sshguard-maintainers — Support and announcements for package maintainers

Re: [Sshguard-maintainers] [Sshguard-users] SSHGuard 1.6.3 release announcement

[Kevin Z. <kev...@gm...>]

On 01/04/2016 12:13, Mark Felder wrote:
>>     - Fix `pfctl` command syntax with OpenBSD 5.8
> 
> Does this in any way affect pf on FreeBSD?

No. This patch simply changes the order of the flags on the command line
to match the order documented in the `pf` man page, which is the same on
both FreeBSD and OpenBSD. OpenBSD 5.8 stopped accepting the flags in the
wrong order, but the right order works on both.

>>     - Remove PID file option
> 
> ... Why? The rc scripts on FreeBSD heavily rely on pidfiles. It ensures
> that the process name and pidfile contents match what it finds in the
> process list to be sure it's not going to kill the wrong process. I can
> alter sshguard's rc script to launch via daemon(8) so I can get a
> pidfile again, but that seems silly.

I removed it thinking that I was duplicating what daemon(8) does. The
original PID file code did not properly lock the PID file, so I thought
to delegate to daemon(8) instead of rolling my own pidfile(3).

Best,
Kevin

-- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090

Re: [Sshguard-maintainers] [Sshguard-users] SSHGuard 1.6.3 release announcement

[Mark F. <fe...@Fr...>]

On Fri, Jan 1, 2016, at 19:36, Kevin Zheng wrote:
>
>     - Fix `pfctl` command syntax with OpenBSD 5.8

Does this in any way affect pf on FreeBSD?

>     - Remove PID file option

... Why? The rc scripts on FreeBSD heavily rely on pidfiles. It ensures
that the process name and pidfile contents match what it finds in the
process list to be sure it's not going to kill the wrong process. I can
alter sshguard's rc script to launch via daemon(8) so I can get a
pidfile again, but that seems silly.

-- 
  Mark Felder
  ports-secteam member
  fe...@Fr...

[Sshguard-maintainers] SSHGuard 1.6.3 release announcement

[Kevin Z. <kev...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greetings,

I am pleased to announce the release of SSHGuard 1.6.3 [1]. This
release brings stability and usability improvements, along with many
bug fixes and documentation updates. Highlights in this release include:

    - Add sample systemd(8) unit file
    - Disable blacklisting by default
    - Fix `pfctl` command syntax with OpenBSD 5.8
    - Implement logging as wrappers around syslog(2)
    - Improve log and error messages
    - Match sendmail authentication failures
    - Remove PID file option
    - Remove SIGTSTP and SIGCONT handler
    - Remove reverse mapping attack signature
    - Remove safe_fgets() and exit on interrupt
    - Terminate state entries for hosts blocked with pf
    - Update and shorten command-line usage
    - Use 'configure' to set feature-test macros

As usual, please report any bugs, build failures, or other issues to
the mailing list or the Bitbucket tracker [2].

Happy 2016,
Kevin

[1] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.3/
[2] https://bitbucket.org/sshguard/sshguard/issues/

- -- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWhymOAAoJEOrPD3bCLhCQoEUIAI9lPTjbJ7WQ1dx/AQc8qLoL
dzbt3ZfxhC2QQLLU1OWYtrn3JVaVWSE3lm0+n9HPXfEDzxlU+e7h3wINFQWzFzfs
haVcbgAhIzKZgie0SMx2zwCJIIyLDdXOHEUc/gh2ribh15Wo8FmfsMfh2jg48yf4
j8dvVnw4NuTlQcRMlVcadtKFrz7dGsFOXuJPnrE+cePhyOl3k1FtHFdtx+5hz9QQ
RUuNPblOLy/ozstSfn7hC78UwVPxr3s+ULiNDeA4UoPmZRzGq2V7AdansuQossJk
mJ8KxK5Qb7lJr5j1oHC6XoGB1mFkGxC9A8GWxZRxw1iYuVwtUMJQEgV0gAPhO+A=
=bCg1
-----END PGP SIGNATURE-----

[Sshguard-maintainers] SSHGuard 1.6.3 landing soon

[Kevin Z. <kev...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greetings,

I hope this season finds everyone well.

