- changed title to Insufficient checking for the '-b' option
-
assigned issue to
Insufficient checking for the '-b' option
I just enabled blacklisting option "-b 32000" on sshguard 1.5 as a workaround (which works) for this bug https://bitbucket.org/sshguard/sshguard/issues/19/blacklisting-is-on-by-default-and-cannot
Using "-b 32000" (without a filename) actually works, while the man page says
"-b [num:]filename"
"The -b command line option enables blacklisting and requires the filename to use for permanent storage of the blacklist. Optionally, a custom blacklist threshold can be prefixed to this path, separated by ':'."
"requires the filename" is misleading if meant to be mandatory only for permanent storage. Should better say something like
The -b command line option enables blacklisting. Optional values are a blacklist threshold (default: 40) and/or a filename (filename is required for permanent storage of the blacklist). If both values are given, they need to be separated by ':'.
If both threshold and filename are optionally, the syntax should be something like
-b [num|num:filename|filename]
Comments (4)
-
-
reporter Where ist the current man page? I looked into https://bitbucket.org/sshguard/sshguard/src/fe211d0b1f7c2e101519f58ad969cb8e6eddec6d/man/sshguard.8.rst?at=master&fileviewer=file-view-default
and there is still written
Optionally, a custom blacklist threshold can be prefixed to this path, separated by ':'.
That should be changed if both are mandatory.
-
Updated man page in 15eeb4a.
-
- changed status to resolved
Fixed in 4648996, thanks!
- Log in to comment
The man page for 1.6 was updated to reflect the intended behavior, which is that both arguments are mandatory. After the fix for issue
#19, blacklisting is not enabled if a file argument is not supplied. However, the bug now is that SSHGuard does not exit with a failure when -b is given without a file.