On Sun, May 05, 2019 at 02:25:37AM -0700, Corsaire01 wrote: > Hello everyone. > > I found out that /etc/sshguard.conf is completely ignored, it is just on my > system ? > I got triggered when the machines in my own network got banned although I > did enable the WHITELIST_FILE option. > > furthermore, default options in the file and default options after starting > the daemon are different > > /etc/sshguard.conf > #### OPTIONS #### > # Block attackers when their cumulative attack score exceeds THRESHOLD. > # Most attacks have a score of 10. (optional, default 30) > THRESHOLD=30 > > # Block attackers for initially BLOCK_TIME seconds after exceeding > THRESHOLD. > # Subsequent blocks increase by a factor of 1.5. (optional, default 120) > BLOCK_TIME=120 > > # IP addresses listed in the WHITELIST_FILE are considered to be > # friendlies and will never be blocked. > WHITELIST_FILE=/etc/friends > > > # /etc/rc.d/sshguard start > # ps auwxx | grep sshguard > root 40901 0.0 0.2 844 836 C0 Ip 6:01PM 0:00.00 /bin/sh > /usr/local/sbin/sshguard -a 10 -l /var/log/authlog -p 14400 -w > /var/db/sshguard/whitelist.db > root 83350 0.0 0.1 844 652 C0 Ip 6:01PM 0:00.00 /bin/sh > /usr/local/sbin/sshguard -a 10 -l /var/log/authlog -p 14400 -w > /var/db/sshguard/whitelist.db > root 68041 0.0 0.3 1144 1580 C0 Ip 6:01PM 0:00.02 > /usr/local/libexec/sshg-blocker -a 10 -p 14400 -s 1800 -N 128 -n 32 -w > /var/db/sshguard/whitelist.db > root 65827 0.0 0.1 844 584 C0 Ip 6:01PM 0:00.01 /bin/sh > /usr/local/sbin/sshguard -a 10 -l /var/log/authlog -p 14400 -w > /var/db/sshguard/whitelist.db > > > At this point I would see to add options in /etc/rc.d/sshguard in the line > daemon="/usr/local/sbin/sshguard"
Is that what you have done now (above) because I can't really see a default installation of sshguard pass _any_ command line options to the /usr/local/sbin/sshguard script. It could be that you had an old "sshguard_flags" setting in /etc/rc.conf.local" maybe? This should no longer be needed and all configuration can be done in /etc/sshguard.conf. > but is this recommendable... config files are supposed to be in /etc for a > reason. > > btw, you can put your whitelist in /var/db/sshguard/whitelist.db as > advertised by the ps I've just tested installing sshguard freshly, and it _definitely_ picks up the WHITELIST_FILE from /etc/sshguard.conf > > OpenBSD 6.5 with 'pkg_add sshguard' here > > > > -- > Sent from: > http://openbsd-archive.7691.n7.nabble.com/openbsd-user-ports-f108501.html Regards, -- Kusalananda Sweden
