On 09:50:31 Nov 17, Stuart Henderson wrote: > Maybe messy enough that people will think "oh I can't be bothered > with that I will just make it setuid root"...and that doesn't avoid > sudo either. >
Okay. > But, I sort-of assumed (from the frequent references to the website) > that there was some more documentation there, and hoped it would say > a bit more about the other log formats it can parse, but now I've > looked over it I can't find any more useful information, so I'm > happy to leave those out. We do need to mention the other parsers > in the manual though, or people may be surprised if they mistype > a POP3 password and get locked out of SSH. > I don't see this happening. sshguard is smartly written, so it won't lock IPs for long. > But actually we need to bother them anyway: there's no copyright > license in the .tar.bz2 file either, as things stand now you must > set PERMIT_*=No. The only mention is at the top of the website, > "sshguard is BSD-licensed", but that is not enough. They need to > include the actual license text (since there is no single "BSD > license") and it needs to be with the source code. > I will mail the author and get back to you. > Pointing it out will avoid stupid "it doesn't work" emails to the > maintainer :-) > I shall mention it in MESSAGE. > http://www.ossec.net/en/attacking-loganalysis.html > > see why I keep mentioning it? :-) > Maybe their parsers are ok, but I think they need checking. Ha ha. I shall read it thoroughly and get back to you in private. Interesting. Hmm. > Yes, and since many (often novice) users are looking for this > and seem to be looking for log parsers in particular (rather than > PF connection-rate checks), we need to take quite a lot of care > over it. People should not take the existence of something in > ports as a recommendation, but they will... I see that people download and install the program anyway, so having a port at least gives them slightly more security. ;) www.openbsd.org tries in the website at least to drum into people's heads that ports have not undergone a rigorous audit process and I certainly believe that is true. Some programs are simply badly written and it is not our job to clean them. We still try our best using our excellent ports framework, systrace, non privileged users and so on. -Girish
