- changed status to open
sshguard not detecting SASL LOGIN failures
Issue #145
resolved
System:
OS = FreeBSD 12.2-RELEASE-p11
SSHGUARD = 2.4.2_1,1 (binary)
FW = PF
Config:
BACKEND="/usr/local/libexec/sshg-fw-pf"
FILES="/var/log/auth.log /var/log/maillog"
Behaviour:
571 logs in /var/log/maillog with:
postfix/smtps/smtpd[67834]: warning: unknown[a.b.c.d]: SASL LOGIN authentication failed: authentication failure
Issue:
No logs whatsoever in /var/log/messages showing this to be picked-up by sshguard.
Remark:
There are many messages regarding blocking IP's for failed login attempts on service SSH.
Comments (2)
-
-
- changed status to resolved
Fixed in 653c2dd, thanks.
- Log in to comment
Thanks for the report. Indeed, this signature is not detected by the parser.
I will take a look at updating the signature for Postfix SASL, unless you can beat me to it with a patch.