Bug#928525: marked as done (sshguard: Default configuration does not work as intended, needs configuration update)

Mon, 26 Jul 2021 21:36:16 -0700 

Your message dated Tue, 27 Jul 2021 04:33:51 +0000
with message-id <e1m8emt-00077x...@fasolo.debian.org>
and subject line Bug#928525: fixed in sshguard 2.3.1-2
has caused the Debian Bug report #928525,
regarding sshguard: Default configuration does not work as intended, needs 
configuration update
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
928525: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928525
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: sshguard
Version: 2.3.1-1
Severity: important

Dear Maintainer,
the default configuration shipped with the Debian package causes sshguard to count it's own attach messages as another attack and hence all hosts are blocked on their first login failure, e.g.:
Apr 24 01:42:52 vsn sshd[11354]: Failed password for root from 112.85.42.189 port 35899 ssh2 Apr 24 01:42:53 vsn sshguard[11232]: Attack from "112.85.42.189" on service 100 with danger 10. Apr 24 01:42:53 vsn sshguard[11232]: Attack from "112.85.42.189" on service 110 with danger 10. Apr 24 01:42:54 vsn sshguard[11232]: Attack from "112.85.42.189" on service 110 with danger 10. Apr 24 01:42:54 vsn sshguard[11232]: Blocking "112.85.42.189/32" for 120 secs (3 attacks in 1 secs, after 1 abuses over 1 secs.)
Upstream ships an example configuration where this is not the case as it uses a different journalctl syntax. It works as it does not feed the sshguard log messages back to sshguard. 

Two minor notes in addition:
- also options like IPV6_SUBNET, IPV4_SUBNET and BLACKLIST_FILE are missing in the Debian configuration file - journalctl should IMHO use -n0 instead of -n1 because sshg-logtail does the same for tail
Please also consider an update for Buster to ship the package with a working default configuration. 

Thanks

Andreas

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) 
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sshguard depends on:
ii  libc6     2.28-10
ii  lsb-base  10.2019031300

Versions of packages sshguard recommends:
ii  nftables  0.9.0-2

sshguard suggests no packages.

-- Configuration Files:
/etc/sshguard/sshguard.conf changed [not included]
/etc/sshguard/whitelist changed [not included]

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: sshguard
Source-Version: 2.3.1-2
Done: Julián Moreno Patiño <jul...@debian.org>

We believe that the bug you reported is fixed in the latest version of
sshguard, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 928...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julián Moreno Patiño <jul...@debian.org> (supplier of updated sshguard package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 26 Jul 2021 22:18:43 -0500
Source: sshguard
Architecture: source
Version: 2.3.1-2
Distribution: unstable
Urgency: medium
Maintainer: Julián Moreno Patiño <jul...@debian.org>
Changed-By: Julián Moreno Patiño <jul...@debian.org>
Closes: 928525
Changes:
 sshguard (2.3.1-2) unstable; urgency=medium
 .
   * Fix config file. (Closes: #928525)
Checksums-Sha1:
 1f1b4be86358895c5f7174d54bd5208e5c2f2779 1851 sshguard_2.3.1-2.dsc
 fdd08dd70b9b3c7da9bfb1c7d64b8162f56a7ea7 6808 sshguard_2.3.1-2.debian.tar.xz
 b555e527eb00efe16bdfd4e9a964e6dd50f75234 5309 sshguard_2.3.1-2_source.buildinfo
Checksums-Sha256:
 b6380ea08cddfbe549a1e5730be62d9ef9489cd284910d3c439f485e670a23e8 1851 
sshguard_2.3.1-2.dsc
 c64d387ea1cebf3f0003f8ba189bff77bcd50d91f1012187ac66fc69526cfe08 6808 
sshguard_2.3.1-2.debian.tar.xz
 eb3a22329635a0ed722793fbd8891177de083a127eeee67b312dd82e833a811c 5309 
sshguard_2.3.1-2_source.buildinfo
Files:
 14cc998ac696e2014b844560dd182410 1851 net optional sshguard_2.3.1-2.dsc
 fef6951c1084ddbf1aa25ae02b207ebb 6808 net optional 
sshguard_2.3.1-2.debian.tar.xz
 31204925854b4a84aeb05307ff98d7f6 5309 net optional 
sshguard_2.3.1-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEwsiQTjFM2PoEHZsA1f38FWFov2AFAmD/h0USHGp1bGlhbkBk
ZWJpYW4ub3JnAAoJENX9/BVhaL9gvH4QAJiIOTayWvR0xY8ZfM2P1R9WUFN3aTU+
olbzTMqPqd0A+yt6KxeRVsFcQDXd3mjbTPsH2Fsj5njD81vmyJQ2T+ecuHxGlHid
6sAbmU86jV8N4erHMq0I0WlIbLoN5H3cpEYsa1wl8BUDjFjcS18WTIktL6V8JXpJ
uZWyW5Y9vKAkmPqNOmdqSyTy1jMQlWlnN3c+jvJTaoqe3vLqf2nmRkNCSRB1HXYq
SjwEb9nLfPlVSKNLAuVQFQ0jKe85FkFOeP2Pwe1yj0CwsHA9apJUGIaK1ENgXHZN
k5clKkcNu5sPqguWUy+pe/6+iYIjB43dvr+FmLiwZDcY3v3OwZj5Gdrt42/dEZMn
yFUeqf5m0X+q+NDNho3Jd1kRGUEfle5SCGTvaAiU7fxiOxbr5v0RjNkzA8tqxS0Z
wlZq1u/ku6F8zKPq/9bGcEMMW/B6Dd7GjacCdlK78gihQYTj18zrHqeJHKd6zAPK
ND5KDsMay+JZmouaudMGahkn+mLJKHyApF0vfleR1fxG+7tE5vfRWZ0mCM8bpdVs
ZvWG+e8txuVMq5tgM2L3lZUEjw7f9/Jk4ZCURb+NKebYQemkxEgDWhlZYHtvmWP3
u2nhzsqYuGmg0xHtGFA4ZKmgmiRAFVsiCEN8d42pN1oFMlr1WkZnnyIbxmdu0bmY
mxprJrOXqIVp
=gpGa
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to