Todo #12511
closed
Add note in log settings that disabling logging also disables ``sshguard`` login protection
Added by Marcos M about 3 years ago.
Updated almost 3 years ago.
Category:
Operating System
Plus Target Version:
22.01
Description
Tested on 21.05 and 22.01.a.20211103.2115.
Before changes:
[22.01-DEVELOPMENT][root@gw]/root: ps auxwwd | grep sshguard
root 23563 0.0 0.0 11544 2644 - Is 11:47 0:00.01 | `-- /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root 24887 0.0 0.0 12084 2648 - IC 11:47 0:00.00 | |-- /usr/local/libexec/sshg-blocker -w /usr/local/etc/sshguard.whitelist
root 25161 0.0 0.0 11544 2636 - I 11:47 0:00.00 | `-- /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root 19264 0.0 0.0 2544 988 0 R+ 11:47 0:00.00 | `-- grep sshguard
Then:
- Check
Status / System Logs / Settings // Local Logging; click Save.
- Uncheck
Status / System Logs / Settings // Local Logging; click Save.
After changes:
[22.01-DEVELOPMENT][root@gw]/root: ps auxwwd | grep sshg
root 9115 0.0 0.0 11248 2552 0 S+ 11:53 0:00.00 | `-- grep sshg
- Neither restarting or stopping/starting
syslogd works.
- Changing
System / Advanced / Admin Access // Login Protection / Pass list and clicking Save does not work.
- Rebooting the system does work.
Testing on 21.05.2:
I disabled and re-enabled Local Logging and have the following:
root 59415 0.0 0.1 11452 2848 - S 21:31 0:00.01 sh -c ps aux | grep sshguard 2>&1
root 59912 0.0 0.1 4800 2240 - R 21:31 0:00.00 grep sshguard
Able to reproduce on 21.05.2. I'll test on the latest 22.01 image shortly.
Testing on 22.01:
Before making any changes running "ps aux | grep sshguard":
root 193 0.0 0.3 11540 3052 - I 02:08 0:00.00 /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root 23536 0.0 0.3 11700 3216 - S 02:33 0:00.00 sh -c ps aux | grep sshguard 2>&1
root 23768 0.0 0.0 536 348 - R 02:33 0:00.00 grep sshguard
root 99268 0.0 0.3 11540 3048 - Is 02:08 0:00.01 /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
After enabling "Disable writing log files to the local disk":
root 82226 0.0 0.3 11700 3216 - S 02:34 0:00.00 sh -c ps aux | grep sshguard 2>&1
root 82421 0.0 0.0 536 348 - R 02:34 0:00.00 grep sshguard
Same results after re-disabling the option.
Same issue if you just press 'Save' on the status_logs_settings.php page or restart the syslogd service
something wrong with system_syslogd_start()
sshguard doesn't run if you manually run syslogd from the command line:
# ps auxww | grep sshg
root 88075 0.0 0.1 11540 2636 - Is 10:11 0:00.00 /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root 88482 0.0 0.2 17452 4924 - SC 10:11 0:00.00 /usr/local/libexec/sshg-parser
root 88821 0.0 0.1 12080 2632 - IC 10:11 0:00.00 /usr/local/libexec/sshg-blocker
root 88999 0.0 0.1 11540 2636 - I 10:11 0:00.00 /bin/sh /usr/local/sbin/sshguard -i /var/run/sshguard.pid
root 89324 0.0 0.1 11508 2628 - I 10:11 0:00.00 /bin/sh /usr/local/libexec/sshg-fw-pf
# killall syslogd
# /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf
# ps auxww | grep sshg
root 42409 0.0 0.0 536 348 0 R+ 10:17 0:00.00 grep sshg
maybe syslogd bug?
- Target version set to 2.6.0
- Plus Target Version set to 22.01
Rerooting the system does work too
There is no issue - sshguard will start after any AUTH event (ssh/webgui login) because such events transmits data via pipe and starts sshguard process
I think we need to add a note near "Local Logging" checkbox that enabling this options also disables sshguard
- Tracker changed from Bug to Todo
- Subject changed from sshguard does not start after disabling and re-enabling local logging. to Add note in log settings that disabling logging also disables ``sshguard`` login protection
- Status changed from New to Pull Request Review
- Assignee set to Viktor Gurov
- Affected Version deleted (
2.5.2)
Updated subject to match the info in the comments.
- Status changed from Pull Request Review to Feedback
Tested against:
2.6.0-DEVELOPMENT (amd64)
built on Wed Nov 24 06:23:22 UTC 2021
FreeBSD 12.3-PRERELEASE
There is a warning note.
WARNING: This will also disable Login Protection!
It looks OK.
The ticket can be resolved.
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by Viktor Gurov 
Updated by 
Updated by