Opened 10 years ago

Closed 10 years ago

#45347 closed defect (worksforme)

sshguard respawn throttled

Reported by: Liontooth (David Liontooth) Owned by: pixilla (Bradley Giesbrecht)
Priority: Normal Milestone:
Component: ports Version: 2.3.1
Keywords: Cc:
Port: sshguard

Description (last modified by ryandesign (Ryan Carsten Schmidt))

I just installed sshguard for the first time. I removed /var/log/secure.log from the options file (since I don't have that file) and issued "port load sshguard".

/var/log/system.log starts filling with this message:

 com.apple.launchd[1] (org.macports.sshguard): Throttling respawn: Will start in 10 seconds

The program does not appear to start. What went wrong?

Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64 i386 Macmini6,2 Darwin

Cheers,
David

Change History (5)

comment:1 Changed 10 years ago by ryandesign (Ryan Carsten Schmidt)

Cc: pixilla@… added
Description: modified (diff)
Keywords: launchd removed
Owner: changed from macports-tickets@… to nefar@…

Is it crashing? Are there crash logs in the usual place?

comment:2 Changed 10 years ago by Liontooth (David Liontooth)

Hi Ryan,

I'm not seeing any other feedback -- I may not be looking in the right places. However, the problem appears to have been caused by loading sshguard as root. When I use sudo with another user, I get

Oct 12 11:45:14 neruda.library.ucl.edu sudo[66727]:      tna : TTY=ttys001 ; PWD=/Users/sma ; USER=root ; COMMAND=/opt/local/bin/port load sshguard

and no complaints. I confirmed the process is running.

Please close.

Cheers, Dave

comment:3 Changed 10 years ago by Liontooth (David Liontooth)

I found out what the problem was by looking at what the wrapper does and running the command directly:

/opt/local/sbin/sshguard -l /var/log/system.log -w /opt/local/etc/sshguard/whitelist -b 5:/opt/local/var/db/sshguard/blacklist.db

To make sshguard more aggressive, I had modified options to use

-l /var/log/system.log
-w /opt/local/etc/sshguard/whitelist
-b 5:/opt/local/var/db/sshguard/blacklist.db

as I was seeing lots of attacks and nothing was added to the blacklist. But -b is not the number of attacks to tolerate, as in denyhosts, but a "danger" measure that is poorly documented in the man page. Running the command directly gives me

Doesn't make sense to have a blacklist threshold lower than one abuse (40). Terminating.

It would be very useful if the wrapper could allow this error message to pass through to system.log.

Now, the man page says "per-attack danger is 10", so it's unclear how 40 represents one abuse, and I still don't know how much abuse -b 50 is. Anyway, bad documentation isn't macport's problem, so please close.

Cheers, Dave

Last edited 10 years ago by Liontooth (David Liontooth) (previous) (diff)

comment:4 Changed 10 years ago by mf2k (Frank Schima)

Cc: pixilla@… removed
Owner: changed from nefar@… to pixilla@…

Updated maintainers based on this mailing list post.

comment:5 Changed 10 years ago by pixilla (Bradley Giesbrecht)

Resolution: worksforme
Status: newclosed
Note: See TracTickets for help on using tickets.