[MacPorts] #45347: sshguard respawn throttled

MacPorts noreply at macports.org
Mon Oct 13 07:50:11 PDT 2014


#45347: sshguard respawn throttled
--------------------------+---------------------
  Reporter:  lionteeth@…  |      Owner:  nefar@…
      Type:  defect       |     Status:  new
  Priority:  Normal       |  Milestone:
 Component:  ports        |    Version:  2.3.1
Resolution:               |   Keywords:
      Port:  sshguard     |
--------------------------+---------------------

Comment (by lionteeth@…):

 I found out what the problem was by looking at what the wrapper does and
 running the command directly:

 }}}
 /opt/local/sbin/sshguard -l /var/log/system.log -w
 /opt/local/etc/sshguard/whitelist -b
 5:/opt/local/var/db/sshguard/blacklist.db
 Doesn't make sense to have a blacklist threshold lower than one abuse
 (40). Terminating.
 }}}

 To make sshguard more aggressive, I had modified options to use

 {{{
 -l /var/log/system.log
 -w /opt/local/etc/sshguard/whitelist
 -b 5:/opt/local/var/db/sshguard/blacklist.db
 }}}

 as I was seeing lots of attacks and nothing was added to the blacklist.
 But -b is not the number of attacks to tolerate, as in denyhosts, but a
 "danger" measure that is poorly documented in the man page. Running the
 command directly gives me

 {{{
 Doesn't make sense to have a blacklist threshold lower than one abuse
 (40). Terminating.
 }}}

 It would be very useful if the wrapper could allow this error message to
 pass through to system.log.

 Now, the man page says "per-attack danger is 10", so it's unclear how 40
 represents one abuse, and I still don't know how much abuse -b 50 is.
 Anyway, bad documentation isn't macport's problem, so please close.

 Cheers,
 Dave

-- 
Ticket URL: <https://trac.macports.org/ticket/45347#comment:3>
MacPorts <http://www.macports.org/>
Ports system for OS X


More information about the macports-tickets mailing list