Date: Tue, 2 Nov 2010 11:48:59 -0700 From: Rob Farmer <rfarmer@predatorlabs.net> To: "Justin V." <vic@yeaguy.com> Cc: freebsd-questions@freebsd.org Subject: Re: SSHgaurd and PF Message-ID: <AANLkTikmWqAhs4Cy0G8TsMKR%2BNGercXFYLaY1c7DoyHf@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.1011021140110.20336@yeaguy.com> References: <alpine.BSF.2.00.1011020930390.17971@yeaguy.com> <AANLkTikq%2BgYWD=SEY4nKboV7QUTk9DQdj2bkJ_CRpoAv@mail.gmail.com> <alpine.BSF.2.00.1011021001001.18489@yeaguy.com> <AANLkTi=e5b0OTqbxky_bgYnH3gNeRyKBeYu1McypRmGV@mail.gmail.com> <alpine.BSF.2.00.1011021038080.19472@yeaguy.com> <AANLkTi=29TVb%2BFm6o8Weom_9r6g9_J5vohqOJ=Ngn28f@mail.gmail.com> <alpine.BSF.2.00.1011021140110.20336@yeaguy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 2, 2010 at 11:42, Justin V. <vic@yeaguy.com> wrote: > So i added this: > > auth.info;authpriv.info;ftp.info =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0/var/log/= auth.log > > > This is existing: > > ftp.info =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0/var/log/xferlog > > > > > I see my failed attempts going to auth.log and sshguard is still not > blocking or logging.. > > I restarted both syslog and sshguard.. I feel like we are almost there > > > thanks, > > jv Great - then try: ftp.info |exec /usr/local/sbin/sshguard in your /etc/syslog.conf (don't forget to restart syslog) and it should be working - I'm not sure what the threshold for sshguard to block someone is, but you could test it - just make sure you have a way to get back in if it works and your IP is blocked (or wait for the next script kiddie). --=20 Rob Farmer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikmWqAhs4Cy0G8TsMKR%2BNGercXFYLaY1c7DoyHf>