Bug#775209: sshguard prevents access to the firewall configuration

Mon, 12 Jan 2015 08:16:20 -0800 

Package: sshguard
Version: 1.5-6
Severity: normal

Dear Maintainer,

To reproduce this problem:
* Check that sshguard is not running and that no iptables process is running:
  # ps axl | egrep '(iptables|sshguard)'

* Start sshguard:
  # /etc/init.d/sshguard start

* An iptables process has been started by sshguard.
  # ps axl | egrep '(iptables|sshguard)'
  4     0 26521     1  20   0   6896  1936 -      S    ?          0:00 
/usr/sbin/sshguard -i /var/run/sshguard.pid -l /var/log/auth.log -w /etc/sshguar
d/whitelist -a 40 -p 60 -s 1200
  0     0 26523 26521  20   0   4328   712 -      S    ?          0:00 sh -c 
iptables -L
  4     0 26525 26523  20   0  36988  2524 -      S    ?          0:00 iptables 
-L

* Confirm that it's now impossible for the administrator to check the 
configuration of the firewall.
  # iptables -L INPUT;echo $?
  Another app is currently holding the xtables lock. Perhaps you want to use 
the -w option?
  4

* That was bad enough, but now stop sshguard
  # /etc/init.d/sshguard stop

* And confirm that the iptables process is still running and thus the firewall 
configuration is still inaccessible.
  # ps axl | egrep '(iptables|sshguard)'
  0     0 26523     1  20   0   4328   712 -      S    ?          0:00 sh -c 
iptables -L
  4     0 26525 26523  20   0  36988  2524 -      S    ?          0:00 iptables 
-L
  # iptables -L INPUT;echo $?
  Another app is currently holding the xtables lock. Perhaps you want to use 
the -w option?
  4

At least sshguard should stop the iptables process when it exits. But it would 
really be much better if sshguard did not prevent the administrator from 
checking the firewall configuration for as long as it is running.


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sshguard depends on:
ii  iptables  1.4.21-2+b1
ii  libc6     2.19-13

sshguard recommends no packages.

sshguard suggests no packages.

-- Configuration Files:
/etc/default/sshguard changed [not included]

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to