shmget: No space on device (sshit)

David King dking at
Sat Jun 3 22:20:34 PDT 2006

I'm trying to use from /usr/ports/secrurity/sshit, and I'm  
having some trouble with it that I think may be a bug, or a mis- 
configuration on my part.

sshit is a Perl program that receives syslog messages (configured in  
syslog.conf) of the form '/failed .*from (\d+\.\d+\.\d+\.\d+) /i' to  
try to detect SSH brute-force attempts, and after X from the same IP  
address in Y minutes, it adds them to an IPFW2 table, which has a  
"deny from" rule that runs on it.

sshit seems to be not working (i.e. it's never adding IP addresses to  
the ipfw2 table I specified) and dumping many of the following  
messages to /var/log/messages:
May 31 10:03:03 melchoir syslogd: Logging subprocess 20716 (exec /usr/ 
local/sbin/sshit) exited with status 28.

This appears to be because of the following:
~# echo 'May 29 12:20:32 melchoir sshd[5707]: Failed password for  
illegal user user1 from port 43282 ssh2' | sshit; echo  
"Error: $?"
IPC::Shareable::SharedMem: shmget: No space left on device
at /usr/local/lib/perl5/site_perl/5.8.8/IPC/ line 566
Could not create shared memory segment: No space left on device
at ./sshit line 295
Error: 28

As you can see, shmget seems to say that it cannot get a shared  
memory segment. However:

~% grep SYSV /usr/src/sys/i386/conf/ROUTERKERNEL
options         SYSVSHM                 #SYSV-style shared memory
options         SYSVMSG                 #SYSV-style message queues
options         SYSVSEM                 #SYSV-style semaphores

~% top|grep ^Mem
Mem: 182M Active, 23M Inact, 71M Wired, 1540K Cache, 41M Buf, 28M Free

~% sysctl -a | grep ipc.*shm
kern.ipc.shmmax: 134217728
kern.ipc.shmmin: 1
kern.ipc.shmmni: 192
kern.ipc.shmseg: 128
kern.ipc.shmall: 8192
kern.ipc.shm_use_phys: 0
kern.ipc.shm_allow_removed: 0

(that is after I turned up shmmax)

Some more potentially useful information:

~% grep*v[0-9] `which sshit`
#  v0.5

~% uname -a
FreeBSD <> 5.3-RELEASE-p20 FreeBSD 5.3-RELEASE-p20 #2: Fri Sep  9  
14:11:12 PDT 2005     root@<>:/usr/obj/usr/src/sys/ROUTERKERNEL  i386

~% pkg_info | grep sshit
sshit-0.5           Checks for SSH/FTP bruteforce and blocks given IPs

~% perl -v
This is perl, v5.8.8 built for i386-freebsd-64int

If you have absolutely any idea, please let me know. I'm happy to do  
some more debugging if it helps

More information about the freebsd-questions mailing list