Menu
▾
▴
sshguard-users
|
From: Jos C. <ssh...@cl...> - 2016-08-01 09:43:00
|
After restarting my server for maintenance, I saw this in dmesg file: /Jul 31 18:08:39 ares sshguard[720]: fw: failed to block (-1)/ Can you tell me what this means? Thanks, Jos |
|
From: Kevin Z. <kev...@gm...> - 2016-08-01 15:46:27
|
On 08/01/2016 02:42, Jos Chrispijn wrote: > After restarting my server for maintenance, I saw this in dmesg file: > > /Jul 31 18:08:39 ares sshguard[720]: fw: failed to block (-1)/ > > Can you tell me what this means? SSHGuard failed to flush its pipe to sshg-fw when trying to block an address. Did you run `make install`? Some more information like 'configure' command line would be useful for figuring out what went wrong. Thanks, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Jos C. <ssh...@cl...> - 2016-08-01 17:56:23
|
Hello Kevin, In een bericht van 1-8-2016 17:46: > On 08/01/2016 02:42, Jos Chrispijn wrote: >> After restarting my server for maintenance, I saw this in dmesg file: >> >> /Jul 31 18:08:39 ares sshguard[720]: fw: failed to block (-1)/ >> >> Can you tell me what this means? > > SSHGuard failed to flush its pipe to sshg-fw when trying to block an > address. Did you run `make install`? > > Some more information like 'configure' command line would be useful for > figuring out what went wrong. What is displayed in dmesg is the text that is display during a system restart - no address blocking required as the server is in its startup phase. How do I use the configure sshguard? I did install it running make config first (resulting in "No options to configure") and then running make install clean. I have sshguard-ipfw-1.6.4_1 up-and-running currently. Best regards, Jos |
|
From: Kevin Z. <kev...@gm...> - 2016-08-01 18:00:45
|
On 08/01/2016 10:56, Jos Chrispijn wrote: > What is displayed in dmesg is the text that is display during a system > restart - no address blocking required as the server is in its startup > phase. Ahh, so you're running 1.6.4 from ports? How are you starting SSHGuard? Via the rc.d script or syslog? Does this message only appear when the machine is starting up? Does it show up when you restart SSHGuard without restarting the system? Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Mark F. <fe...@Fr...> - 2016-08-02 15:34:44
|
On Mon, Aug 1, 2016, at 13:00, Kevin Zheng wrote: > On 08/01/2016 10:56, Jos Chrispijn wrote: > > What is displayed in dmesg is the text that is display during a system > > restart - no address blocking required as the server is in its startup > > phase. > > Ahh, so you're running 1.6.4 from ports? How are you starting SSHGuard? > Via the rc.d script or syslog? Does this message only appear when the > machine is starting up? Does it show up when you restart SSHGuard > without restarting the system? > Actually I'm seeing this now as well, but I have a well populated table in IPFW so I'm not sure it's really failing to block these incidents. -- Mark Felder ports-secteam member fe...@Fr... |
|
From: Jos C. <ssh...@cl...> - 2016-08-01 18:08:54
|
In een bericht van 1-8-2016 20:00: > Ahh, so you're running 1.6.4 from ports? How are you starting SSHGuard? > Via the rc.d script or syslog? sshguard_enable="YES" sshguard_blacklist="40:/var/db/sshguard/blacklist.db" sshguard_whitelistfile="/usr/local/etc/sshguard.whitelist" > Does this message only appear when the machine is starting up? Yes that is correct. Only then (not on the system prompt after) Does it show up when you restart SSHGuard without restarting the system? Nope Best regards, Jos |
|
From: Kevin Z. <kev...@gm...> - 2016-08-01 18:50:46
|
On 08/01/2016 11:08, Jos Chrispijn wrote: >> Ahh, so you're running 1.6.4 from ports? How are you starting SSHGuard? >> Via the rc.d script or syslog? > > sshguard_enable="YES" > sshguard_blacklist="40:/var/db/sshguard/blacklist.db" > sshguard_whitelistfile="/usr/local/etc/sshguard.whitelist" > >> Does this message only appear when the machine is starting up? > Yes that is correct. Only then (not on the system prompt after) > > Does it show up when you restart SSHGuard without restarting the system? > Nope I'll hazard a guess that SSHGuard is being started before the firewall has been brought up. Can you try adding 'ipfw' to the REQUIRE line in /usr/local/etc/rc.d/sshguard and testing again? Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: Jos C. <ssh...@cl...> - 2016-08-01 19:24:51
|
