Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#33723 - [sshguard] does not protect the first 9 days of every month

Attached to Project: Community Packages
Opened by Txema (txemarix) - Tuesday, 05 February 2013, 01:50 GMT
Last edited by Daniel Wallace (gtmanfred) - Tuesday, 05 February 2013, 02:00 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details


Description:
sshguard parses the timestamp in syslog format DAY 1-31 (75. DAYNO [1-9][0-9]? in 'attack_scanner.l') but systemd/journalctl uses format 01-31, thus not protect during the first nine days of the month.

As a workaround can be used "-o cat" on sshguard-journalctl:
'/usr/bin/journalctl -afbp info -n1 SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 -o cat | /usr/sbin/sshguard -l- "$@"'
with the secondary effect can not use '-f servicecode:pidfile' sshguard parameter (does not appear pid when 'journalctl -o cat')

Additional info:
* package version(s)
1.5.0 (Arch 1.5-9)


Steps to reproduce:

debug sshguard with 'env LANG=C SSHGUARD_DEBUG=true /usr/sbin/sshguard'

paste in standard input 'journalctl format'
'Jan 04 23:12:13 HostName sshd[404]: Failed password for test from 192.168.191.160 port 3873 ssh2'
nothing happens

paste in standard input 'syslog format'
'Jan 4 17:16:49 HostName sshd[404]: Failed password for test from 192.168.192.163 port 3816 ssh2'
Matched address 192.168.192.161:4 attacking service 100, dangerousness 10
This task depends upon

Closed by  Daniel Wallace (gtmanfred)
Tuesday, 05 February 2013, 02:00 GMT
Reason for closing:  Duplicate
Additional comments about closing:   FS#33722 

Loading...