#45347: sshguard respawn throttled --------------------------+--------------------- Reporter: lionteeth@… | Owner: nefar@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.1 Resolution: | Keywords: Port: sshguard | --------------------------+--------------------- Changes (by ryandesign@…): * cc: pixilla@… (added) * keywords: launchd => * owner: macports-tickets@… => nefar@… Old description:

I just installed sshguard for the first time. I removed /var/log/secure.log from the options file (since I don't have that file) and issued "port load sshguard".

/var/log/system.log starts filling with this message:

com.apple.launchd[1] (org.macports.sshguard): Throttling respawn: Will start in 10 seconds

The program does not appear to start. What went wrong?

Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64 i386 Macmini6,2 Darwin

Cheers, David

New description: I just installed sshguard for the first time. I removed /var/log/secure.log from the options file (since I don't have that file) and issued "port load sshguard". /var/log/system.log starts filling with this message: {{{ com.apple.launchd[1] (org.macports.sshguard): Throttling respawn: Will start in 10 seconds }}} The program does not appear to start. What went wrong? {{{ Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64 i386 Macmini6,2 Darwin }}} Cheers, [[br]] David -- Comment: Is it crashing? Are there crash logs in the usual place? -- Ticket URL: <https://trac.macports.org/ticket/45347#comment:1> MacPorts <http://www.macports.org/> Ports system for OS X

#45347: sshguard respawn throttled --------------------------+--------------------- Reporter: lionteeth@… | Owner: nefar@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.3.1 Resolution: | Keywords: Port: sshguard | --------------------------+--------------------- Comment (by lionteeth@…): I found out what the problem was by looking at what the wrapper does and running the command directly: }}} /opt/local/sbin/sshguard -l /var/log/system.log -w /opt/local/etc/sshguard/whitelist -b 5:/opt/local/var/db/sshguard/blacklist.db Doesn't make sense to have a blacklist threshold lower than one abuse (40). Terminating. }}} To make sshguard more aggressive, I had modified options to use {{{ -l /var/log/system.log -w /opt/local/etc/sshguard/whitelist -b 5:/opt/local/var/db/sshguard/blacklist.db }}} as I was seeing lots of attacks and nothing was added to the blacklist. But -b is not the number of attacks to tolerate, as in denyhosts, but a "danger" measure that is poorly documented in the man page. Running the command directly gives me {{{ Doesn't make sense to have a blacklist threshold lower than one abuse (40). Terminating. }}} It would be very useful if the wrapper could allow this error message to pass through to system.log. Now, the man page says "per-attack danger is 10", so it's unclear how 40 represents one abuse, and I still don't know how much abuse -b 50 is. Anyway, bad documentation isn't macport's problem, so please close. Cheers, Dave -- Ticket URL: <https://trac.macports.org/ticket/45347#comment:3> MacPorts <http://www.macports.org/> Ports system for OS X