Feature #9288
openSSHGuard add pfSense signature in standard
0%
Description
Hi,
I discuss with sshguard team about possibility to add the pfSense signature in standard, as it is ever done by pfSense team here : https://github.com/pfsense/FreeBSD-ports/tree/devel/security/sshguard/files
I submit this PR to sshguard team : https://bitbucket.org/sshguard/sshguard/pull-requests/46/add-pfsense-signature/diff
Kevin Zheng from sshguard bitbucker wrote:
So, in short, if pfSense makes substantial use of SSHGuard, and we can make life easier by including that test, it seems like a reasonable thing to include.
It can be a good thing for pfSense ?
Updated by Joshua Sign almost 6 years ago
FYI
Kevin Zheng from sshguard bitbucker wrote :
I’d be happy to include this signature in SSHGuard if the rule for PFSENSE_AUTH_FAIL was more specific in the beginning. Right now you have:
.+"webConfigurator authentication error for user '"{WORD}"' from: "
Due to the ‘.+’ in the beginning the lexer has to do extra work to possibly match this with every other beginning of the line. For me, this doubles the number of LALR table entries, which increases the lexer file size and the compile time. (This in of itself isn’t a significant increase, but in the past where several rules used .* or .+ at the beginning, SSHGuard compile times ballooned noticeably.)
Perhaps it’s worth dealing with more of this rule in the parser as well. I can help take a closer look at this later, too.