From owner-freebsd-questions@FreeBSD.ORG Fri Oct 7 08:20:34 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D356816A41F for ; Fri, 7 Oct 2005 08:20:34 +0000 (GMT) (envelope-from eayesta@portugalete.uned.es) Received: from hermes-uno.uned.es (hermes-uno.uned.es [62.204.192.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA5F543D46 for ; Fri, 7 Oct 2005 08:20:33 +0000 (GMT) (envelope-from eayesta@portugalete.uned.es) Received: from hermes-uno.uned.es (localhost.localdomain [127.0.0.1]) by localhost.uned.es (Postfix) with ESMTP id 09A4F30D12D; Fri, 7 Oct 2005 10:20:33 +0200 (CEST) Received: from proxy1-2.uned.es (bm103103-8.uned.es [10.103.103.8]) by hermes-uno.uned.es (Postfix) with ESMTP id E67BB30D129; Fri, 7 Oct 2005 10:20:32 +0200 (CEST) Received: from eu83-213-54-87.clientes.euskaltel.es (eu83-213-54-87.clientes.euskaltel.es [83.213.54.87]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by proxy1-2.uned.es (Postfix) with ESMTP id 1A57F2EFE9; Fri, 7 Oct 2005 10:20:32 +0200 (CEST) From: Enrique Ayesta Perojo To: Noel Jones , freebsd-questions@freebsd.org Date: Fri, 7 Oct 2005 10:20:24 +0200 User-Agent: KMail/1.8.2 References: <200510051204.54331.eayesta@portugalete.uned.es> <200510060907.57922.eayesta@por tugalete.uned.es> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200510071020.25224.eayesta@portugalete.uned.es> Cc: Subject: Re: bruteforceblocker + PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Oct 2005 08:20:35 -0000 El Osteguna 06 Urria 2005 21:56, Noel Jones escribi=F3: > I manually installed bruteforceblocker 1.1 (later noticed it's in > ports/security) and when it starts, it looks like: > ------- log started at Wed Oct 5 13:13:01 2005 ------- > > So it appears that your software is different from mine. No, it's the same version, it's the one of the ports, the change in the=20 symbols !!!!! was made by us. > Are you also seeing sshd logging information about failed and accepted > login attempts? Yes, i can see all the login attempts > One thing I did notice was that all the lines in the > bruteforceblocker.pl script ended with ^M. So I used vi to remove > them. I don't know if that is part of your problem or not, but it's > something you might check. Yes, i made the same when i installed the port > FWIW, after making the suggested change to my syslog.conf file and > editing the file locations in the bruteforceblocker.pl script, it > worked first try here. The only other suggestion I have is to check > your /etc/syslog.conf changes. > Find the line that looks like: > auth.info;authpriv.info /var/log/auth.log > and change it to: > auth.info;authpriv.info | exec > /usr/local/bin/bruteforceblocker.pl Also done :( Thanks for your help!