From owner-freebsd-questions@FreeBSD.ORG  Tue Nov  2 17:40:09 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F13CF1065679
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Nov 2010 17:40:09 +0000 (UTC) (envelope-from vic@yeaguy.com)
Received: from hrndva-omtalb.mail.rr.com (hrndva-omtalb.mail.rr.com
	[71.74.56.125]) by mx1.freebsd.org (Postfix) with ESMTP id 9D99E8FC0C
	for <freebsd-questions@freebsd.org>;
	Tue,  2 Nov 2010 17:40:09 +0000 (UTC)
X-Authority-Analysis: v=1.1 cv=+c36koQ5Dcj/1qolKHjtkYAGXvrVJRRiKMp+84F5sLg=
	c=1 sm=0 a=kj9zAlcOel0A:10 a=K3oiwSFwsX5fJWoDMELOCw==:17
	a=iOhrDboYAAAA:8 a=LfvH3UrpAAAA:8 a=6I5d2MoRAAAA:8
	a=fQfmUbWOAAAA:8 a=WhnKQcDePHNVVxfp_TcA:9
	a=9o5_6D04fEvOpVLTemEA:7 a=S3N12pOWH7c_WkOOJogkAH3NFCAA:4
	a=CjuIK1q_8ugA:10 a=BtQAhrSs5kQA:10 a=-_C46MR6lL4A:10
	a=SV7veod9ZcQA:10 a=r1Rw5q6XLFEA:10
	a=K3oiwSFwsX5fJWoDMELOCw==:117
X-Cloudmark-Score: 0
X-Originating-IP: 67.49.120.184
Received: from [67.49.120.184] ([67.49.120.184:51662] helo=[192.168.1.169])
	by hrndva-oedge03.mail.rr.com (envelope-from <vic@yeaguy.com>)
	(ecelerity 2.2.3.46 r()) with ESMTP
	id C0/04-24070-3FC40DC4; Tue, 02 Nov 2010 17:40:08 +0000
Date: Tue, 2 Nov 2010 10:40:01 -0700 (PDT)
From: "Justin V." <vic@yeaguy.com>
To: Rob Farmer <rfarmer@predatorlabs.net>
In-Reply-To: <AANLkTi=e5b0OTqbxky_bgYnH3gNeRyKBeYu1McypRmGV@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.1011021038080.19472@yeaguy.com>
References: <alpine.BSF.2.00.1011020930390.17971@yeaguy.com>
	<AANLkTikq+gYWD=SEY4nKboV7QUTk9DQdj2bkJ_CRpoAv@mail.gmail.com>
	<alpine.BSF.2.00.1011021001001.18489@yeaguy.com>
	<AANLkTi=e5b0OTqbxky_bgYnH3gNeRyKBeYu1McypRmGV@mail.gmail.com>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: freebsd-questions@freebsd.org
Subject: Re: SSHgaurd and PF
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Nov 2010 17:40:10 -0000



On Tue, 2 Nov 2010, Rob Farmer wrote:

> On Tue, Nov 2, 2010 at 10:03, Justin V. <vic@yeaguy.com> wrote:
>> This is the guide I used:
>>
>> http://www.sshguard.net/docs/setup/firewall/pf/
>>
>> I followed this section to block all brute attempts:
>
> Right, but did you do this part too?
>
> http://www.sshguard.net/docs/setup/getlogs/syslog/
>
> The part you mentioned sets up the table and has pf drop the
> connection attempts, but you need to configure syslog to fill the
> table with IPs of attackers.
>
> -- 
> Rob Farmer
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>


Actually this was installed after the port completed:


yeaguy# grep sshg /etc/syslog.conf
auth.info;authpriv.info     |exec /usr/local/sbin/sshguard

But it is not exactly what the HOWTO ways, the HOWTO does not mention the 
"exec" part.

Put this line high into this file:

auth.info;authpriv.info    |/usr/local/sbin/sshguard