Hi J,
When you doubt that SSHGuard is detecting a message, have
a quick glance at
http://www.sshguard.net/docs/reference/attack-signatures/
and see if that's supposed to be supported.
In this specific case, though, notice that vsftpd support has been
added in 1.5beta3, and was not present in 1.4.
(See http://freshmeat.net/projects/sshguard/releases ).
cheers
On Aug 10, 2010, at 21:33 , op...@ni... wrote:
> Hello,
>
> I have been pulling my hair for the past hour trying to get sshguard
> (1.4.4) to play nice with vsftpd (2.2.2). Frustrated, I tried to parse
> my log message in the debug mode, here is the result:
>
> Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan.
> [testuser] FAIL LOGIN: Client "192.168.1.12"
> Starting parse
> Entering state 0
> Reading a token: --accepting rule at line 183 ("[")
> Next token is token '[' ()
> Cleanup: discarding lookahead token '[' ()
> Stack now 0
>
>> From that I gather that sshguard did not recognize the message? Is it
> a bug, or am I doing something wrong?
>
> Some help would be appreciated.
>
> Regards,
> J.
|
