Date: Fri, 7 Oct 2005 10:20:24 +0200 From: Enrique Ayesta Perojo <eayesta@portugalete.uned.es> To: Noel Jones <noeldude@gmail.com>, freebsd-questions@freebsd.org Subject: Re: bruteforceblocker + PF Message-ID: <200510071020.25224.eayesta@portugalete.uned.es> In-Reply-To: <cce506b0510061256x2ecaf01ct876eeb624c02307b@mail.gmail.com> References: <200510051204.54331.eayesta@portugalete.uned.es> <200510060907.57922.eayesta@por tugalete.uned.es> <cce506b0510061256x2ecaf01ct876eeb624c02307b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
El Osteguna 06 Urria 2005 21:56, Noel Jones escribi=F3: > I manually installed bruteforceblocker 1.1 (later noticed it's in > ports/security) and when it starts, it looks like: > ------- log started at Wed Oct 5 13:13:01 2005 ------- > > So it appears that your software is different from mine. No, it's the same version, it's the one of the ports, the change in the=20 symbols !!!!! was made by us. > Are you also seeing sshd logging information about failed and accepted > login attempts? Yes, i can see all the login attempts > One thing I did notice was that all the lines in the > bruteforceblocker.pl script ended with ^M. So I used vi to remove > them. I don't know if that is part of your problem or not, but it's > something you might check. Yes, i made the same when i installed the port > FWIW, after making the suggested change to my syslog.conf file and > editing the file locations in the bruteforceblocker.pl script, it > worked first try here. The only other suggestion I have is to check > your /etc/syslog.conf changes. > Find the line that looks like: > auth.info;authpriv.info /var/log/auth.log > and change it to: > auth.info;authpriv.info | exec > /usr/local/bin/bruteforceblocker.pl Also done :( Thanks for your help!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510071020.25224.eayesta>