Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i'm trying to get this sshguard to work and i'm not having much luck with it
so i've installed it
./configure --with-firewall=iptables
make && make install
and set it up...
first editet /etc/syslog.conf
and added at the EOF:
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
as it stated in README
and did a restart
/etc/rc.d/rc.syslogd restart
then i edited /etc/ssh/sshd_config
and changed UseDNS yes to:
UseDNS no
and restarted that to with
/etc/rc.d/rc.sshd restart
edited iptables rules
added new chain
iptables -N sshguard
redirected all ssh trafic from INPUT to the newly created chain
iptables -A INPUT -p tcp -m tcp --dport 22 -j sshguard
and accepted port 22 in sshguard chain
iptables -A sshguard -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT
ok it's time to test this stuff
so i connect to a remote server and connect right back to my server through port 22 protocol ssh
the README says that after ssh auth atempt something like this should pop up in the log files(i guess /var/log/messages):
Feb 1 01:01:01 host sshguard[1234]: Started successfully [(a,p,s)=(4, 420, 1200)], now ready to scan.
so as i connect from the remote host back to my server i watch this log file with
tail -f /var/log/messages
and nothing like that pops up
I only get this:
May 14 18:52:02 x-shells sshd[12400]: Connection from 86.61.99.50 port 53722
May 14 18:52:04 x-shells sshd[12400]: Failed none for admin from 86.61.99.50 port 53722 ssh2
May 14 18:52:47 x-shells sshd[12400]: Accepted password for admin from 86.61.99.50 port 53722 ssh2
Loging on sshd is set to VERBOSE
maybe this could be wrong?
it does not exist
it's not loging
because it's not starting...
if i connect to the server via ssh there should be a sshguard process in the list
but there isn't any
would you mind posting your syslog.conf here or on a private message?
i think it has something to do with this...
Look for the destination of auth.* in syslog.conf, not for the auth.log file itself
From this bunch of files, it could be "secure".
Quote:
it does not exist
it's not loging
because it's not starting...
if i connect to the server via ssh there should be a sshguard process in the list
but there isn't any
This is most likely a syslog misconfiguration then.
Quote:
would you mind posting your syslog.conf here or on a private message?
i think it has something to do with this...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.