sshguard-users

[SSHGuard-users] Can't Get it to work

[Bob W. <bob...@ed...>]

I have sshguard version 2.1.0 installed on Devuan 2.0 (a debian variant 
without systemd).  I am running sshd under daemon tools and using 
multilog, but auth.log also registers failed attempts. I have also set 
up sshguard to run under daemontools.  Here is my run script:

> #!/bin/sh
>
> export SSHGUARD_DEBUG=1
> exec 2>&1
> exec /usr/local/sbin/sshguard

I have tried configuring the sshgaurd.conf file to watch auth.log or the 
sshd multilog which I put in /var/log/sshd/current.  In the 
/usr/local/etc/sshguard.conf file I set the FILE variable to 
/var/log/sshd/current.  When I run sshgaurd, the output is this:

> trap: SIGINT: bad trap
> sshguard[16082]: whitelist: add IPv4 block: 127.0.0.0 with mask 8.
> sshguard[16082]: whitelist: add '127.0.0.1' as plain IPv4.
> sshguard[16082]: whitelist: add plain IPv4 127.0.0.1.
> sshguard[16082]: Now monitoring attacks.
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> sshguard   all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  127.0.0.1            127.0.0.1
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0 state 
> RELATED,ESTABLISHED
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0 icmptype 3
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0 icmptype 11
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0 icmptype 8
> ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0 icmptype 0
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0 tcp dpt:8095
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0 tcp dpt:80
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0 tcp dpt:443
>
> Chain FORWARD (policy DROP)
> target     prot opt source               destination
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain sshguard (1 references)
> target     prot opt source               destination

But when I try to login with bad password sshguard does not seem to 
recognize it.  There is nothing in the sshguard log.

What am I doing wrong??

-- 
Bob Wooldridge
EDM Incorporated
http://www.edm-inc.com

Re: [SSHGuard-users] Can't Get it to work

[Kevin Z. <kev...@gm...>]

On 06/25/2018 13:24, Bob Wooldridge wrote:
> I have sshguard version 2.1.0 installed on Devuan 2.0 (a debian variant
> without systemd).  I am running sshd under daemon tools and using
> multilog, but auth.log also registers failed attempts. I have also set
> up sshguard to run under daemontools.  Here is my run script:
> 
>> #!/bin/sh
>>
>> export SSHGUARD_DEBUG=1
>> exec 2>&1
>> exec /usr/local/sbin/sshguard
> 
> I have tried configuring the sshgaurd.conf file to watch auth.log or the
> sshd multilog which I put in /var/log/sshd/current.  In the
> /usr/local/etc/sshguard.conf file I set the FILE variable to
> /var/log/sshd/current.  When I run sshgaurd, the output is this:
> But when I try to login with bad password sshguard does not seem to
> recognize it.  There is nothing in the sshguard log.
> 
> What am I doing wrong??

Could you paste a few examples of lines from your /var/log/sshd/current
that should be detected? I could be that it just doesn't recognize the
log messages on your system.

The "trap: SIGINT: bad trap" is a bug that has since been fixed but
probably isn't the one causing issues for you.

What did you run to generate that iptables output, or did that just show
up by itself?

-- 
Kevin Zheng
kev...@gm... | ke...@be... | PGP: 0xC22E1090