From owner-freebsd-ports@freebsd.org  Tue Oct 16 05:52:26 2018
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2F56610E2B71
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue, 16 Oct 2018 05:52:26 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id C64DD7C540
 for <freebsd-ports@freebsd.org>; Tue, 16 Oct 2018 05:52:25 +0000 (UTC)
 (envelope-from dim@FreeBSD.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 8B6F310E2B70; Tue, 16 Oct 2018 05:52:25 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A32110E2B6F
 for <ports@mailman.ysv.freebsd.org>; Tue, 16 Oct 2018 05:52:25 +0000 (UTC)
 (envelope-from dim@FreeBSD.org)
Received: from tensor.andric.com (tensor.andric.com [87.251.56.140])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "tensor.andric.com",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 1D35C7C53E
 for <ports@freebsd.org>; Tue, 16 Oct 2018 05:52:25 +0000 (UTC)
 (envelope-from dim@FreeBSD.org)
Received: from coleburn.home.andric.com (coleburn.home.andric.com
 [192.168.0.15])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by tensor.andric.com (Postfix) with ESMTPSA id 5345B3A5B2;
 Tue, 16 Oct 2018 07:52:18 +0200 (CEST)
From: Dimitry Andric <dim@FreeBSD.org>
Message-Id: <B6CDAB74-F6FF-486B-A85A-BF82FA2E4C81@FreeBSD.org>
Content-Type: multipart/signed;
 boundary="Apple-Mail=_8A20E29D-0911-4397-AECE-1157BB448924";
 protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Subject: Re: sshguard - rc and blacklisting
Date: Tue, 16 Oct 2018 07:52:14 +0200
In-Reply-To: <feeb25e5-4685-bd34-c677-c45dc49ff41b@nethead.se>
Cc: ports@freebsd.org,
 dan.mcgregor@usask.ca
To: Per olof Ljungmark <peo@nethead.se>
References: <feeb25e5-4685-bd34-c677-c45dc49ff41b@nethead.se>
X-Mailer: Apple Mail (2.3445.9.1)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 05:52:26 -0000


--Apple-Mail=_8A20E29D-0911-4397-AECE-1157BB448924
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

On 15 Oct 2018, at 17:16, Per olof Ljungmark <peo@nethead.se> wrote:
> 
> Either I am doing it wrong or sshguard is not properly implemented.
> 
> 1. In the config file /usr/local/etc/sshguard.conf there is a parameter
> 
> # Colon-separated blacklist threshold and full path to blacklist file.
> # (optional, no default)
> #BLACKLIST_FILE=120:/var/db/sshguard/blacklist.db
> 
> however, the threshold setting does not seem to have any effect. If I
> change the setting in rc.d/sshguard, it does take effect.

Yes, this is a problem in /usr/local/etc/rc.d/sshguard.  It sets the
default sshguard_blacklist setting to 120:/var/db/sshguard/blacklist.
To work around it, I have put:

sshguard_blacklist=""

in my rc.conf.  Then only the settings in sshguard.conf are used.



> 2. Looking at /var/db/sshguard/blacklist.db, each row looks like
> 1539615075|220|4|143.0.65.92
> 
> There is another setting in the config,
> # Size of IPv4 subnet to block. Defaults to a single address, CIDR
> notation. (optional, default to 32)
> IPV4_SUBNET=32
> 
> I have tried to alter this setting to /24 and /29, auth.log says
> Blocking "143.0.65.92/29" forever
> but blacklist.db does not indiciate any different CDIR than /32.

I have no experience with this setting, and it seems to be pretty new.
It was not in my sample config file until quite recently, maybe it is
an upstream problem?  Have you looked at their bug tracker?

-Dimitry


--Apple-Mail=_8A20E29D-0911-4397-AECE-1157BB448924
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.2

iF0EARECAB0WIQR6tGLSzjX8bUI5T82wXqMKLiCWowUCW8V8jgAKCRCwXqMKLiCW
o/7OAJ4y0zvYE0U+3HkIlyD8il+ezbG4vQCgjSwd7dJZZlJAg8OEh1NGK/oOaLg=
=nCqh
-----END PGP SIGNATURE-----

--Apple-Mail=_8A20E29D-0911-4397-AECE-1157BB448924--