sshguard - rc and blacklisting
Dimitry Andric
dim at FreeBSD.org
Tue Oct 16 05:52:26 UTC 2018
On 15 Oct 2018, at 17:16, Per olof Ljungmark <peo at nethead.se> wrote:
>
> Either I am doing it wrong or sshguard is not properly implemented.
>
> 1. In the config file /usr/local/etc/sshguard.conf there is a parameter
>
> # Colon-separated blacklist threshold and full path to blacklist file.
> # (optional, no default)
> #BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db
>
> however, the threshold setting does not seem to have any effect. If I
> change the setting in rc.d/sshguard, it does take effect.
Yes, this is a problem in /usr/local/etc/rc.d/sshguard. It sets the
default sshguard_blacklist setting to 120:/var/db/sshguard/blacklist.
To work around it, I have put:
sshguard_blacklist=""
in my rc.conf. Then only the settings in sshguard.conf are used.
> 2. Looking at /var/db/sshguard/blacklist.db, each row looks like
> 1539615075|220|4|143.0.65.92
>
> There is another setting in the config,
> # Size of IPv4 subnet to block. Defaults to a single address, CIDR
> notation. (optional, default to 32)
> IPV4_SUBNET=32
>
> I have tried to alter this setting to /24 and /29, auth.log says
> Blocking "143.0.65.92/29" forever
> but blacklist.db does not indiciate any different CDIR than /32.
I have no experience with this setting, and it seems to be pretty new.
It was not in my sample config file until quite recently, maybe it is
an upstream problem? Have you looked at their bug tracker?
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 223 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20181016/b00fce5f/attachment.sig>
More information about the freebsd-ports
mailing list