Opened 10 years ago
Closed 10 years ago
#45347 closed defect (worksforme)
sshguard respawn throttled
| Reported by: | Liontooth (David Liontooth) | Owned by: | pixilla (Bradley Giesbrecht) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.3.1 |
| Keywords: | Cc: | ||
| Port: | sshguard |
Description (last modified by ryandesign (Ryan Carsten Schmidt))
I just installed sshguard for the first time. I removed /var/log/secure.log from the options file (since I don't have that file) and issued "port load sshguard".
/var/log/system.log starts filling with this message:
com.apple.launchd[1] (org.macports.sshguard): Throttling respawn: Will start in 10 seconds
The program does not appear to start. What went wrong?
Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64 i386 Macmini6,2 Darwin
Cheers,
David
Change History (5)
comment:1 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)
| Cc: | pixilla@… added |
|---|---|
| Description: | modified (diff) |
| Keywords: | launchd removed |
| Owner: | changed from macports-tickets@… to nefar@… |
comment:2 Changed 10 years ago by Liontooth (David Liontooth)
Hi Ryan,
I'm not seeing any other feedback -- I may not be looking in the right places. However, the problem appears to have been caused by loading sshguard as root. When I use sudo with another user, I get
Oct 12 11:45:14 neruda.library.ucl.edu sudo[66727]: tna : TTY=ttys001 ; PWD=/Users/sma ; USER=root ; COMMAND=/opt/local/bin/port load sshguard
and no complaints. I confirmed the process is running.
Please close.
Cheers, Dave
comment:3 Changed 10 years ago by Liontooth (David Liontooth)
I found out what the problem was by looking at what the wrapper does and running the command directly:
/opt/local/sbin/sshguard -l /var/log/system.log -w /opt/local/etc/sshguard/whitelist -b 5:/opt/local/var/db/sshguard/blacklist.db
To make sshguard more aggressive, I had modified options to use
-l /var/log/system.log -w /opt/local/etc/sshguard/whitelist -b 5:/opt/local/var/db/sshguard/blacklist.db
as I was seeing lots of attacks and nothing was added to the blacklist. But -b is not the number of attacks to tolerate, as in denyhosts, but a "danger" measure that is poorly documented in the man page. Running the command directly gives me
Doesn't make sense to have a blacklist threshold lower than one abuse (40). Terminating.
It would be very useful if the wrapper could allow this error message to pass through to system.log.
Now, the man page says "per-attack danger is 10", so it's unclear how 40 represents one abuse, and I still don't know how much abuse -b 50 is. Anyway, bad documentation isn't macport's problem, so please close.
Cheers, Dave
comment:4 Changed 10 years ago by mf2k (Frank Schima)
| Cc: | pixilla@… removed |
|---|---|
| Owner: | changed from nefar@… to pixilla@… |
Updated maintainers based on this mailing list post.
comment:5 Changed 10 years ago by pixilla (Bradley Giesbrecht)
| Resolution: | → worksforme |
|---|---|
| Status: | new → closed |
Is it crashing? Are there crash logs in the usual place?