SSHGuard 1.6.3 is just around the corner, bringing these changes:

    - Add sample systemd(8) unit file
    - Disable blacklisting by default
    - Fix `pfctl` command syntax with OpenBSD 5.8
    - Implement logging as wrappers around syslog(2)
    - Improve log and error messages
    - Match sendmail authentication failures
    - Remove PID file option
    - Remove SIGTSTP and SIGCONT handler
    - Remove reverse mapping attack signature
    - Remove safe_fgets() and exit on interrupt
    - Terminate state entries for hosts blocked with pf
    - Update and shorten command-line usage
    - Use 'configure' to set feature-test macros

Starting in 1.6.3, releases will be cut from 'master'; there will not
be a separate release branch. The release is planned for January 1st,
2016. If you can, please help testing by cloning the 'master' branch
of the repository, building, running, and reporting issues you encounter
.

Very best,
Kevin

- -- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWf2HWAAoJEOrPD3bCLhCQuygH/il8dn0BYz1pYJlfpeaZsxyu
iTFCqyRadJJ9KrnXf6wUOFQKkMvTuuxySOEfGsyzq2WkWs+rF0mg0ihCUdfpzeaO
hb9IuFR2Hs5R/D6Yh9wvSch1Z9rlGjv8UJlB1S/+mJ/CKqvcfBw+40tpaVaaJ49k
+v09pXqguURGbYKxyuZQsEwRxXFbL+KGWYvGKOF83rhqjMlNLJkfkfX4OL4jcO7a
aOecQ40hPAse/997LSLy+zoFhMBMAoLdJfz9bJVXWTRwcvOmeM1JzCXt5Pe3ZAah
wJ3iJYZgxmmNXtNjXp5iN5pEgPHPOJ6BFWOfBe224my1+dvR1xACPd3rAS7H1Fw=
=KbA4
-----END PGP SIGNATURE-----

[Sshguard-maintainers] SSHGuard 1.6.2 release announcement

[Kevin Z. <kev...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greetings,

It is my pleasure to announce the availability of the SSHGuard 1.6.2
release. This release backports a compatibility fix for the iptables
backend and overhauls the ipfw backend.

If you are not using either backend, you do not need to upgrade. If
you are not currently experiencing issues with 'iptables', you do not
need to upgrade. If you are running 'ipfw', you should definitely upgrad
e.

If you are running 'ipfw', you will need to make changes to your
firewall configuration. SSHGuard will add addresses to table 22
(currently hard-coded in SSHGuard); you will need to write the
firewall rule that uses the table to actually do something.

This will most likely be the last release from the 1.6 branch.
Developing in 'master' and backporting fixes for releases is too
cumbersome at this point and prevents features from landing at a
reasonable pace. Future releases will be cut from 'master', beginning
with 1.7.0. I haven't figured out a version scheme, though.

The source tarball, along with a GPG-signed checksum, is available
from SourceForge. Only a XZ'ed tarball is available; if anyone still
needs a gzip'ed tarball please let me know.

As usual, please report issues on the Bitbucket tracker or mailing list.

Best,
Kevin Zheng

- -- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWHEZwAAoJEOrPD3bCLhCQLRsH/jyyRTP3aXaKjEvHbJvImS9f
OEEKz4VZel4iHPxqMcpeA4/qnWs5lyQCdCWC+C0Nt+etScRDfSOQ4bf3lVE8z0rV
jT0n1yGtnXDu8W2sVednMlwC+EonMHHZeH+bmVDFb9FWT165Pgy5FuxXiPfxsvVz
TnogaqiH3EJgUBtRNDcTNUdl/zWo5Z9ae3ejDqSBtKLnxUbrlWiRbLTndizT7xeS
pgwEG+FSFh6nss1WSdJMDzC9vQIZ0BnNPBV5GcJMfwoN0N0CeONstguWB0POVZhj
5eMuxIIFXsIUuRMjgt28nrKr3wUfOYv8pZxDWe3nB9cGZEk5LbLpgUS0ks14lKU=
=ee63
-----END PGP SIGNATURE-----

