On 02/28/2012 12:23 PM, Cristian Rodríguez wrote:
El 28/02/12 03:33, Lew Wolfgang escribió:
On 02/27/2012 09:54 PM, Cristian Rodríguez wrote:
On 27/02/12 00:53, Lew Wolfgang wrote:
So I need to figure out how to delay sshguard so that it appears later in the boot sequence.
Later is quite vague, do you want it after Susefirewall I presume ?
Right. sshguard needs to start after SuSEfirewall2_setup.
The init script does not look very promising.
i.e
iptables_start() { /usr/sbin/iptables -N sshguard /usr/sbin/iptables -A INPUT -p tcp --dport $PORTS -j sshguard }
iptables_stop() { /usr/sbin/iptables -F sshguard /usr/sbin/iptables -D INPUT -p tcp --dport $PORTS -j sshguard /usr/sbin/iptables -X sshguard }
Does not belong there, this has to be done somewhat with SUSE firewall configuration scripts.
also it appear this tool does not have a configuration file or is not making use of it.. so still needs to use sysconfig *ARGHHHH..*
I will add native systemd units to the package once I figure out how to get rid of iptables setup section properly ...
Hi Cristian, Here's what I did to /etc/init.d/sshguard to get it working: iptables_start() { /usr/sbin/iptables -N sshguard /usr/sbin/iptables -I INPUT 4 -p tcp --dport $PORTS -j sshguard } The "-A INPUT" was adding the sshguard entry at the end of the INPUT chain, which meant that having sshd enabled in input_ext section would prevent sshguard from ever being reached. The "-I INPUT 4" inserts sshguard in front of input_ext. I have no idea if this is the right way to do it, but it works. Also, this needs changing in /etc/sysconfig/sshguard: ## Type: integer ## Default: 4 # Number of attacks before IP gets blocked ATTACK_ATTEMPTS="4" The "4" should be "40". With it set to 4 it blocks on the first mistyped password! Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org