From owner-freebsd-questions@FreeBSD.ORG Tue Nov 2 18:25:07 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 32408106566C for ; Tue, 2 Nov 2010 18:25:07 +0000 (UTC) (envelope-from vic@yeaguy.com) Received: from hrndva-omtalb.mail.rr.com (hrndva-omtalb.mail.rr.com [71.74.56.125]) by mx1.freebsd.org (Postfix) with ESMTP id E06378FC08 for ; Tue, 2 Nov 2010 18:25:06 +0000 (UTC) X-Authority-Analysis: v=1.1 cv=+c36koQ5Dcj/1qolKHjtkYAGXvrVJRRiKMp+84F5sLg= c=1 sm=0 a=K3oiwSFwsX5fJWoDMELOCw==:17 a=iOhrDboYAAAA:8 a=fQfmUbWOAAAA:8 a=6I5d2MoRAAAA:8 a=TUwG_g2B8ACdXgIqAHEA:9 a=7fn6RSeTsJWC5qzoTCwA:7 a=RLmRVtKbxJNkgZMML84FdmqwDNAA:4 a=wPNLvfGTeEIA:10 a=9dkskfOryOwA:10 a=-_C46MR6lL4A:10 a=r1Rw5q6XLFEA:10 a=SV7veod9ZcQA:10 a=K3oiwSFwsX5fJWoDMELOCw==:117 X-Cloudmark-Score: 0 X-Originating-IP: 67.49.120.184 Received: from [67.49.120.184] ([67.49.120.184:26517] helo=[192.168.1.169]) by hrndva-oedge03.mail.rr.com (envelope-from ) (ecelerity 2.2.3.46 r()) with ESMTP id 29/3D-24070-18750DC4; Tue, 02 Nov 2010 18:25:06 +0000 Date: Tue, 2 Nov 2010 11:25:03 -0700 (PDT) From: "Justin V." To: Rob Farmer In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="623271173-1257277227-1288722304=:20165" Cc: freebsd-questions@freebsd.org Subject: Re: SSHgaurd and PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Nov 2010 18:25:07 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --623271173-1257277227-1288722304=:20165 Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8BIT On Tue, 2 Nov 2010, Rob Farmer wrote: > On Tue, Nov 2, 2010 at 10:40, Justin V. wrote: >> Actually this was installed after the port completed: >> >> >> yeaguy# grep sshg /etc/syslog.conf >> auth.info;authpriv.info     |exec /usr/local/sbin/sshguard >> >> But it is not exactly what the HOWTO ways, the HOWTO does not mention the >> "exec" part. > > Could be that the docs are written for Linux or another version of > syslog. The port and the man page say include the exec, so I would go > with that. > >> >> Put this line high into this file: >> >> auth.info;authpriv.info    |/usr/local/sbin/sshguard > > Ok - if that isn't working, then check to see if your ftp server is > logging to syslog under auth or authpriv. If not you'll need to change > the setup to get the logs from the right place. > > -- > Rob Farmer > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > I do not see ftp going to auth: yeaguy# grep -i pure /var/log/auth.log yeaguy# grep -i ftp /var/log/auth.log Oct 30 07:36:49 yeaguy sshd[74718]: subsystem request for sftp Oct 30 08:37:25 yeaguy sshd[74942]: subsystem request for sftp Oct 30 08:51:20 yeaguy sshd[74984]: subsystem request for sftp Oct 30 12:49:04 yeaguy sshd[2301]: subsystem request for sftp Oct 30 12:49:56 yeaguy sshd[2308]: subsystem request for sftp Nov 2 08:44:42 yeaguy sshd[17190]: subsystem request for sftp Nov 2 08:46:14 yeaguy sshd[17241]: subsystem request for sftp yeaguy# But I dont have pure-ftp looking at pam so that makes sense right? Probably wouldnt show up there then? I am doing virtual user for pure-ftp. Here is the passwd db for pure: yeaguy# grep pure /etc/inetd.conf ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd -l puredb:/usr/local/etc/pureftpd.pdb yeaguy# so i need to pipe the pure db to auth? thanks, justin --623271173-1257277227-1288722304=:20165--