ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins
mij at bitchx.it
Wed Sep 10 09:40:03 UTC 2008
The following reply was made to PR ports/126867; it has been noted by GNATS.
From: Mij <mij at bitchx.it>
To: Michael <freebsdports at bindone.de>
Cc: bug-followup at FreeBSD.org
Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins
Date: Wed, 10 Sep 2008 11:24:14 +0200
The way syslog is configured in a default system wrt what finishes
should impact sshguard only if you poll its content with the so-called
Under FreeBSD this is not the recommended way (this is the way the
port prepares the
system), as the system implementation of syslog supports pipes to
In this latter approach, no matter what the original configuration of
the system is, syslog
is setup to feed sshguard with both messages. Please check that as
1) enable this line:
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
high in the /etc/syslog.conf file.
2) run /etc/rc.d/syslogd reload
if sshguard is still not blocking, you can investigate it further pipe-
ing from syslog to
an instance of tee that logs and passes through to sshguard.
On Sep 6, 2008, at 12:04 , Michael wrote:
> No, I'm talking about auth.log. Seriously.
> What about trying it on your own on a fresh install?
> Mij wrote:
>> The fact you say there is only a single line and "the system logs"
>> make me think you're considering /var/log/messages,
>> there authentication messages do not appear. What about /var/log/
>> auth.log (or any other destination you set for auth.info)?
More information about the freebsd-ports-bugs