From: Kevin Z. <kev...@gm...> - 2017-01-02 22:19:33
|
Hi there, A lot of work to get SSHGuard working with new log sources (journalctl, macOS log) and backends (firewalld, ipset) has happened in 2.0. The new version also uses a configuration file. Some deprecated backends have been resurrected (hosts, ipfilter). Most importantly, SSHGuard has been split into several processes piped into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be sandboxed in its default configuration (without pid file, whitelist, blacklisting) and has not been tested sandboxed in other configurations. The sshguard program is now a driver script that glues everything together. It's probably still a little fragile. Some cleanup work remains. Documentation is also being updated. I encourage package maintainers and people with suitable test environments to give the new code a shot and provide feedback. The experimental code is available on SourceForge as 1.99.0 [1]. Thanks, Kevin [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.99.0/ -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
From: jungle B. <jun...@gm...> - 2017-01-03 02:41:27
|
Hi Kevin, On Jan 2, 2017 2:19 PM, "Kevin Zheng" <kev...@gm...> wrote: > > Hi there, > > A lot of work to get SSHGuard working with new log sources (journalctl, > macOS log) and backends (firewalld, ipset) has happened in 2.0. > > The new version also uses a configuration file. > > Some deprecated backends have been resurrected (hosts, ipfilter). > > Most importantly, SSHGuard has been split into several processes piped > into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). > sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be > sandboxed in its default configuration (without pid file, whitelist, > blacklisting) and has not been tested sandboxed in other configurations. > I'm going to give this a shot on that one host that had a problem. The OS has been reinstalled so I'm hoping it will make a difference this time around. Can you point us to the latest documentation? Thanks for your efforts, IMO, to make sshguard easier to use. > > The experimental code is available on SourceForge as 1.99.0 [1]. > > Thanks, > Kevin > > [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.99.0/ > > -- > Kevin Zheng > kev...@gm... | ke...@be... | PGP: 0xC22E1090 > > |
From: Daniel A. <co...@da...> - 2017-01-09 14:52:20
|
On Mon, Jan 2, 2017, at 23:19, Kevin Zheng wrote: > Hi there, > > A lot of work to get SSHGuard working with new log sources (journalctl, > macOS log) and backends (firewalld, ipset) has happened in 2.0. > > The new version also uses a configuration file. > > Some deprecated backends have been resurrected (hosts, ipfilter). > > Most importantly, SSHGuard has been split into several processes piped > into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). > sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be > sandboxed in its default configuration (without pid file, whitelist, > blacklisting) and has not been tested sandboxed in other configurations. > > The sshguard program is now a driver script that glues everything > together. It's probably still a little fragile. > > Some cleanup work remains. Documentation is also being updated. > > I encourage package maintainers and people with suitable test > environments to give the new code a shot and provide feedback. My Fedora 25 systems with a journalctl and firewalld setup seems quite happy with everything, except the Ctrl+C error message I reported. That issue is completely trivial, of course. > The experimental code is available on SourceForge as 1.99.0 [1]. > > [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.99.0/ -- Daniel Aleksandersen https://daniel.priv.no/ |
From: jungle b. <jun...@gm...> - 2017-01-10 03:39:55
|
On 01/02/2017 02:19 PM, Kevin Zheng wrote: > Hi there, > > A lot of work to get SSHGuard working with new log sources (journalctl, > macOS log) and backends (firewalld, ipset) has happened in 2.0. > > The new version also uses a configuration file. > > Some deprecated backends have been resurrected (hosts, ipfilter). > > Most importantly, SSHGuard has been split into several processes piped > into one another (sshg-logmon | sshg-parser | sshg-blocker | sshg-fw). > sshg-parser can run with capsicum(4) and pledge(2). sshg-blocker can be > sandboxed in its default configuration (without pid file, whitelist, > blacklisting) and has not been tested sandboxed in other configurations. > > The sshguard program is now a driver script that glues everything > together. It's probably still a little fragile. > > Some cleanup work remains. Documentation is also being updated. > > I encourage package maintainers and people with suitable test > environments to give the new code a shot and provide feedback. > > The experimental code is available on SourceForge as 1.99.0 [1]. > I'm not a packages maintainer but I tested this out on an OpenBSD machine I have. Aside from the known start up issues[0], I was able to install and use sshguard without any issues. > Thanks, > Kevin > > [1] https://sourceforge.net/projects/sshguard/files/sshguard/1.99.0/ > Thanks, jb [0] http://marc.info/?l=openbsd-ports&m=148396223206682&w=2 |
From: Kevin Z. <kev...@gm...> - 2017-01-10 03:57:53
|
On 01/09/17 21:39, jungle boogie wrote: > I'm not a packages maintainer but I tested this out on an OpenBSD > machine I have. > > Aside from the known start up issues[0], I was able to install and use > sshguard without any issues. Glad to hear. I could only gather this from the mailing list: "It crashes when /etc/rc exits (with a blacklist db file), so it needs to be started after /etc/rc has finished." Any idea what's happening? It'd be nice to work it out before the next release :) Thanks, Kevin -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
From: jungle b. <jun...@gm...> - 2017-01-10 06:08:32
|
On 01/09/2017 07:57 PM, Kevin Zheng wrote: > On 01/09/17 21:39, jungle boogie wrote: >> I'm not a packages maintainer but I tested this out on an OpenBSD >> machine I have. >> >> Aside from the known start up issues[0], I was able to install and use >> sshguard without any issues. > > Glad to hear. > > I could only gather this from the mailing list: > > "It crashes when /etc/rc exits (with a blacklist db file), > so it needs to be started after /etc/rc has finished." > > Any idea what's happening? It'd be nice to work it out before the next > release :) > I don't know the cause, sadly. It seems users generally come up with their own solution and don't worry about it beyond that. Here's it checking to see if sshguard is running, which eventually fails. $ doas /etc/rc.d/sshguard check + daemon=/usr/local/sbin/sshguard + . /etc/rc.d/rc.subr + _rc_actions=start stop restart reload check + readonly _rc_actions + [ -n ] + basename /etc/rc.d/sshguard + _name=sshguard + _rc_check_name sshguard + [ -n /usr/local/sbin/sshguard ] + unset _RC_DEBUG _RC_FORCE + getopts df c + shift 0 + _RC_RUNDIR=/var/run/rc.d + _RC_RUNFILE=/var/run/rc.d/sshguard + _rc_do _rc_parse_conf + eval _rcflags=${sshguard_flags} + _rcflags= + eval _rcrtable=${sshguard_rtable} + _rcrtable= + eval _rcuser=${sshguard_user} + _rcuser= + eval _rctimeout=${sshguard_timeout} + _rctimeout= + getcap -f /etc/login.conf sshguard + > /dev/null + 2>&1 + daemon_class=daemon + [ -z ] + daemon_rtable=0 + [ -z ] + daemon_user=root + [ -z ] + daemon_timeout=30 + [ -n -o check != start ] + [ X = XNO ] + [ -n ] + [ -n ] + [ -n ] + [ -n ] + [ -n ] + readonly daemon_class + unset _rcflags _rcrtable _rcuser _rctimeout + pexp=/usr/local/sbin/sshguard + rcexec=su -l -c daemon -s /bin/sh root -c + [ 0 -eq 0 ] + rc_bg=YES + rc_reload=NO + rc_cmd check sshguard(failed) > Thanks, > Kevin > |