Date: Tue, 2 Nov 2010 10:40:01 -0700 (PDT) From: "Justin V." <vic@yeaguy.com> To: Rob Farmer <rfarmer@predatorlabs.net> Cc: freebsd-questions@freebsd.org Subject: Re: SSHgaurd and PF Message-ID: <alpine.BSF.2.00.1011021038080.19472@yeaguy.com> In-Reply-To: <AANLkTi=e5b0OTqbxky_bgYnH3gNeRyKBeYu1McypRmGV@mail.gmail.com> References: <alpine.BSF.2.00.1011020930390.17971@yeaguy.com> <AANLkTikq%2BgYWD=SEY4nKboV7QUTk9DQdj2bkJ_CRpoAv@mail.gmail.com> <alpine.BSF.2.00.1011021001001.18489@yeaguy.com> <AANLkTi=e5b0OTqbxky_bgYnH3gNeRyKBeYu1McypRmGV@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Nov 2010, Rob Farmer wrote: > On Tue, Nov 2, 2010 at 10:03, Justin V. <vic@yeaguy.com> wrote: >> This is the guide I used: >> >> http://www.sshguard.net/docs/setup/firewall/pf/ >> >> I followed this section to block all brute attempts: > > Right, but did you do this part too? > > http://www.sshguard.net/docs/setup/getlogs/syslog/ > > The part you mentioned sets up the table and has pf drop the > connection attempts, but you need to configure syslog to fill the > table with IPs of attackers. > > -- > Rob Farmer > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Actually this was installed after the port completed: yeaguy# grep sshg /etc/syslog.conf auth.info;authpriv.info |exec /usr/local/sbin/sshguard But it is not exactly what the HOWTO ways, the HOWTO does not mention the "exec" part. Put this line high into this file: auth.info;authpriv.info |/usr/local/sbin/sshguard
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1011021038080.19472>