Hello everyone. I found out that /etc/sshguard.conf is completely ignored, it is just on my system ? I got triggered when the machines in my own network got banned although I did enable the WHITELIST_FILE option.
furthermore, default options in the file and default options after starting the daemon are different /etc/sshguard.conf #### OPTIONS #### # Block attackers when their cumulative attack score exceeds THRESHOLD. # Most attacks have a score of 10. (optional, default 30) THRESHOLD=30 # Block attackers for initially BLOCK_TIME seconds after exceeding THRESHOLD. # Subsequent blocks increase by a factor of 1.5. (optional, default 120) BLOCK_TIME=120 # IP addresses listed in the WHITELIST_FILE are considered to be # friendlies and will never be blocked. WHITELIST_FILE=/etc/friends # /etc/rc.d/sshguard start # ps auwxx | grep sshguard root 40901 0.0 0.2 844 836 C0 Ip 6:01PM 0:00.00 /bin/sh /usr/local/sbin/sshguard -a 10 -l /var/log/authlog -p 14400 -w /var/db/sshguard/whitelist.db root 83350 0.0 0.1 844 652 C0 Ip 6:01PM 0:00.00 /bin/sh /usr/local/sbin/sshguard -a 10 -l /var/log/authlog -p 14400 -w /var/db/sshguard/whitelist.db root 68041 0.0 0.3 1144 1580 C0 Ip 6:01PM 0:00.02 /usr/local/libexec/sshg-blocker -a 10 -p 14400 -s 1800 -N 128 -n 32 -w /var/db/sshguard/whitelist.db root 65827 0.0 0.1 844 584 C0 Ip 6:01PM 0:00.01 /bin/sh /usr/local/sbin/sshguard -a 10 -l /var/log/authlog -p 14400 -w /var/db/sshguard/whitelist.db At this point I would see to add options in /etc/rc.d/sshguard in the line daemon="/usr/local/sbin/sshguard" but is this recommendable... config files are supposed to be in /etc for a reason. btw, you can put your whitelist in /var/db/sshguard/whitelist.db as advertised by the ps OpenBSD 6.5 with 'pkg_add sshguard' here -- Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-ports-f108501.html
