Menu
▾
▴
sshguard-users
|
From: Jos C. <ssh...@cl...> - 2016-06-09 18:15:40
|
Can you tell me what the best way is of removing a blocked IP from SSHGuard? Thanks, Jos Chrispijn |
|
From: Henri S. <hen...@gm...> - 2016-06-09 21:07:03
|
> Can you tell me what the best way is of removing a blocked IP from SSHGuard? Someone please correct me if I am mistaken. But typically a reboot of the system / SSHGuard will take care of this? Is it possible to use a persistent file so that a reboot will not cause a blocked IP address from being removed. I could be wrong on this (reboot) point ; if someone knows 100%, please reply to this message. Hope that helps. Now there is another question? ------------------------------------------------------ Fresh beats now available for free download from HTRAX : http://www.htrax.xyz On 10/06/2016, at 6:15 AM, Jos Chrispijn <ssh...@cl...> wrote: |
|
From: Jos C. <ssh...@cl...> - 2016-06-11 13:23:22
|
In een bericht van 9-6-2016 23:06: >> Can you tell me what the best way is of removing a blocked IP from SSHGuard? Thanks everyone for your reply - issue solved. ./Jos |
|
From: Jos C. <ssh...@cl...> - 2016-06-10 07:57:11
|
In een bericht van 9-6-2016 23:06: >> Can you tell me what the best way is of removing a blocked IP from SSHGuard? > > Someone please correct me if I am mistaken. But typically a reboot of the system / SSHGuard will take care of this? Don't think so - blocked IP's are normally registered in a *.db (which isn't a database but a textfile (I think). My question actually referred to this file - can I just edit the file and remove some of the IP's or should I do that from the sshguard command line? /Jos |
|
From: James H. <jam...@gm...> - 2016-06-10 08:20:06
|
Just delete the line from the text file. I believe historically the file had been binary but was converted to text. You can also whitelist addresses you know are good. I whitelist the rfc 1918 addresses just to prevent any parsing error causing too much trouble. On Fri, Jun 10, 2016 at 12:57 AM, Jos Chrispijn <ssh...@cl...> wrote: > In een bericht van 9-6-2016 23:06: > > >> Can you tell me what the best way is of removing a blocked IP from > SSHGuard? > > > > Someone please correct me if I am mistaken. But typically a reboot of > the system / SSHGuard will take care of this? > > Don't think so - blocked IP's are normally registered in a *.db (which > isn't a database but a textfile (I think). My question actually referred > to this file - can I just edit the file and remove some of the IP's or > should I do that from the sshguard command line? > > /Jos > > > > > ------------------------------------------------------------------------------ > What NetFlow Analyzer can do for you? Monitors network bandwidth and > traffic > patterns at an interface-level. Reveals which users, apps, and protocols > are > consuming the most bandwidth. Provides multi-vendor support for NetFlow, > J-Flow, sFlow and other flows. Make informed decisions using capacity > planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e > _______________________________________________ > sshguard-users mailing list > ssh...@li... > https://lists.sourceforge.net/lists/listinfo/sshguard-users > -- James Harris Software Engineer jam...@gm... |
|
From: Kevin Z. <kev...@gm...> - 2016-06-10 15:08:10
|
On 06/10/16 00:57, Jos Chrispijn wrote: > In een bericht van 9-6-2016 23:06: > >>> Can you tell me what the best way is of removing a blocked IP >>> from SSHGuard? >> >> Someone please correct me if I am mistaken. But typically a reboot >> of the system / SSHGuard will take care of this? > > Don't think so - blocked IP's are normally registered in a *.db > (which isn't a database but a textfile (I think). My question > actually referred to this file - can I just edit the file and remove > some of the IP's or should I do that from the sshguard command line? Yes, remove the address from the db file. If SSHGuard is running, then that address is probably blocked in the firewall, too. In that case, either restart SSHGuard or manually remove the block from the firewall ruleset. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Henri S. <hen...@gm...> - 2016-06-11 06:34:41
|
> Yes, remove the address from the db file. If SSHGuard is running, then
> that address is probably blocked in the firewall, too. In that case,
> either restart SSHGuard or manually remove the block from the firewall
> ruleset.
Thank you for the clarification on this point Kevin.
A couple of further questions relating to this discussion (sorry for thread hijacking) :
(Q1) The main page makes no mention of this db file.
Is there a default location for this argument which
allows you to specify a path to the blocked db file?
Man Page Link : http://www.sshguard.net/docs/man/sshguard/1_5/
(Q2) Is it possible to have SSH guard just hold the blocked IP
addresses in memory (rather than disk) so that a restart
will clear all the blocked entires?
------------------------------------------------------
Fresh beats now available for free download from HTRAX :
http://www.htrax.xyz
|
|
From: Kevin Z. <kev...@gm...> - 2016-06-11 14:25:06
|
On 06/10/16 23:34, Henri Shustak wrote: > A couple of further questions relating to this discussion (sorry for thread hijacking) : > > (Q1) The main page makes no mention of this db file. > Is there a default location for this argument which > allows you to specify a path to the blocked db file? > Man Page Link : http://www.sshguard.net/docs/man/sshguard/1_5/ We've been calling it the 'db' file, but it's actually just the blacklist. You can specify the path and threshold using the '-b' option. > (Q2) Is it possible to have SSH guard just hold the blocked IP > addresses in memory (rather than disk) so that a restart > will clear all the blocked entires? Yes, just don't use the '-b' option. Some startup scripts (for example, FreeBSD's rc.d) enables blacklisting by default. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
Thanks for helping keep SourceForge clean.
X