Re: Tiny fix to security/sshguard to allow use of daemon_flags

Fri, 16 Jul 2021 10:42:05 -0700 

On Fri, Jul 16, 2021 at 1:13 PM Sven F. <sven.falem...@gmail.com> wrote:
>
>
>
> On Tue, Mar 23, 2021 at 7:11 AM Andreas Kusalananda Kähäri 
> <andreas.kah...@abc.se> wrote:
>>
>> A user contacted me about the security/sshguard port.  They wanted to
>> use daemon_flags with the port, which means this needs to be added to
>> the pexp expression in the rc.d file.
>>
>> The attached patch does this in the similar manner as is done for e.g.
>> sshd and unbound.
>>
>>
>> Regards,
>> Andreas (port maintainer)
>>
>> --
>> Andreas (Kusalananda) Kähäri
>> SciLifeLab, NBIS, ICM
>> Uppsala University, Sweden
>>
>> .
>
>
> Running current i had issue with sshguard
>
> Note:
> OpenBSD j1800 6.9 GENERIC.MP#129 amd64
> # grep pexp /etc/rc.d/rc.subr
> [..]
> pexp="$(eval echo ${daemon}${daemon_flags:+ ${daemon_flags}})"
>
> sshg-blocker ran full cpu load and rcctl restart did not kill it,
> only kill -9 was able to stop the process.
>
> I also notice than in 6.8 reading STDIN was broken
>
> I was able to ktrace sshg-blocker :
>
> # kdump  -f /tmp/ktrace.out  | head
>  83231 sshg-blocker RET   sched_yield 0
>  83231 sshg-blocker RET   sched_yield 0
>  83231 sshg-blocker CALL  sched_yield()
>  83231 sshg-blocker CALL  sched_yield()
>  83231 sshg-blocker RET   sched_yield 0
>
> # kdump  -f /tmp/ktrace.out  | tail
>  83231 sshg-blocker CALL  sched_yield()
>  83231 sshg-blocker RET   sched_yield 0
>  83231 sshg-blocker RET   sched_yield 0
>  83231 sshg-blocker CALL  sched_yield()
>  83231 sshg-blocker CALL  sched_yield()
>  83231 sshg-blocker RET   sched_yield 0
>  83231 sshg-blocker RET   sched_yield 0
>  83231 sshg-blocker CALL  sched_yield()
>  83231 sshg-blocker CALL  sched_yield()
>  83231 sshg-blocker PSIG  SIGKILL SIG_DFL
>
> I can perform compilation and test
>
> I will now try to run sshguard with STDIN as an input ,
> I have no method to produce the problem so far.
>
> # sshguard -v
> SSHGuard 2.4.1
>
>

The website first page:

sshguard can read log messages from standard input (suitable for
piping from syslog)

But since (openbsd 6.8) 2.4.1

# cat /var/log/authlog | sshguard
sshguard: /etc/sshguard.conf is missing FILES and LOGREADER; please specify one

It s in the release note of 2.4.0:

2.4.0

[..]

Removed

No longer accept logs given via standard input

And it makes no sense at all given the statement of the home page

Is there a proposed workaround using a silly LOGREADER ?

like ?
# grep LOGREADER /etc/sshguard.conf
#LOGREADER="LANG=C /usr/bin/journalctl -afb -p info -n1 -t sshd -t
sendmail -o cat"
LOGREADER=/bin/cat
# SSHGUARD_DEBUG=1 cat /var/log/authlog | sshguard
Terminated

Best.


--
--
---------------------------------------------------------------------------------------------------------------------
Knowing is not enough; we must apply. Willing is not enough; we must do

Reply via email to