Regression #15687
closed``sshguard`` is not properly detecting GUI login failures
100%
Description
The sshguard
daemon isn't triggering blocks for GUI authentication failures.
The patch that adds the login string detection isn't complete. It should have a string in files/patch-src_parser_attack__scanner.l
but it isn't there currently.
Possible that our local modification was clobbered by an upstream change in the same file in commit efda5c514648db7c2bbacaa7a57dfa946dd9f054
but it's not clear when that change was merged into our releases.
That patch should include our parsing string, for example:
https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/ecbea214bcb2421d826960764717fa81d67bfb07#e9f85c39d66fd4403b5f6dbd7a02651de8a10c08
(Original was in https://gitlab.netgate.com/pfSense/FreeBSD-ports/-/commit/b64b53fbd27d5d186e5abf936cdb4d6989898e06#e9f85c39d66fd4403b5f6dbd7a02651de8a10c08 but that string wasn't right)
I checked the upstream source and the string isn't in their source so the change in that patch is still necessary.
We'll most likely need to check/confirm if this is affecting current releases and build a fixed sshguard binary package for any that are affected.