Project

General

Profile

Feature #9288

SSHGuard add pfSense signature in standard

Added by Joshua Sign 3 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
01/23/2019
Due date:
% Done:

0%

Estimated time:

Description

Hi,

I discuss with sshguard team about possibility to add the pfSense signature in standard, as it is ever done by pfSense team here : https://github.com/pfsense/FreeBSD-ports/tree/devel/security/sshguard/files

I submit this PR to sshguard team : https://bitbucket.org/sshguard/sshguard/pull-requests/46/add-pfsense-signature/diff

Kevin Zheng from sshguard bitbucker wrote:

So, in short, if pfSense makes substantial use of SSHGuard, and we can make life easier by including that test, it seems like a reasonable thing to include.

It can be a good thing for pfSense ?

History

#1 Updated by Joshua Sign 3 months ago

FYI

Kevin Zheng from sshguard bitbucker wrote :

I’d be happy to include this signature in SSHGuard if the rule for PFSENSE_AUTH_FAIL was more specific in the beginning. Right now you have:

.+"webConfigurator authentication error for user '"{WORD}"' from: "

Due to the ‘.+’ in the beginning the lexer has to do extra work to possibly match this with every other beginning of the line. For me, this doubles the number of LALR table entries, which increases the lexer file size and the compile time. (This in of itself isn’t a significant increase, but in the past where several rules used .* or .+ at the beginning, SSHGuard compile times ballooned noticeably.)

Perhaps it’s worth dealing with more of this rule in the parser as well. I can help take a closer look at this later, too.

Also available in: Atom PDF