ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins
Michael
freebsdports at bindone.de
Fri Sep 5 15:40:06 UTC 2008
The following reply was made to PR ports/126867; it has been noted by GNATS.
From: Michael <freebsdports at bindone.de>
To: Mij <mij at bitchx.it>
Cc: bug-followup at FreeBSD.org
Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted
logins
Date: Fri, 05 Sep 2008 17:08:50 +0200
Plain vanilla standard FreeBSD install (6.3-RELEASE and 7.0-RELEASE).
There is no more context, the system logs only a single line:
Sep 5 17:06:17 server sshd[71127]: error: PAM: authentication error for
xyz from 10.1.1.1
This is basically what sshguard 1.0 was looking for.
What's your uname -a?
Also, by the way, because there is only one line of log, as a bonus
syslogd agregates the error messages (last line repeated n times) which
is something sshguard also doesn't handle.
Mij wrote:
> The PAM log entry you report follows a failed login attempt, but in turn
> should be followed by
> SSHD's own log entry, that looks like
>
> Sep 4 20:25:46 voodoo sshd[19972]: Failed keyboard-interactive/pam for
> invalid user usrn from 1.2.3.4 port 51196 ssh2
>
> this latter is what sshguard is sensitive to.
> If you examine the context around that line in your auth.log, what does
> it look like?
More information about the freebsd-ports-bugs
mailing list