f5b
December 26th, 2010, 03:48
have test sshguard with TCP wrapper(hosts.allow), not work, see the topic last day.
now test sshguard-pf with pf firewall, same problem.
cd /usr/ports/security/sshguard-pf
make install clean
vi etc/syslog.conf
add line
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
the server have two interfaces,one for int, another for ext
so
vi /etc/pf.conf
table <sshguard> persist
set skip on lo
scrub in
block in quick on egress proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
pass in
pass out
/etc/rc.d/syslog reload
top found
7907 root 2 44 0 7184K 1612K nanslp 4 0:00 0.00% sshguard
test the brute force ssh, nothing found excecpt ...
Dec 26 10:29:47 b sshd[1077]: Server listening on 0.0.0.0 port 22.
Dec 26 10:29:47 b sshguard[1079]: Started successfully [(a,p,s)=(4, 420, 1200)],now ready to scan.
Dec 26 10:32:18 b sshd[1202]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:18 b sshd[1202]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49700 ssh2
Dec 26 10:32:18 b sshd[1202]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:18 b sshd[1202]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49700 ssh2
Dec 26 10:32:23 b sshd[1206]: Invalid user a from 10.0.0.88
Dec 26 10:32:23 b sshd[1206]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:23 b sshd[1206]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49701 ssh2
Dec 26 10:32:23 b sshd[1206]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:23 b sshd[1206]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49701 ssh2
Dec 26 10:32:29 b sshd[1210]: Invalid user a from 10.0.0.88
Dec 26 10:32:29 b sshd[1210]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:29 b sshd[1210]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49702 ssh2
Dec 26 10:32:29 b sshd[1210]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:29 b sshd[1210]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49702 ssh2
Dec 26 10:32:34 b sshd[1214]: Invalid user a from 10.0.0.88
Dec 26 10:32:34 b sshd[1214]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:34 b sshd[1214]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49703 ssh2
Dec 26 10:32:34 b sshd[1214]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:34 b sshd[1214]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49703 ssh2
Dec 26 10:32:39 b sshd[1218]: Invalid user a from 10.0.0.88
Dec 26 10:32:39 b sshd[1218]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:39 b sshd[1218]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49704 ssh2
Dec 26 10:32:39 b sshd[1218]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:39 b sshd[1218]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49704 ssh2
Dec 26 10:32:43 b sshd[1222]: Invalid user a from 10.0.0.88
Dec 26 10:32:44 b sshd[1222]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:44 b sshd[1222]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49705 ssh2
Dec 26 10:32:44 b sshd[1222]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:44 b sshd[1222]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49705 ssh2
Dec 26 10:32:48 b sshd[1226]: Invalid user a from 10.0.0.88
now test sshguard-pf with pf firewall, same problem.
cd /usr/ports/security/sshguard-pf
make install clean
vi etc/syslog.conf
add line
auth.info;authpriv.info |exec /usr/local/sbin/sshguard
the server have two interfaces,one for int, another for ext
so
vi /etc/pf.conf
table <sshguard> persist
set skip on lo
scrub in
block in quick on egress proto tcp from <sshguard> to any port 22 label "ssh bruteforce"
pass in
pass out
/etc/rc.d/syslog reload
top found
7907 root 2 44 0 7184K 1612K nanslp 4 0:00 0.00% sshguard
test the brute force ssh, nothing found excecpt ...
Dec 26 10:29:47 b sshd[1077]: Server listening on 0.0.0.0 port 22.
Dec 26 10:29:47 b sshguard[1079]: Started successfully [(a,p,s)=(4, 420, 1200)],now ready to scan.
Dec 26 10:32:18 b sshd[1202]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:18 b sshd[1202]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49700 ssh2
Dec 26 10:32:18 b sshd[1202]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:18 b sshd[1202]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49700 ssh2
Dec 26 10:32:23 b sshd[1206]: Invalid user a from 10.0.0.88
Dec 26 10:32:23 b sshd[1206]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:23 b sshd[1206]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49701 ssh2
Dec 26 10:32:23 b sshd[1206]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:23 b sshd[1206]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49701 ssh2
Dec 26 10:32:29 b sshd[1210]: Invalid user a from 10.0.0.88
Dec 26 10:32:29 b sshd[1210]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:29 b sshd[1210]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49702 ssh2
Dec 26 10:32:29 b sshd[1210]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:29 b sshd[1210]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49702 ssh2
Dec 26 10:32:34 b sshd[1214]: Invalid user a from 10.0.0.88
Dec 26 10:32:34 b sshd[1214]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:34 b sshd[1214]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49703 ssh2
Dec 26 10:32:34 b sshd[1214]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:34 b sshd[1214]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49703 ssh2
Dec 26 10:32:39 b sshd[1218]: Invalid user a from 10.0.0.88
Dec 26 10:32:39 b sshd[1218]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:39 b sshd[1218]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49704 ssh2
Dec 26 10:32:39 b sshd[1218]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:39 b sshd[1218]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49704 ssh2
Dec 26 10:32:43 b sshd[1222]: Invalid user a from 10.0.0.88
Dec 26 10:32:44 b sshd[1222]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:44 b sshd[1222]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49705 ssh2
Dec 26 10:32:44 b sshd[1222]: error: PAM: authentication error for illegal user a from 10.0.0.88
Dec 26 10:32:44 b sshd[1222]: Failed keyboard-interactive/pam for invalid user a from 10.0.0.88 port 49705 ssh2
Dec 26 10:32:48 b sshd[1226]: Invalid user a from 10.0.0.88