Solved [Solved] sshguard not blocking (Exit : 1)

Hi guys,

I have this lines from this evening in my /var/log/auth.log:

Code:
Jul 22 23:49:06 cube-box sshguard[51158]: Offender '176.222.XXX.XXX:4' scored 60 danger in 2 abuses (threshold 40) -> blacklisted.
Jul 22 23:49:06 cube-box sshguard[51158]: Blocking 176.222.XXX.XXX::4 for >0secs: 30 danger in 3 attacks over 6654 seconds (all: 60d in 2 abuses over 7746s).
Jul 22 23:49:06 cube-box sshguard[51158]: hosts.allow file did not contain sshguard rules block.  <<< ???
Jul 22 23:49:06 cube-box sshguard[51158]: Blocking command failed.Exited: -1   <<<< ???

Code:
ul 22 23:49:09 cube-box sshd[55627]: input_userauth_request: invalid user git [preauth]
[b]Jul 22 23:49:09 cube-box sshguard[51158]: Blocking 31.199.3.187:4 for >900secs: 30 danger in 3 attacks over 2 seconds (all: 30d in 1 abuses over 2s).
Jul 22 23:49:09 cube-box sshguard[51158]: hosts.allow file did not contain sshguard rules block.  <<< ???
Jul 22 23:49:09 cube-box sshguard[51158]: Blocking command failed. Exited: -1[/b] <<< ???
Jul 22 23:49:09 cube-box sshd[55627]: Received disconnect from 31.199.3.187: 11: Bye Bye [preauth]
Jul 22 23:49:09 cube-box sshd[55629]: User root from host187-3-static.199-31-b.business.telecomitalia.it not allowed because not listed in AllowUsers
Jul 22 23:49:09 cube-box sshd[55629]: input_userauth_request: invalid user root [preauth]
Jul 22 23:49:10 cube-box sshd[55629]: Received disconnect from 31.199.3.187: 11: Bye Bye [preauth]
Jul 22 23:49:10 cube-box sshd[55631]: User root from host187-3-static.199-31-b.business.telecomitalia.it not allowed because not listed in AllowUsers
Jul 22 23:49:10 cube-box sshd[55631]: input_userauth_request: invalid user root [preauth]
Jul 22 23:49:10 cube-box sshd[55631]: Received disconnect from 31.199.3.187: 11: Bye Bye [preauth]
[code]Jul 22 23:49:11 cube-box sshd[55633]: User root from host187-3-static.199-31-b.business.telecomitalia.it not allowed because not listed in AllowUsers
Jul 22 23:49:11 cube-box sshd[55633]: input_userauth_request: invalid user root [preauth]
Jul 22 23:49:11 cube-box sshd[55633]: Received disconnect from 31.199.3.187: 11: Bye Bye [preauth][/code]

More and more, trying with the same IP.

My pf.conf:

Code:
scrub in all

#TABLE
#SSHGUARD PROTECT SSH BRUTE FORCE
table <sshguard> persist
[...]
#Rules
block in quick on $ext_if proto tcp from <sshguard> to any port 22 label "ssh bruteforce"

rc.conf:

Code:
gateway_enable="YES"
ezjail_enable="YES"

pf_enable="YES"
pflog_enable="YES"

sshguard_enable="YES"
sshguard_safety_thresh="30"
sshguard_pardon_min_interval="600"
sshguard_prescribe_interval="7200"
sshguard_watch_logs="/var/log/auth.log"

Code:
root@cube-box:~ # ps ax | grep ssh
1046  -  Is    0:00.01 /usr/local/sbin/sshguard -b 40:/var/db/sshguard/blacklist.db -l /var/log/auth.log -a 30 -p 600 -s 7200 -w /usr/local/etc/sshguard.whitelist -i /var/run/ss

Code:
root@cube-box:~ # service sshguard status
sshguard is running as pid 1046.

Reboot and same problem, so what happened to sshguard?
 
Re: sshguard not blocking (Exit : 1)

Ok, solved. Reinstallation of sshguard has fixed the problem.
 
Back
Top