Menu
▾
▴
sshguard-users
|
From: Kevin Z. <kev...@gm...> - 2016-07-25 23:23:23
|
Dear SSHGuard users, SSHGuard 1.7.0 was planned for August, bringing bug fixes, backend changes, and minor attack signature improvements. Some of these changes need feedback and testing, and the release won't happen without you! In no particular order, items that need feedback: Backends have been rewritten. PF is well-tested, IPFW should work, but iptables is untested because I don't have a Linux box handy. The hosts backend should work but needs more testing. If it turns out that nobody cares about testing/running it I'll drop it from 1.7.0. Does process validation still work? Should it be dropped from 1.7.0? LogSucker is deprecated. If you're having issues, use sshg-logtail to monitor your logs and pipe it into SSHGuard. In future releases "-l" may just be a convenience flag that invokes sshg-logtail. External hooks are gone. If you need hooks, edit the sshg-fw script. sshg-fw and sshg-parser are installed in libexec. Only sshg-fw is currently needed for SSHGuard to run, but sshg-parser is useful for checking if your logs are correctly parsed. To test, check out the 'master' branch from SSHGuard's Bitbucket repository. If there's anything I can do to make testing easier, please let me know. Thanks, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: <li...@la...> - 2016-07-26 02:51:25
|
Since this is a major change, can 1.7.0 be tested without being the daemon? That build the code, but don't do the make install step, then run the code from where it was built. While I have your ear, is there some way to flush/reset table 22? Mine seems to be on permanent block. Original Message From: Kevin Zheng Sent: Monday, July 25, 2016 4:23 PM To: ssh...@li... Subject: [SSHGuard-users] Feedback needed on 1.7.0 Dear SSHGuard users, SSHGuard 1.7.0 was planned for August, bringing bug fixes, backend changes, and minor attack signature improvements. Some of these changes need feedback and testing, and the release won't happen without you! In no particular order, items that need feedback: Backends have been rewritten. PF is well-tested, IPFW should work, but iptables is untested because I don't have a Linux box handy. The hosts backend should work but needs more testing. If it turns out that nobody cares about testing/running it I'll drop it from 1.7.0. Does process validation still work? Should it be dropped from 1.7.0? LogSucker is deprecated. If you're having issues, use sshg-logtail to monitor your logs and pipe it into SSHGuard. In future releases "-l" may just be a convenience flag that invokes sshg-logtail. External hooks are gone. If you need hooks, edit the sshg-fw script. sshg-fw and sshg-parser are installed in libexec. Only sshg-fw is currently needed for SSHGuard to run, but sshg-parser is useful for checking if your logs are correctly parsed. To test, check out the 'master' branch from SSHGuard's Bitbucket repository. If there's anything I can do to make testing easier, please let me know. Thanks, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports.http://sdm.link/zohodev2dev _______________________________________________ sshguard-users mailing list ssh...@li... https://lists.sourceforge.net/lists/listinfo/sshguard-users |
|
From: Kevin Z. <kev...@gm...> - 2016-07-26 02:59:51
|
On 07/25/2016 19:51, li...@la... wrote: > Since this is a major change, can 1.7.0 be tested without being the > daemon? That build the code, but don't do the make install step, then > run the code from where it was built. You'll need to run `make install` because SSHGuard looks for the helper script sshg-fw in PREFIX. However, you can install to a different prefix: $ ./configure --prefix /tmp/sshguard $ make install SSHGuard will be installed using /tmp/sshguard as a prefix, which means you don't even have to be root to run `make install`. To test, running /tmp/sshguard/sbin/sshguard will suffice. > While I have your ear, is there some way to flush/reset table 22? > Mine seems to be on permanent block. As root, run: # ipfw table 22 flush If this results in an error we'll have to troubleshoot. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
|
From: <li...@la...> - 2016-07-26 03:21:40
|
Once the install to tmp is done, I should do a service sshguard stop. I gather I should find the options used by the daemon used by 1.6.4 and then run the binary in tmp using those options. Here is a reminder on how to build for those who stumble on those auto tools that seem anything but auto to me: http://www.sshguard.net/docs/setup/compile-install/ As an aside, I've seen a major uptick in hacking starting last Thursday. Without naming names, a country that recently thwarted a coup has been running masscan (something like zmap). I have obvious scripts been run on port 80. The exact same sequence of hacks originating from all over the place, which I assume are compromised systems. You should never have your guard down, but now seems like a bad time. So if there are problems, I want to switch back to the existing sshguard pronto. Original Message From: Kevin Zheng Sent: Monday, July 25, 2016 7:59 PM To: li...@la...; ssh...@li... Subject: Re: [SSHGuard-users] Feedback needed on 1.7.0 On 07/25/2016 19:51, li...@la... wrote: > Since this is a major change, can 1.7.0 be tested without being the > daemon? That build the code, but don't do the make install step, then > run the code from where it was built. You'll need to run `make install` because SSHGuard looks for the helper script sshg-fw in PREFIX. However, you can install to a different prefix: $ ./configure --prefix /tmp/sshguard $ make install SSHGuard will be installed using /tmp/sshguard as a prefix, which means you don't even have to be root to run `make install`. To test, running /tmp/sshguard/sbin/sshguard will suffice. > While I have your ear, is there some way to flush/reset table 22? > Mine seems to be on permanent block. As root, run: # ipfw table 22 flush If this results in an error we'll have to troubleshoot. Best, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
Thanks for helping keep SourceForge clean.
X