Project

General

Profile

Actions
Copy link

Todo #12511

closed

Add note in log settings that disabling logging also disables ``sshguard`` login protection

Added by Marcos M about 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Viktor Gurov
Category:
Operating System
Target version:
2.6.0
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
22.01
Release Notes:
Default

Description

Tested on 21.05 and 22.01.a.20211103.2115.

Before changes:

[22.01-DEVELOPMENT][root@gw]/root: ps auxwwd | grep sshguard
root    23563   0.0  0.0  11544   2644  -  Is   11:47   0:00.01 | `-- /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root    24887   0.0  0.0  12084   2648  -  IC   11:47   0:00.00 |   |-- /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
root    25161   0.0  0.0  11544   2636  -  I    11:47   0:00.00 |   `-- /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root    19264   0.0  0.0   2544    988  0  R+   11:47   0:00.00 |         `-- grep sshguard

Then:
  1. Check Status / System Logs / Settings // Local Logging; click Save.
  2. Uncheck Status / System Logs / Settings // Local Logging; click Save.

After changes:

[22.01-DEVELOPMENT][root@gw]/root: ps auxwwd | grep sshg
root     9115   0.0  0.0  11248   2552  0  S+   11:53    0:00.00 |         `-- grep sshg

  • Neither restarting or stopping/starting syslogd works.
  • Changing System / Advanced / Admin Access // Login Protection / Pass list and clicking Save does not work.
  • Rebooting the system does work.
Actions
Copy link
 #1

Updated by Kris Phillips about 3 years ago

Testing on 21.05.2:

I disabled and re-enabled Local Logging and have the following:

root 59415 0.0 0.1 11452 2848 - S 21:31 0:00.01 sh -c ps aux | grep sshguard 2>&1
root 59912 0.0 0.1 4800 2240 - R 21:31 0:00.00 grep sshguard

Able to reproduce on 21.05.2. I'll test on the latest 22.01 image shortly.

Actions
Copy link
 #2

Updated by Kris Phillips about 3 years ago

Testing on 22.01:

Before making any changes running "ps aux | grep sshguard":

root 193 0.0 0.3 11540 3052 - I 02:08 0:00.00 /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root 23536 0.0 0.3 11700 3216 - S 02:33 0:00.00 sh -c ps aux | grep sshguard 2>&1
root 23768 0.0 0.0 536 348 - R 02:33 0:00.00 grep sshguard
root 99268 0.0 0.3 11540 3048 - Is 02:08 0:00.01 /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid

After enabling "Disable writing log files to the local disk":

root 82226 0.0 0.3 11700 3216 - S 02:34 0:00.00 sh -c ps aux | grep sshguard 2>&1
root 82421 0.0 0.0 536 348 - R 02:34 0:00.00 grep sshguard

Same results after re-disabling the option.

Actions
Copy link
 #3

Updated by Viktor Gurov about 3 years ago

Same issue if you just press 'Save' on the status_logs_settings.php page or restart the syslogd service
something wrong with system_syslogd_start()

sshguard doesn't run if you manually run syslogd from the command line:

# ps auxww | grep sshg
root    88075  0.0  0.1  11540  2636  -  Is   10:11   0:00.00 /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root    88482  0.0  0.2  17452  4924  -  SC   10:11   0:00.00 /usr/local/libexec/sshg-parser
root    88821  0.0  0.1  12080  2632  -  IC   10:11   0:00.00 /usr/local/libexec/sshg-blocker
root    88999  0.0  0.1  11540  2636  -  I    10:11   0:00.00 /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root    89324  0.0  0.1  11508  2628  -  I    10:11   0:00.00 /bin/sh /usr/local/libexec/sshg-fw-pf
# killall syslogd
# /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
# ps auxww | grep sshg
root    42409   0.0  0.0    536   348  0  R+   10:17   0:00.00 grep sshg

maybe syslogd bug?

Actions
Copy link
 #4

Updated by Jim Pingle about 3 years ago

  • Target version set to 2.6.0
  • Plus Target Version set to 22.01
Actions
Copy link
 #5

Updated by Viktor Gurov about 3 years ago

Rerooting the system does work too

Actions
Copy link
 #6

Updated by Viktor Gurov about 3 years ago

There is no issue - sshguard will start after any AUTH event (ssh/webgui login) because such events transmits data via pipe and starts sshguard process

I think we need to add a note near "Local Logging" checkbox that enabling this options also disables sshguard

Actions
Copy link
 #8

Updated by Jim Pingle about 3 years ago

  • Tracker changed from Bug to Todo
  • Subject changed from sshguard does not start after disabling and re-enabling local logging. to Add note in log settings that disabling logging also disables ``sshguard`` login protection
  • Status changed from New to Pull Request Review
  • Assignee set to Viktor Gurov
  • Affected Version deleted (2.5.2)

Updated subject to match the info in the comments.

Actions
Copy link
 #9

Updated by Viktor Gurov almost 3 years ago

  • Status changed from Pull Request Review to Feedback

Merged

Actions
Copy link
 #10

Updated by Danilo Zrenjanin almost 3 years ago

Tested against:

2.6.0-DEVELOPMENT (amd64)
built on Wed Nov 24 06:23:22 UTC 2021
FreeBSD 12.3-PRERELEASE

There is a warning note.

WARNING: This will also disable Login Protection!

It looks OK.

The ticket can be resolved.

Actions
Copy link
 #11

Updated by Jim Pingle almost 3 years ago

  • Status changed from Feedback to Resolved
Actions
Copy link

Also available in: Atom PDF