Re: [Sshguard-maintainers] [Sshguard-users] SSHGuard 1.6.1 release announcement

[Willem J. W. <wj...@di...>]

On 1-8-2015 03:07, Kevin Zheng wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Greetings,
>
> I am pleased to announce the release of SSHGuard 1.6.1 [1]. This
> release is primarily a bugfix release that fixes a few late-breaking
> issues from 1.6.0 while incorporating a few feature improvements. This
> release was slightly delayed by a recent SourceForge outage.
>
> Changes in this release include:
>
> - - Accept "Received disconnect" with optional prefix
> - - Add support for socklog entries
> - - Fix 'ipfw-rules-range' option in configure script
> - - Fix build for 'ipfw' and 'hosts' backends
> - - Fix integer comparisons of different types
> - - Match attacks when syslog debugging is enabled
>
> Many thanks to the contributors who reported issues or sent in patches
> to fix them. Special thanks to the FreeBSD community for reporting and
> fixing a number of problems amended in this release.
>
> As usual, please report any bugs, build failures, or other issues to
> the mailing list or the Bitbucket tracker [2].

Hi,

I added some code on FreeBSD to libssh to make some errors actually log 
the the ip-number, because this is usualy abuse as well....

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202055

And it changes the log like:
fatal: Read from socket failed: Connection reset by peer [preauth]

Which is rather useless for tools like sshguard and/or fail2ban

But this patch changes this info to:
Aug  2 19:37:32 zfs sshd[19444]: Read from socket failed: 218.2.22.36 
[preauth]
Aug  2 19:37:32 zfs sshd[19444]:fatal: Read from socket failed: 
Connection reset by peer [preauth]

But then again this needs to be picked upt by sshguard with an extra 
parser rule...

--WjW

patch:
Index: crypto/openssh/packet.c
===================================================================
--- crypto/openssh/packet.c     (revision 286222)
+++ crypto/openssh/packet.c     (working copy)
@@ -1128,8 +1128,10 @@
                         logit("Connection closed by %.200s", 
get_remote_ipaddr());
                         cleanup_exit(255);
                 }
-               if (len < 0)
+               if (len < 0) {
+                       logit("Read from socket failed: %.200s", 
get_remote_ipaddr());
                         fatal("Read from socket failed: %.100s", 
strerror(errno));
+               }
                 /* Append it to the buffer. */
                 packet_process_incoming(buf, len);
         }

[Sshguard-maintainers] SSHGuard 1.6.1 release announcement

[Kevin Z. <kev...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greetings,

I am pleased to announce the release of SSHGuard 1.6.1 [1]. This
release is primarily a bugfix release that fixes a few late-breaking
issues from 1.6.0 while incorporating a few feature improvements. This
release was slightly delayed by a recent SourceForge outage.

Changes in this release include:

- - Accept "Received disconnect" with optional prefix
- - Add support for socklog entries
- - Fix 'ipfw-rules-range' option in configure script
- - Fix build for 'ipfw' and 'hosts' backends
- - Fix integer comparisons of different types
- - Match attacks when syslog debugging is enabled

Many thanks to the contributors who reported issues or sent in patches
to fix them. Special thanks to the FreeBSD community for reporting and
fixing a number of problems amended in this release.

As usual, please report any bugs, build failures, or other issues to
the mailing list or the Bitbucket tracker [2].

Very best,
Kevin Zheng

[1] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.1/
[2] https://bitbucket.org/sshguard/sshguard/issues/

- -- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVvBvZAAoJEOrPD3bCLhCQmdMH/3g8gjEF67GUBX7VH+QpY2vQ
W2UYCbIln5z4VytYHMyykNcqTMkZCpnPnuQV+14IVrIUSfQp5fY3vYKL7xcTT3PC
canTMbuPsLPjdXsSFCtZjQetbuDrsGEDzXD82XV1ATHz41RknanSnq0GasRF7NZR
GpLN7gukNHhtzoSSca7fC/W9AUo1Ya0s9avIbkamm5PKfZ+ZQW1C6UaXOOshpTLb
8FQ1sbG9PozyN6ohEA2VnEMvcD8EdJ4sBTNdEPpehSj/SzRSkMvaVeQdq9yhnuQV
uC8q6aT76rhgu1CMMB/zxASND/mJyyDgWfkH0QxF+pRGR3SMehJENAkXesPZzgA=
=HFiX
-----END PGP SIGNATURE-----

[Sshguard-maintainers] Errata Notice: Crash when loading blacklists using the ipfw backend

[Kevin Z. <kev...@gm...>]

This is an errata notice for SSHGuard. This issue impacts the 1.6.0
release, but has actually been around for quite some time.

