Project

General

Profile

Actions
Copy link

Regression #16528

closed

``sshguard`` does not trigger for GUI auth failures due to log format changes

Added by Jim Pingle about 1 month ago. Updated 12 days ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Marcos M
Category:
Logging
Target version:
2.9.0
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
26.03
Release Notes:
Force Exclusion
Affected Version:
2.9.0
Affected Architecture:

Description

The log format on the devel branches of CE and Plus has changed and this has broken sshguard. Plus 25.11 is unaffected as these changes are not present in that branch.

The current log format on dev branches is:

pfsense php-fpm[7534]: EMERGENCY webConfigurator authentication error for user 'blah' from: 172.21.32.69

The expected (previous) log format is:

Nov 11 17:01:01 pfsense php-fpm[7534]: /index.php: webConfigurator authentication error for user 'blah' from: 172.21.32.69

The new format is missing the page name and the sshguard pattern also does not include the (redundant) priority prefix.

Due to these differences, sshguard will not recognize failed logins as attacks.

Marcos is aware and already working on a fix.

Actions
Copy link
 #1

Updated by Marcos M about 1 month ago

  • Status changed from In Progress to Feedback
  • % Done changed from 0 to 100
  • Release Notes changed from Default to Force Exclusion
  • Affected Version set to 2.9.0
Actions
Copy link
 #2

Updated by Jim Pingle about 1 month ago

  • Tracker changed from Bug to Regression
  • Status changed from Feedback to Resolved

Working fine on the current build, logs are as expected and sshguard triggers properly.

Actions
Copy link
 #3

Updated by Jim Pingle 12 days ago

  • Private changed from Yes to No
Actions
Copy link

Also available in: Atom PDF