Regression #16528: ``sshguard`` does not trigger for GUI auth failures due to log format changes - pfSense - pfSense bugtracker

Actions

Copy link

Regression #16528

closed

``sshguard`` does not trigger for GUI auth failures due to log format changes

Added by Jim Pingle about 1 month ago. Updated 12 days ago.

Status:

Resolved

Priority:

Urgent

Assignee:

Marcos M

Category:

Logging

Target version:

2.9.0

Start date:

Due date:

% Done:

100%

Estimated time:

Plus Target Version:

26.03

Release Notes:

Force Exclusion

Affected Version:

2.9.0

Affected Architecture:

Description

The log format on the devel branches of CE and Plus has changed and this has broken sshguard. Plus 25.11 is unaffected as these changes are not present in that branch.

The current log format on dev branches is:

pfsense php-fpm[7534]: EMERGENCY webConfigurator authentication error for user 'blah' from: 172.21.32.69

The expected (previous) log format is:

Nov 11 17:01:01 pfsense php-fpm[7534]: /index.php: webConfigurator authentication error for user 'blah' from: 172.21.32.69

The new format is missing the page name and the sshguard pattern also does not include the (redundant) priority prefix.

Due to these differences, sshguard will not recognize failed logins as attacks.

Marcos is aware and already working on a fix.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

pfSense

Custom queries

Regression #16528

``sshguard`` does not trigger for GUI auth failures due to log format changes

Updated by Marcos M about 1 month ago

Updated by Jim Pingle about 1 month ago

Updated by Jim Pingle 12 days ago