ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins
Michael
freebsdports at bindone.de
Sat Sep 6 10:10:04 UTC 2008
The following reply was made to PR ports/126867; it has been noted by GNATS.
From: Michael <freebsdports at bindone.de>
To: Mij <mij at bitchx.it>
Cc: bug-followup at FreeBSD.org
Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted
logins
Date: Sat, 06 Sep 2008 12:04:11 +0200
No, I'm talking about auth.log. Seriously.
What about trying it on your own on a fresh install?
Mij wrote:
>
> On 5 Sep 2008, at 17:08, Michael wrote:
>
>> Plain vanilla standard FreeBSD install (6.3-RELEASE and 7.0-RELEASE).
>> There is no more context, the system logs only a single line:
>>
>> Sep 5 17:06:17 server sshd[71127]: error: PAM: authentication error
>> for xyz from 10.1.1.1
>>
>> This is basically what sshguard 1.0 was looking for.
>> What's your uname -a?
>>
>> Also, by the way, because there is only one line of log, as a bonus
>> syslogd agregates the error messages (last line repeated n times)
>> which is something sshguard also doesn't handle.
>
> The fact you say there is only a single line and "the system logs" make
> me think you're considering /var/log/messages,
> there authentication messages do not appear. What about
> /var/log/auth.log (or any other destination you set for auth.info)?
>
>
>>
>>
>> Mij wrote:
>>> The PAM log entry you report follows a failed login attempt, but in
>>> turn should be followed by
>>> SSHD's own log entry, that looks like
>>> Sep 4 20:25:46 voodoo sshd[19972]: Failed keyboard-interactive/pam
>>> for invalid user usrn from 1.2.3.4 port 51196 ssh2
>>> this latter is what sshguard is sensitive to.
>>> If you examine the context around that line in your auth.log, what
>>> does it look like?
>>
>
More information about the freebsd-ports-bugs
mailing list