Date: Tue, 16 Oct 2018 07:52:14 +0200 From: Dimitry Andric <dim@FreeBSD.org> To: Per olof Ljungmark <peo@nethead.se> Cc: ports@freebsd.org, dan.mcgregor@usask.ca Subject: Re: sshguard - rc and blacklisting Message-ID: <B6CDAB74-F6FF-486B-A85A-BF82FA2E4C81@FreeBSD.org> In-Reply-To: <feeb25e5-4685-bd34-c677-c45dc49ff41b@nethead.se> References: <feeb25e5-4685-bd34-c677-c45dc49ff41b@nethead.se>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_8A20E29D-0911-4397-AECE-1157BB448924 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii On 15 Oct 2018, at 17:16, Per olof Ljungmark <peo@nethead.se> wrote: > > Either I am doing it wrong or sshguard is not properly implemented. > > 1. In the config file /usr/local/etc/sshguard.conf there is a parameter > > # Colon-separated blacklist threshold and full path to blacklist file. > # (optional, no default) > #BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db > > however, the threshold setting does not seem to have any effect. If I > change the setting in rc.d/sshguard, it does take effect. Yes, this is a problem in /usr/local/etc/rc.d/sshguard. It sets the default sshguard_blacklist setting to 120:/var/db/sshguard/blacklist. To work around it, I have put: sshguard_blacklist="" in my rc.conf. Then only the settings in sshguard.conf are used. > 2. Looking at /var/db/sshguard/blacklist.db, each row looks like > 1539615075|220|4|143.0.65.92 > > There is another setting in the config, > # Size of IPv4 subnet to block. Defaults to a single address, CIDR > notation. (optional, default to 32) > IPV4_SUBNET=32 > > I have tried to alter this setting to /24 and /29, auth.log says > Blocking "143.0.65.92/29" forever > but blacklist.db does not indiciate any different CDIR than /32. I have no experience with this setting, and it seems to be pretty new. It was not in my sample config file until quite recently, maybe it is an upstream problem? Have you looked at their bug tracker? -Dimitry --Apple-Mail=_8A20E29D-0911-4397-AECE-1157BB448924 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.2 iF0EARECAB0WIQR6tGLSzjX8bUI5T82wXqMKLiCWowUCW8V8jgAKCRCwXqMKLiCW o/7OAJ4y0zvYE0U+3HkIlyD8il+ezbG4vQCgjSwd7dJZZlJAg8OEh1NGK/oOaLg= =nCqh -----END PGP SIGNATURE----- --Apple-Mail=_8A20E29D-0911-4397-AECE-1157BB448924--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B6CDAB74-F6FF-486B-A85A-BF82FA2E4C81>