## Problem ##

When blocking attackers from a loaded blacklist file, SSHGuard will
write past the boundaries of a fixed-length buffer.

This problem only affects users running SSHGuard with blacklisting
enabled, while using the `ipfw` backend.

## Impact ##

SSHGuard will crash with a segmentation fault upon startup when loading
a blacklist with enough (less than 100) entries. Because the blacklist
file is generally owned by the superuser, it is unlikely that this
vulnerability could be used to gain superuser privileges. If you are
affected, please consider using one of the workarounds:

## Workaround ##

Any one of these should work around the issue:

1. Don't use blacklisting.

2. Don't use the `ipfw` backend.

3. If you need blacklisting, delete the blacklist file before starting.

## Solution ##

We're working on one. The "long-term" solution is to switch `ipfw` to
the "command" backend and use ipfw tables instead of individual rules.
For the time being:

1. Increase the length of the fixed buffer. Eventually, though, this
will run into the same problem.

2. There is a patch on the mailing list that adds the blacklisted
addresses one at a time. I haven't taken a look at it yet.

## Credits ##

Thanks to Greg Putrich <gr...@n0...> for analyzing and proposing a
fix to this issue. Thanks to the many people who have reported this
issue beforehand, even though I never got around to acting on them.

-- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090

[Sshguard-maintainers] Build fix for SSHGuard 1.6.0 using 'ipfw' and 'hosts' backends

[Kevin Z. <kev...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

This is an errata notice for the SSHGuard 1.6.0 release:

## Problem ##

SSHGuard supports one of several firewall backends; of these, the
'ipfw' and 'hosts' backends failed to build due to a missing header
file after some code reorganization prior to the 1.6.0 release.

There is no workaround available; however, users who are not using the
'ipfw' or 'hosts' backends are not affected.

## Solution ##

Those who are affected should apply the attached patch against the
1.6.0 release tarball, or track the 1.6 branch on Bitbucket.

## Credits ##

Thanks to Mark Felder <fe...@Fr...> for reporting this issue.

- -- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVR+okAAoJEOrPD3bCLhCQlgQH+wUWoWLdBhzcppnc3CZ6eXol
CA+5uHa0+cuYdouTjqW5tayGOO8JT6Ng7ydw5tML6CjtBDRJ8aWIHeJcUI9l4yA3
htAD+CxhxJ4l2rWy0Upz1kLb0ylGkNfk8tE56oSwYlLCYptVGeIMw3OQhPI8gnpb
ZJt2YHpiS+Cf/qjhsmKQ6N9/8Tf7H8dZRXhUK5zhZ8LZ4ZQPJf2+1le3DMOy08P1
UjoQivl6Vh6m3ea3Cu9L3DLh2oqRfrh9ixYmkcPWIKKPO0Xnz1jPy8BF5NoTyGt2
KlsFKzbwKablGNOxUrEVaPEp48VP1heTVGsjHYfVK7CNp0yDtOvLBsvjAgWCORE=
=/iDp
-----END PGP SIGNATURE-----

Re: [Sshguard-maintainers] [Sshguard-users] SSHGuard 1.6.0 release announcement

[Mark F. <fe...@Fr...>]

On Sat, May 02, 2015 at 02:17:12PM -0500, Kevin Zheng wrote:
> 
> Greetings,
> 
> On behalf of the SSHGuard Team, it is my pleasure to announce the
> 1.6.0 release. This release is the first in the 1.6 branch and comes
> after more than four years of development.
> 

Fails to build with Clang due to missing include statement

hosts.c:47:15: error: use of undeclared identifier 'ADDRLEN'
    char addr[ADDRLEN];
              ^
hosts.c:234:22: error: use of undeclared identifier 'ADDRKIND_IPv4'
                case ADDRKIND_IPv4:
                     ^
hosts.c:238:22: error: use of undeclared identifier 'ADDRKIND_IPv6'
                case ADDRKIND_IPv6:
                     ^
3 errors generated.


