > > Sorry. I didn't make it explicit that it was a preview beta release. I > usually don't publish betas, but I thought it might be useful for people > who don't want to check out from Git and install developer tools. Not a problem. In a way, it was good that we accidentally bumped to 1.99 - we're now prepared to handle changes in the stable release ;) Thanks, William Woodruff |
|
From: Kevin Z. <kev...@gm...> - 2017-01-19 16:44:49
|
On 01/19/17 07:03, William Woodruff wrote: > I'm a maintainer with Homebrew, and I have some questions about the > upcoming 2.0 release: > > * Will `sshguard-setup` be installed with `sshguard`? No. It was originally planned but wasn't going to make 2.0.0. The error message no longer mentions 'sshguard-setup'. > * Will a default configuration akin to 1.7.1's functionality be > available? Not decided. Currently, all backends are built and installed and the backend is selected at runtime using the configuration file (the BACKEND variable, a path to a sshg-fw executable). One idea would be for packagers to ship the default configuration file with the BACKEND and other defaults set appropriately (e.g. LOGREADER on macOS 10.12). But I want to hear suggestions from package maintainers. > We accidentally packaged your (experimental) 1.99 release a while ago, > but came across these issues and have since reverted back to 1.7.1: > > https://github.com/Homebrew/homebrew-core/issues/8657 Sorry. I didn't make it explicit that it was a preview beta release. I usually don't publish betas, but I thought it might be useful for people who don't want to check out from Git and install developer tools. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: William W. <wi...@tu...> - 2017-01-19 15:10:30
|
Hi all, I'm a maintainer with Homebrew, and I have some questions about the upcoming 2.0 release: * Will `sshguard-setup` be installed with `sshguard`? * Will a default configuration akin to 1.7.1's functionality be available? We accidentally packaged your (experimental) 1.99 release a while ago, but came across these issues and have since reverted back to 1.7.1: https://github.com/Homebrew/homebrew-core/issues/8657 I'd appreciate any clarification you could give on those two questions. Best, William Woodruff wi...@tu... |
|
From: jungle B. <jun...@gm...> - 2017-01-03 02:41:27
|
Hi Kevin, On Jan 2, 2017 2:19 PM, "Kevin Zheng" <kev...@gm...> wrote: > > Hi there, > > A lot of work to get SSHGuard working with new log sources (journalctl, > macOS log) and backends (firewalld, ipset) has happened in 2.0. > > The new version also uses a configuration file. > > Some deprecated backends have been resurrected (hosts, ipfilter). > > Most importantly, SSHGuard has been split into several processes piped > into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). > sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be > sandboxed in its default configuration (without pid file, whitelist, > blacklisting) and has not been tested sandboxed in other configurations. > I'm going to give this a shot on that one host that had a problem. The OS has been reinstalled so I'm hoping it will make a difference this time around. Can you point us to the latest documentation? Thanks for your efforts, IMO, to make sshguard easier to use. > > The experimental code is available on SourceForge as 1.99.0 [1]. > > Thanks, > Kevin > > [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.99.0/ > > -- > Kevin Zheng > kev...@gm... | ke...@be... | PGP: 0xC22E1090 > > |
|
From: Kevin Z. <kev...@gm...> - 2017-01-02 22:19:33
|
Hi there, A lot of work to get SSHGuard working with new log sources (journalctl, macOS log) and backends (firewalld, ipset) has happened in 2.0. The new version also uses a configuration file. Some deprecated backends have been resurrected (hosts, ipfilter). Most importantly, SSHGuard has been split into several processes piped into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be sandboxed in its default configuration (without pid file, whitelist, blacklisting) and has not been tested sandboxed in other configurations. The sshguard program is now a driver script that glues everything together. It's probably still a little fragile. Some cleanup work remains. Documentation is also being updated. I encourage package maintainers and people with suitable test environments to give the new code a shot and provide feedback. The experimental code is available on SourceForge as 1.99.0 [1]. Thanks, Kevin [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.99.0/ -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
1 message has been excluded from this view by a project administrator.