sshguard - rc and blacklisting
Per olof Ljungmark
peo at nethead.se
Mon Oct 15 15:17:02 UTC 2018
Hello,
Either I am doing it wrong or sshguard is not properly implemented.
1. In the config file /usr/local/etc/sshguard.conf there is a parameter
# Colon-separated blacklist threshold and full path to blacklist file.
# (optional, no default)
#BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db
however, the threshold setting does not seem to have any effect. If I
change the setting in rc.d/sshguard, it does take effect.
2. Looking at /var/db/sshguard/blacklist.db, each row looks like
1539615075|220|4|143.0.65.92
There is another setting in the config,
# Size of IPv4 subnet to block. Defaults to a single address, CIDR
notation. (optional, default to 32)
IPV4_SUBNET=32
I have tried to alter this setting to /24 and /29, auth.log says
Blocking "143.0.65.92/29" forever
but blacklist.db does not indiciate any different CDIR than /32.
Any ideas?
More information about the freebsd-ports
mailing list