In een bericht van 1-8-2016 20:50: > I'll hazard a guess that SSHGuard is being started before the firewall > has been brought up. > > Can you try adding 'ipfw' to the REQUIRE line in > /usr/local/etc/rc.d/sshguard and testing again? I will and let you know, thanks. BR, Jos |
|
From: Mark F. <fe...@Fr...> - 2016-08-01 19:53:08
|
> On Aug 1, 2016, at 14:24, Jos Chrispijn <ssh...@cl...> wrote: > > In een bericht van 1-8-2016 20:50: > >> I'll hazard a guess that SSHGuard is being started before the firewall >> has been brought up. >> >> Can you try adding 'ipfw' to the REQUIRE line in >> /usr/local/etc/rc.d/sshguard and testing again? > > I will and let you know, thanks. > > BR, Jos > Also check the order of services with "service -r" command. That will help identify what the system thinks the service order is going to be. We should probably add ipfw and pf to the REQUIRE line regardless. -- Mark Felder ports-secteam member fe...@Fr... |
|
From: <li...@la...> - 2016-08-01 20:10:36
|
Can you elaborate a bit more. I gather the idea is for sshguard not to start until ipfw is running. How is that enforced under freebsd? Shouldn't that already be set up in the script for the daemon? Original Message From: Mark Felder Sent: Monday, August 1, 2016 12:53 PM To: Jos Chrispijn Cc: ssh...@li... Subject: Re: [SSHGuard-users] Failed to block > On Aug 1, 2016, at 14:24, Jos Chrispijn <ssh...@cl...> wrote: > > In een bericht van 1-8-2016 20:50: > >> I'll hazard a guess that SSHGuard is being started before the firewall >> has been brought up. >> >> Can you try adding 'ipfw' to the REQUIRE line in >> /usr/local/etc/rc.d/sshguard and testing again? > > I will and let you know, thanks. > > BR, Jos > Also check the order of services with "service -r" command. That will help identify what the system thinks the service order is going to be. We should probably add ipfw and pf to the REQUIRE line regardless. -- Mark Felder ports-secteam member fe...@Fr... ------------------------------------------------------------------------------ _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
|
From: Mark F. <fe...@Fr...> - 2016-08-01 20:24:36
|
On Mon, Aug 1, 2016, at 15:10, li...@la... wrote: > Can you elaborate a bit more. I gather the idea is for sshguard not to > start until ipfw is running. How is that enforced under freebsd? > Shouldn't that already be set up in the script for the daemon? > It's not currently enforced, so I will push a fix for that. It would be odd for sshguard to be able to start before ipfw, but not impossible. -- Mark Felder ports-secteam member fe...@Fr... |
|
From: Gerard S. <car...@ou...> - 2016-08-01 20:38:53
|
On Mon, 1 Aug 2016 13:10:28 -0700, li...@la... stated: >Can you elaborate a bit more. I gather the idea is for sshguard not >to start until ipfw is running. How is that enforced under freebsd? >Shouldn't that already be set up in the script for the daemon? As root, run: service -e Check the output. On my system, IPFW is started well before sshguard. -- Carmel |
|
From: Jos C. <ssh...@cl...> - 2016-08-02 16:59:36
|
In een bericht van 1-8-2016 22:38: > As root, run: service -e On BSD i ran it - ipfw comes for sshguard -> /etc/rc.d/ipfw /etc/rc.d/newsyslog /etc/rc.d/syslogd /etc/rc.d/ntpdate /etc/rc.d/dmesg /etc/rc.d/virecover /etc/rc.d/motd -> /usr/local/etc/rc.d/sshguard --- cut --- best, Jos |
|
From: <li...@la...> - 2016-08-02 19:04:31
|
But is their fu to insure the daemon is up an running before the next service is started? I know initd and systemd, but it rcd But in the end, does this matter? If some IP is hammering 22, it will eventually be caught. So maybe during startup it will take an extra "offense" or two before it gets blocked. Original Message From: Jos Chrispijn Sent: Tuesday, August 2, 2016 9:59 AM To: ssh...@li... Subject: Re: [SSHGuard-users] Failed to block In een bericht van 1-8-2016 22:38: > As root, run: service -e On BSD i ran it - ipfw comes for sshguard -> /etc/rc.d/ipfw /etc/rc.d/newsyslog /etc/rc.d/syslogd /etc/rc.d/ntpdate /etc/rc.d/dmesg /etc/rc.d/virecover /etc/rc.d/motd -> /usr/local/etc/rc.d/sshguard --- cut --- best, Jos ------------------------------------------------------------------------------ _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
|
From: Mark F. <fe...@Fr...> - 2016-08-03 14:40:52
|
On Tue, Aug 2, 2016, at 14:04, li...@la... wrote: > But is their fu to insure the daemon is up an running before the next > service is started? > No, but I will add it in the next update. -- Mark Felder ports-secteam member fe...@Fr... |
Thanks for helping keep SourceForge clean.
X