Date: Wed, 10 Sep 2008 09:40:02 GMT From: Mij <mij@bitchx.it> To: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins Message-ID: <200809100940.m8A9e2xo012261@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/126867; it has been noted by GNATS. From: Mij <mij@bitchx.it> To: Michael <freebsdports@bindone.de> Cc: bug-followup@FreeBSD.org Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins Date: Wed, 10 Sep 2008 11:24:14 +0200 The way syslog is configured in a default system wrt what finishes into "auth.log" should impact sshguard only if you poll its content with the so-called "tail+sshguard combo" http://sshguard.sourceforge.net/doc/setup/loggingrawfile.html Under FreeBSD this is not the recommended way (this is the way the port prepares the system), as the system implementation of syslog supports pipes to external tools: http://sshguard.sourceforge.net/doc/setup/loggingsyslog.html In this latter approach, no matter what the original configuration of the system is, syslog is setup to feed sshguard with both messages. Please check that as follows: 1) enable this line: auth.info;authpriv.info |exec /usr/local/sbin/sshguard high in the /etc/syslog.conf file. 2) run /etc/rc.d/syslogd reload if sshguard is still not blocking, you can investigate it further pipe- ing from syslog to an instance of tee that logs and passes through to sshguard. On Sep 6, 2008, at 12:04 , Michael wrote: > No, I'm talking about auth.log. Seriously. > What about trying it on your own on a fresh install? > > Mij wrote: >> The fact you say there is only a single line and "the system logs" >> make me think you're considering /var/log/messages, >> there authentication messages do not appear. What about /var/log/ >> auth.log (or any other destination you set for auth.info)?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809100940.m8A9e2xo012261>