See attached.


Thanks!

[Sshguard-maintainers] SSHGuard 1.6.0 release announcement

[Kevin Z. <kev...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greetings,

On behalf of the SSHGuard Team, it is my pleasure to announce the
1.6.0 release. This release is the first in the 1.6 branch and comes
after more than four years of development.

This release is tagged as 'v1.6.0' on Bitbucket [1] and source
tarballs are available from SourceForge [2]. Tarballs are available in
both `gzip` and `xz` formats. Checksums are signed with the same PGP
key as this announcement (0xC22E1090).

Notable changes in this release include:

- - Add rules for Postfix SASL login attempts
- - Add support for ISO 8601 timestamps (David Caldwell)
- - Add support for external commands run on firewall events (-e)
- - Blacklist file is now human-readable (Armando Miraglia)
- - Check tcpwrapper file permissions regardless of local umask
- - Detect additional pre-auth disconnects
- - Fix ipfw crash when loading an empty blacklist (Jin Choi)
- - Fix log parsing on days beginning with zero
- - Fix log polling on filesystems with many files (Johann H. Hauschild)
- - Fix matching for Cyrus IMAP login via SASL
- - Fix syslog format detection on hosts with undefined hostname
- - Match SSH login failures with "via" suffix
- - Remove broken kqueue(2) support
- - Tweak option names and help strings
- - Update SSH "Bad protocol" signature
- - Use case-insensitive "invalid user" signature
- - Wait for xtables lock when using iptables command (James Harris)

Please report any bugs, build failures, or OS-specific issues to the
mailing list or to the Bitbucket tracker [3].

Cheers,
Kevin Zheng

[1] https://bitbucket.org/sshguard/sshguard/commits/tag/v1.6.0
[2] https://sourceforge.net/projects/sshguard/files/sshguard/1.6.0/
[3] https://bitbucket.org/sshguard/sshguard/issues/

- -- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVRSK1AAoJEOrPD3bCLhCQvjAIANAD/Pfs3Etf2dwiztfsDUOo
VLdReSUj8B1wdxo58joIDde7muhdnfmRnrx9dwFZ9FScrQCVoYJUuBKkwy9tRBAy
hYjO/Zu6jmFaUvYmnAa2Z7accHTJZpnztd9vEsHK/xV9/4wLbnJi+biUoz0PY2AH
4YNNWh4EHbkOd4o/ZkDbmxf9MjXkmraPKSIFcklkyUydqbDI4QGodLZ0ZkvwoJPc
fY0lJGd/FonlfJOFdHahTR6xKwrNZ5XeRq8RgpX5AKt71VfRd6XMmMma/8HS9wCq
8IJFZogpWPO27X7seCb3WEsBRoUWP+hY+NVIxCmkBPQezphG0wfz6j9S9b9hB24=
=eBK+
-----END PGP SIGNATURE-----

[Sshguard-maintainers] SSHGuard 1.6-rc1 release candidate announcement

[Kevin Z. <kev...@gm...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi all,

It is my pleasure to announce the first release candidate for 1.6.
This release candidate is expected to become the 1.6.0 release.

This release candidate is tagged as 'v1.6-rc1' on Bitbucket [1] and
source tarballs are available from SourceForge [2]. Tarballs are
available in both `gzip` and `xz` formats. Checksums are signed with
the same key as this announcement (0xC22E1090).

For a list of user-visible changes, please see 'ChangeLog'.

Please report any bugs, build failures, or OS-specific issues to the
mailing list or to the Bitbucket tracker [3]. Unless critical issues
are uncovered, expect the 1.6.0 release within a week.

