Date: Wed, 10 Sep 2008 15:34:41 +0200 From: Michael <freebsdports@bindone.de> To: Mij <mij@bitchx.it> Cc: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins Message-ID: <48C7CCF1.2090704@bindone.de> In-Reply-To: <200809100940.m8A9e2xo012261@freefall.freebsd.org> References: <200809100940.m8A9e2xo012261@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is what I'm doing, I just put the tail approach into "howto repeat" for simplicity. Can you send me the configuration you're using on your system (sshd, pam etc.)? You still didn't tell me which system you're using. Did you try using it on a fresh installation? What have I do to make you try this and accept that it doesn't work? Mij wrote: > The following reply was made to PR ports/126867; it has been noted by GNATS. > > From: Mij <mij@bitchx.it> > To: Michael <freebsdports@bindone.de> > Cc: bug-followup@FreeBSD.org > Subject: Re: ports/126867: security/sshguard-pf 1.1 fails to detect attempted logins > Date: Wed, 10 Sep 2008 11:24:14 +0200 > > The way syslog is configured in a default system wrt what finishes > into "auth.log" > should impact sshguard only if you poll its content with the so-called > "tail+sshguard combo" > http://sshguard.sourceforge.net/doc/setup/loggingrawfile.html > > Under FreeBSD this is not the recommended way (this is the way the > port prepares the > system), as the system implementation of syslog supports pipes to > external tools: > http://sshguard.sourceforge.net/doc/setup/loggingsyslog.html > > In this latter approach, no matter what the original configuration of > the system is, syslog > is setup to feed sshguard with both messages. Please check that as > follows: > > 1) enable this line: > auth.info;authpriv.info |exec /usr/local/sbin/sshguard > high in the /etc/syslog.conf file. > 2) run /etc/rc.d/syslogd reload > > if sshguard is still not blocking, you can investigate it further pipe- > ing from syslog to > an instance of tee that logs and passes through to sshguard. > On Sep 6, 2008, at 12:04 , Michael wrote: > > > > No, I'm talking about auth.log. Seriously. > > What about trying it on your own on a fresh install? > > > > Mij wrote: > >> The fact you say there is only a single line and "the system logs" > >> make me think you're considering /var/log/messages, > >> there authentication messages do not appear. What about /var/log/ > >> auth.log (or any other destination you set for auth.info)? > _______________________________________________ > freebsd-ports-bugs@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs > To unsubscribe, send any mail to "freebsd-ports-bugs-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48C7CCF1.2090704>