FS#37150 : [sshguard] attacks missed due to log prefix

FS#37150 - [sshguard] attacks missed due to log prefix

Attached to Project: Community Packages
Opened by Johan R (cleanrock) - Monday, 30 September 2013, 19:23 GMT
Last edited by Massimiliano Torromeo (mtorromeo) - Wednesday, 30 October 2013, 18:23 GMT

Task Type	Bug Report
Category	Packages
Status	Closed
Assigned To	Sergej Pupykin (sergej) Massimiliano Torromeo (mtorromeo)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

I just noticed that sshguard missed all attacks made today (Sep 30).
I am using --output=cat now to avoid this problem.
sshguard 1.5-15

Steps to reproduce:
Start sshguard in debug mode and paste attacks.

# env SSHGUARD_DEBUG=foo /usr/bin/sshguard

It will not catch:
Sep 30 02:25:50 host sshd[4033]: Failed password for root from 1.2.3.4 port 40316 ssh2

Change 30 to 29 and it will be catched:
Sep 29 02:25:50 host sshd[4033]: Failed password for root from 1.2.3.4 port 40316 ssh2

This task depends upon

Closed by Massimiliano Torromeo (mtorromeo)
Wednesday, 30 October 2013, 18:23 GMT
Reason for closing: Fixed
Additional comments about closing: sshguard-1.5-16

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#37150 - [sshguard] attacks missed due to log prefix

Details

Loading...