sshguard-users Mailing List for SSHGuard (Page 64)

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

> Hi all.
>
>    I installed sshguard on Open suse. by
>
> ./configure --prefix=/usr --with-firewall=iptables
>
> make
>
> su - root
>
> make install
>
> i add
> iptables -N sshguard
> iptables -A INPUT -p tcp --dport 22 -j sshguard

this is correct

> chmod +s /usr/sbin/sshguard

please don't make sshguard setuid. Besides being useless, this is very
lame and dangerous. A local user could simply run sshguard and feed it
some crafted lines of text with arbitrary IP addresses and make the
machine block them. This is a major mistake.

> then i edit
>
> /etc/syslog-ng/syslog-ng.conf
>
>
> concatenate
>
> filter sshlogs { facility(authpriv) and match(ssh); };
> destination sshguardproc { program("/usr/sbin/sshguard"); };
> log { source(src); filter(sshlogs); destination(sshguardproc); };
>
> killall -HUP syslog-ng

this is correct

> ln -s /usr/sbin/ip* /sbin/

not idea what this orrible thing should serve for :)

> then i ssh with the wrong password 3 times and it does sshguard does not
start automatically nor it blocks ip. I started sshguard manually with
-a 2
> -p 3& and it starts but it does not block ips.

sshguard detects attackers by analyzing log entries it's given in its
standard input. If it's not started by syslog-ng, the problem is in
syslog-ng configuration. But for spotting this problem, just try to run
sshguard manually like this (as root!):

tail -n0 -F /var/log/auth.log | /usr/sbin/sshguard

replace auth.log with the file in which sshd logs to, find it with:

cd /var/log
grep -rl 'sshd\[' .

> After i tried it on a redhat 3.0 AS test server. with a few variations
to the configuration but again it did not start the sshguard nor it
blocked the
> ip.
>
> Did i missed anything on the configuration?
>
> Any help is appreciated.

Please try to run sshguard as said above, try some logins as non-existent
user for example, and report what happens.

>
>
> Giovanni
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
>

2007	Jan	Feb	Mar (10)	Apr (7)	May (6)	Jun (13)	Jul (4)	Aug	Sep	Oct (17)	Nov (5)	Dec (4)
2008	Jan (2)	Feb	Mar	Apr (4)	May (2)	Jun (7)	Jul (10)	Aug (4)	Sep (14)	Oct	Nov (1)	Dec (7)
2009	Jan (17)	Feb (20)	Mar (11)	Apr (14)	May (8)	Jun (3)	Jul (22)	Aug (9)	Sep (8)	Oct (6)	Nov (4)	Dec (8)
2010	Jan (17)	Feb (9)	Mar (15)	Apr (24)	May (14)	Jun (1)	Jul (21)	Aug (6)	Sep (2)	Oct (2)	Nov (6)	Dec (9)
2011	Jan (11)	Feb (1)	Mar (3)	Apr (4)	May	Jun	Jul (2)	Aug (3)	Sep (2)	Oct (29)	Nov (1)	Dec (1)
2012	Jan (1)	Feb (1)	Mar	Apr (13)	May (4)	Jun (9)	Jul (2)	Aug (2)	Sep (1)	Oct (2)	Nov (11)	Dec (4)
2013	Jan (2)	Feb (2)	Mar (4)	Apr (13)	May (4)	Jun	Jul	Aug (1)	Sep (5)	Oct (3)	Nov (1)	Dec (3)
2014	Jan	Feb (3)	Mar (3)	Apr (6)	May (8)	Jun	Jul	Aug (1)	Sep (1)	Oct (3)	Nov (14)	Dec (8)
2015	Jan (16)	Feb (30)	Mar (20)	Apr (5)	May (33)	Jun (11)	Jul (15)	Aug (91)	Sep (23)	Oct (10)	Nov (7)	Dec (9)
2016	Jan (22)	Feb (8)	Mar (6)	Apr (23)	May (38)	Jun (29)	Jul (43)	Aug (43)	Sep (18)	Oct (8)	Nov (2)	Dec (25)
2017	Jan (38)	Feb (3)	Mar (1)	Apr	May (18)	Jun (2)	Jul (16)	Aug (2)	Sep	Oct (1)	Nov (4)	Dec (14)
2018	Jan (15)	Feb (2)	Mar (3)	Apr (5)	May (8)	Jun (12)	Jul (19)	Aug (16)	Sep (8)	Oct (13)	Nov (15)	Dec (10)
2019	Jan (9)	Feb (3)	Mar	Apr (2)	May	Jun (1)	Jul	Aug (5)	Sep (5)	Oct (12)	Nov (4)	Dec
2020	Jan (2)	Feb (6)	Mar	Apr	May (11)	Jun (1)	Jul (3)	Aug (22)	Sep (8)	Oct	Nov (2)	Dec
2021	Jan (7)	Feb	Mar (19)	Apr	May (10)	Jun (5)	Jul (7)	Aug (3)	Sep (1)	Oct	Nov (10)	Dec (4)
2022	Jan (17)	Feb	Mar (7)	Apr (3)	May	Jun (1)	Jul (3)	Aug	Sep	Oct (6)	Nov	Dec
2023	Jan	Feb (5)	Mar (1)	Apr (3)	May	Jun (3)	Jul (2)	Aug	Sep	Oct	Nov (6)	Dec
2024	Jan	Feb	Mar	Apr	May (3)	Jun	Jul	Aug	Sep	Oct	Nov	Dec
2025	Jan	Feb	Mar (15)	Apr (8)	May (10)	Jun	Jul	Aug	Sep	Oct	Nov	Dec

sshguard-users Mailing List for SSHGuard (Page 64)

Intelligently block brute-force attacks by aggregating system logs

sshguard-users — User questions and answers, bugs, and general support