Thanks,
Kevin Zheng

[1] https://bitbucket.org/sshguard/sshguard/commits/tag/v1.6-rc1
[2] https://sourceforge.net/projects/sshguard/files/sshguard/1.6-rc1/
[3] https://bitbucket.org/sshguard/sshguard/issues/

- -- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVO9KhAAoJEOrPD3bCLhCQu4gH/382KUIhPV6uooBlNNas/DgO
mW4HPgQrodsP8+rCivtrz8AgOoPVhGgftMN9Lyp1pMsFhZMAm9z828LYG7hpd9uS
vjr7Q74+y68veb/AhqKi2MLWmNcmQW2Spe0Q7HoLdlbx5ygeObrm1dr/ABLwCWnF
2znys8jX+i7iK5vmtLGzwhHhQQctoaPoHP5g7sDoggdZMv8FegkOKZFZCvJllNrE
YsF3w6y2TYu17+dLXbs+jwJmUIA7UNqNNnr8vEAjJkPOQTjHnp88TNeYSZYObfNj
DM+E2HGoAO+8NedOptwWOeot126jEf854gHYhiTVfhrHR04xyZEmKvbU+bOWto0=
=o574
-----END PGP SIGNATURE-----

[Sshguard-maintainers] SSHGuard 1.6 Roadmap

[Kevin Z. <kev...@gm...>]

Hi all,

It's been four years since the 1.5 release. Since then, there have been
a series of bug fixes, improvements, and attack signature updates.

In the coming few days I would like to tag the 1.6 branch in preparation
for the 1.6.0 release. Until then, the 'master' branch on Bitbucket [1]
reflects what will be in the next release. I encourage everyone,
especially package maintainers, to clone or download a snapshot of the
repository and give it a whirl.

We've received a lot of patches and issue reports. These *are* being
taken care of, albeit a little slowly. If there are patches or bugs that
should really be fixed in 1.6.0, please feel free to submit them to the
mailing list or the Bitbucket issue tracker [2].

As always, feedback is immensely appreciated. Please send mail to the
users mailing list if you encounter crashes, bugs, or other issues.

Thanks,
Kevin Zheng

[1] https://bitbucket.org/sshguard/sshguard/
[2] https://bitbucket.org/sshguard/sshguard/issues/

-- 
Kevin Zheng
kev...@gm... | ke...@kd... | PGP: 0xC22E1090

[Sshguard-maintainers] Bugreport: sshguard crashes

[Pinocchio <pin...@gm...>]

Hello!
I am use sshguard 1.5 about a year and it works with no hitch.
Recently, however, I found sshguard crashing every time it started by
syslog.
Little investigation found that the reason is in it's database content.
After I've removed it the problem was gone.

Configuration details: 
[root@XXX /var/db/sshguard]# sshguard -v sshguard 1.5.0

Copyright (c) 2007,2008 Mij <mi...@ss...> This is free software; see
the source for conditions on copying.

[root@XXX /var/db/sshguard]# uname -a
FreeBSD XXX 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011
ro...@al...:/usr/obj/usr/src/sys/GENERIC  i386

[root@cytadel /var/db/sshguard]# grep sshguard /etc/syslog.conf 
auth.info;authpriv.info     |exec /usr/local/sbin/sshguard -b
/var/db/sshguard/blacklist.db

The flawed blacklist.db is attached.

--
Best Regards

[Sshguard-maintainers] Date parsing on metalog with leading 0 in day

[Tobias M. <Tob...@tw...>]

Hi!

sshguard fails to parse log lines from metalog such as

  Mar 01 11:21:33 [sshd] Invalid user test from XXX.XXX.XXX.XXX

when there is a leading 0 in the day of the month. The attached patch
fixes this.

Tobias

Re: [Sshguard-maintainers] sshguard project status?

[Mij <mi...@ss...>]

Hey Henry,

I replied to your private e-mail yesterday.

For patches, write to ssh...@li... . This list is
for maintainers of packaged versions of sshguard.



On Mar 25, 2012, at 1:30 , Henry Yen wrote:

> Is this project still active?  The maintainer-style posts date back over
> five months.  I have an enhancement suggestion or two, having written
> some local patches recently.  I also see that user questions/bugs haven't
> been answered since then.
> 
> -- 
> Henry Yen                                       Aegis Information Systems, Inc.
> Senior Systems Programmer                       Hicksville, New York
> 
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here 
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> Sshguard-maintainers mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-maintainers

[Sshguard-maintainers] sshguard project status?

