Project

General

Profile

Actions

Feature #9288

open

SSHGuard add pfSense signature in standard

Added by Joshua Sign about 5 years ago. Updated over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
01/23/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

Hi,

I discuss with sshguard team about possibility to add the pfSense signature in standard, as it is ever done by pfSense team here : https://github.com/pfsense/FreeBSD-ports/tree/devel/security/sshguard/files

I submit this PR to sshguard team : https://bitbucket.org/sshguard/sshguard/pull-requests/46/add-pfsense-signature/diff

Kevin Zheng from sshguard bitbucker wrote:

So, in short, if pfSense makes substantial use of SSHGuard, and we can make life easier by including that test, it seems like a reasonable thing to include.

It can be a good thing for pfSense ?

Actions #1

Updated by Joshua Sign about 5 years ago

FYI

Kevin Zheng from sshguard bitbucker wrote :

I’d be happy to include this signature in SSHGuard if the rule for PFSENSE_AUTH_FAIL was more specific in the beginning. Right now you have:

.+"webConfigurator authentication error for user '"{WORD}"' from: "

Due to the ‘.+’ in the beginning the lexer has to do extra work to possibly match this with every other beginning of the line. For me, this doubles the number of LALR table entries, which increases the lexer file size and the compile time. (This in of itself isn’t a significant increase, but in the past where several rules used .* or .+ at the beginning, SSHGuard compile times ballooned noticeably.)

Perhaps it’s worth dealing with more of this rule in the parser as well. I can help take a closer look at this later, too.

Actions #2

Updated by Jim Pingle over 4 years ago

  • Category set to Authentication
Actions

Also available in: Atom PDF