Hello again!
thank you for your answer - I'll have a look at gentoo overlays to see
if there's some -9999 ebuild.
Cheers,
C.
On Wed, 12 Oct 2011 13:31:50 +0200, Mij wrote:
> On Oct 12, 2011, at 13:21 , Cedric Jeanneret wrote:
>
>> Hello!
>>
>> How can I read and edit the blacklist db file ? While doing "file
>> sshguard.db", it tells me it's some odd "raw G3 data, byte-padded",
>> which seems to be used for fax content... I'me guessing that's not
>> true.
>
> In sshguard-1.5 blacklists are in SimCList serialization format,
> which is
> binary (see http://mij.oltrelinux.com/devel/simclist/ ).
>
> In a recent commit on the SVN, blacklists are stored in
> human-readable
> format. Wait some weeks for have that appear in a release, or compile
> the sources from the SVN as described in
> http://www.sshguard.net/docs/setup/compile-install/#fetch-code
>
>
>> My final goal is to be able to get blacklisted addresses (and all
>> datas
>> I can get from this DB) to do some stats.
>
> You can extract the IPs with a command such as:
>
> strings /path/to/blacklist | grep -Eo "([0-9]+\.){3}[0-9]+"
>
> For extracting IPv6 addresses check out the regex in the sshguard
> sources.
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and
> makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2d-oct
> _______________________________________________
> Sshguard-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/sshguard-users
|
