SSHgaurd and PF
Rob Farmer
rfarmer at predatorlabs.net
Tue Nov 2 18:49:00 UTC 2010
On Tue, Nov 2, 2010 at 11:42, Justin V. <vic at yeaguy.com> wrote:
> So i added this:
>
> auth.info;authpriv.info;ftp.info /var/log/auth.log
>
>
> This is existing:
>
> ftp.info /var/log/xferlog
>
>
>
>
> I see my failed attempts going to auth.log and sshguard is still not
> blocking or logging..
>
> I restarted both syslog and sshguard.. I feel like we are almost there
>
>
> thanks,
>
> jv
Great - then try:
ftp.info |exec /usr/local/sbin/sshguard
in your /etc/syslog.conf (don't forget to restart syslog) and it
should be working - I'm not sure what the threshold for sshguard to
block someone is, but you could test it - just make sure you have a
way to get back in if it works and your IP is blocked (or wait for the
next script kiddie).
--
Rob Farmer
More information about the freebsd-questions
mailing list