FS#33722 - [sshguard] does not protect the first 9 days of every month

Attached to Project: Community Packages
Opened by Txema (txemarix) - Tuesday, 05 February 2013, 01:40 GMT
Last edited by Sergej Pupykin (sergej) - Monday, 11 February 2013, 15:22 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Sergej Pupykin (sergej)
Massimiliano Torromeo (mtorromeo)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

Description:
sshguard parses the timestamp in syslog format DAY 1-31 (75. DAYNO [1-9][0-9]? in 'attack_scanner.l') but systemd/journalctl uses format 01-31, thus not protect during the first nine days of the month.

As a workaround can be used "-o cat" on sshguard-journalctl:
'/usr/bin/journalctl -afbp info -n1 SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 -o cat | /usr/sbin/sshguard -l- "$@"'
with the secondary effect can not use '-f servicecode:pidfile' sshguard parameter (does not appear pid when 'journalctl -o cat')

Additional info:
* package version(s)
1.5.0 (Arch 1.5-9)


Steps to reproduce:

debug sshguard with 'env LANG=C SSHGUARD_DEBUG=true /usr/sbin/sshguard'

paste in standard input 'journalctl format'
'Jan 04 23:12:13 HostName sshd[404]: Failed password for test from 192.168.191.160 port 3873 ssh2'
nothing happens

paste in standard input 'syslog format'
'Jan 4 17:16:49 HostName sshd[404]: Failed password for test from 192.168.192.163 port 3816 ssh2'
Matched address 192.168.192.161:4 attacking service 100, dangerousness 10
This task depends upon

Closed by  Sergej Pupykin (sergej)
Monday, 11 February 2013, 15:22 GMT
Reason for closing:  Fixed
Comment by Sergej Pupykin (sergej) - Monday, 11 February 2013, 15:19 GMT
please try sshguard 1.5-10

Loading...