Insufficient checking for the '-b' option

Create issue
Issue #20 resolved
Unknown Name created an issue

I just enabled blacklisting option "-b 32000" on sshguard 1.5 as a workaround (which works) for this bug

Using "-b 32000" (without a filename) actually works, while the man page says

"-b [num:]filename"

"The -b command line option enables blacklisting and requires the filename to use for permanent storage of the blacklist. Optionally, a custom blacklist threshold can be prefixed to this path, separated by ':'."

"requires the filename" is misleading if meant to be mandatory only for permanent storage. Should better say something like

The -b command line option enables blacklisting. Optional values are a blacklist threshold (default: 40) and/or a filename (filename is required for permanent storage of the blacklist). If both values are given, they need to be separated by ':'.

If both threshold and filename are optionally, the syntax should be something like

-b [num|num:filename|filename]

Comments (4)

  1. Kevin Zheng

    The man page for 1.6 was updated to reflect the intended behavior, which is that both arguments are mandatory. After the fix for issue #19, blacklisting is not enabled if a file argument is not supplied. However, the bug now is that SSHGuard does not exit with a failure when -b is given without a file.

  2. Log in to comment