[Henry Y. <he...@Ae...>]

Is this project still active?  The maintainer-style posts date back over
five months.  I have an enhancement suggestion or two, having written
some local patches recently.  I also see that user questions/bugs haven't
been answered since then.

-- 
Henry Yen                                       Aegis Information Systems, Inc.
Senior Systems Programmer                       Hicksville, New York

[Sshguard-maintainers] bug?

[hays <bil...@un...>]

I'm trying to get sshguard working with valid users under OSX. At first I thought it was a signature issue, and perhaps it is, but I'm not conversant enough to figure it out. Here's a debug listing:
tomthumb:sshguard hays$ env SSHGUARD_DEBUG=foo /usr/local/sbin/sshguard
whitelist: add '127.0.0.1' as plain IPv4.
whitelist: add plain IPv4 127.0.0.1.
Started successfully [(a,p,s)=(40, 420, 1200)], now ready to scan.
error: PAM: authentication error for hays from flutterby.cs.unc.edu via 2.3.4.5
Starting parse
Entering state 0
Reading a token: --accepting rule at line 148 ("error: PAM: authentication error for hays from ")
Next token is token SSH_LOGINERR_PAM ()
Shifting token SSH_LOGINERR_PAM ()
Entering state 9
Reading a token: --accepting rule at line 211 ("flutterby.cs.unc.edu")
Next token is token HOSTADDR ()
Shifting token HOSTADDR ()
Entering state 52
Reducing stack by rule 25 (line 211):
   $1 = token HOSTADDR ()
Successfully resolved 'flutterby.cs.unc.edu' --> 4:'1.2.3.4'.
-> $$ = nterm addr ()
Stack now 0 9
Entering state 56
Reducing stack by rule 34 (line 279):
   $1 = token SSH_LOGINERR_PAM ()
   $2 = nterm addr ()
-> $$ = nterm ssh_authfail ()
Stack now 0
Entering state 32
Reducing stack by rule 27 (line 264):
   $1 = nterm ssh_authfail ()
-> $$ = nterm sshmsg ()
Stack now 0
Entering state 30
Reducing stack by rule 11 (line 169):
   $1 = nterm sshmsg ()
-> $$ = nterm msg_single ()
Stack now 0
Entering state 28
Reducing stack by rule 9 (line 163):
   $1 = nterm msg_single ()
-> $$ = nterm logmsg ()
Stack now 0
Entering state 27
Reducing stack by rule 4 (line 125):
   $1 = nterm logmsg ()
-> $$ = nterm text ()
Stack now 0
Entering state 23
Reading a token: --accepting rule at line 223 (" ")
--accepting rule at line 222 ("via")
Next token is token WORD ()
Error: popping nterm text ()
Stack now 0
Cleanup: discarding lookahead token WORD ()
Stack now 0


Not sure what 
Next token is token WORD ()
Error: popping nterm text ()
means, any ideas?
tia,
bil

--
________________________
bil hays
Infrastructure Manager
Computer Science, UNC CH
http://www.cs.unc.edu/~hays/

Re: [Sshguard-maintainers] 196.41.105.18/32 # added from project site at Sun Jun 26 17:00:15 2011

[Jing Lu <luj...@gm...>]

Are you sure your IP number has not been added into the blacklist. Or you
can check your iptable rules, and make sure your ip number has not been
transformed.

I suggest that you can check all your computer configure, which article have
connection with sshguard.

On Tue, Jul 19, 2011 at 5:28 AM, Shaun Courtney <sh...@co...>wrote:

> Hello,
>
> I've noticed that I'm unable to ssh to some of my machines and on closer
> inspection I find my IP number has been added from the project. I'm not sure
> how this happened? Do you have any logs that can help me track down what
> happened to get this listed?
>
> Regards,
>
>
> Shaun
>
>
>
> ------------------------------------------------------------------------------
> Storage Efficiency Calculator
> This modeling tool is based on patent-pending intellectual property that
> has been used successfully in hundreds of IBM storage optimization engage-
> ments, worldwide.  Store less, Store more with what you own, Move data to
> the right place. Try It Now!
> http://www.accelacomm.com/jaw/sfnl/114/51427378/
> _______________________________________________
> Sshguard-maintainers mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-maintainers
>

[Sshguard-maintainers] 196.41.105.18/32 # added from project site at Sun Jun 26 17:00:15 2011

[Shaun C. <sh...@co...>]

Hello,

I've noticed that I'm unable to ssh to some of my machines and on closer inspection I find my IP number has been added from the project. I'm not sure how this happened? Do you have any logs that can help me track down what happened to get this listed?

Regards,


Shaun

[Sshguard-maintainers] sshguard 1.4

[Mij <mi...@bi...>]

Dear maintainers,

You have noticed that sshguard has been augmented with major
new features in the recent RC releases. To the best of our knowledge,
sshguard is now the only log-based IPS not vulnerable to log spoofing
from local users, nor most notably the infamous Denial Of Services from
remote attackers ( http://www.ossec.net/en/attacking-loganalysis.html ).

This is result of the fundamental design, and as for any tool based
on a good infrastructure, features are blooming with faster pace once
the framework is completed.

SSHGuard 1.4 is coming in the next weeks and will be a significant
leap from older versions. Among the news, blacklists are finally there
after many requests, and "touchiness" gives sshguard much higher
effectiveness in preventing brute forces by introducing more smartness
with respect to the other tools.

As we do not foresee code updates for the 1.4 stable release, we invite
you to start preparing packages for sshguard-1.4rc5 as sshguard-1.4 .
1.4 should appear in few weeks from now, after the usual testing, as a
rename of the 1.4rc5 package.

As usual, the team is available for assistance.

Re: [Sshguard-maintainers] [Sshguard-users] RPMS for RHEL4/5

[Mij <mi...@bi...>]

Thanks for reporting. I removed the repos because the author didn't  
maintain it any longer.
I will update the links.

Btw, if there is anybody interested in taking over, of course the RPM  
package is a significant plus.


On Feb 18, 2009, at 18:15 , Phusion wrote:

> I checked http://sshguard.sourceforge.net/packages/, but the RPM's
> weren't in there. Is there another place to find the RPMS for
> sshguard? Let me know.
>
> Phusion
>
> ------------------------------------------------------------------------------
> Open Source Business Conference (OSBC), March 24-25, 2009, San  
> Francisco, CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the  
> Enterprise
> -Strategies to boost innovation and cut costs with open source  
> participation
> -Receive a $600 discount off the registration fee with the source  
> code: SFAD
> http://p.sf.net/sfu/XcvMzF8H
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users

Re: [Sshguard-maintainers] sshguard and IPv6

[Mij <mi...@bi...>]

Hello Fernando,

thanks for reporting this, I will try to reproduce this problem in the  
next days.
Please file a bug here http://sourceforge.net/tracker/?group_id=188282&atid=924685
the maintainers mailing list is meant for packages, not development.

michele


On Nov 20, 2008, at 9:22 PM, Fernando Macedo wrote:

> Hello, I have installed sshguard on FreeBSD. When it blocked a ipv6  
> address on hosts.allow, it put a ipv6 with no []. After this, the  
> hosts.allow had no more worked. How to config it to works with ipv6?
>
> -- 
> Fernando Macedo
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's  
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
> Sshguard-maintainers mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-maintainers

[Sshguard-maintainers] sshguard and IPv6

[Fernando M. <fdf...@in...>]

Hello, I have installed sshguard on FreeBSD. When it blocked a ipv6 address
on hosts.allow, it put a ipv6 with no []. After this, the hosts.allow had no
more worked. How to config it to works with ipv6?

-- 
Fernando Macedo

[Sshguard-maintainers] 1.3

[Mij <mi...@bi...>]

Hello maintainers,

please update to 1.3. This version will be around for some time before  
an update.
For which packages are currently outdated see
http://sshguard.sourceforge.net/packages/

thanks for your persistent support.

michele