FreeBSD Bugzilla – Attachment 177576 Details for
Bug 214980
blacklistd and sshd incorrect counting of failed login attempts
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
some output from ssh, blacklistd and blacklistctl
blacklistd.txt (text/plain), 7.37 KB, created by
azhegalov
on 2016-12-01 14:10:00 UTC
(
hide
)
Description:
some output from ssh, blacklistd and blacklistctl
Filename:
MIME Type:
Creator:
azhegalov
Created:
2016-12-01 14:10:00 UTC
Size:
7.37 KB
patch
obsolete
>After only two authentication attempts > >ssh -b 10.10.0.1 test@192.168.4.75 >Password for test@192.168.4.75: >Password for test@192.168.4.75: > > > >blacklistd -d -v >gethostport: host4 192.168.4.0 >[local] > target type proto owner name nfail duration > 22 6 2 * * 5 1800 > * * * * * 3 60 >[remote] > source type proto owner name nfail duration > 192.168.4.0/25 * * * * * * >Connected to blacklist server > >processing type=1 fd=5 remote=10.10.0.1:58212 msg=ssh uid=0 gid=0 >listening socket: 192.168.4.75:22 >look: target:192.168.4.75:22, proto:6, family:2, uid:0, name:=, nfail:*, duration:* >check: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >found: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: merge: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: to: target:192.168.4.75:22, proto:6, family:2, uid:0, name:=, nfail:*, duration:* >conf_apply: result: target:192.168.4.75:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >Applied address 10.10.0.1:22 >check: target:82.114.2.16/28, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:82.114.1.0/27, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:192.168.4.0/25, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >Applied address 10.10.0.1:22 >process: db state info for 10.10.0.1:58212: count=0/5 last=1970/01/01 03:00:00 now=2016/12/01 16:53:49 >processing type=1 fd=5 remote=10.10.0.1:58212 msg=ssh uid=22 gid=22 >listening socket: 192.168.4.75:22 >look: target:192.168.4.75:22, proto:6, family:2, uid:22, name:=, nfail:*, duration:* >check: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >found: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: merge: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: to: target:192.168.4.75:22, proto:6, family:2, uid:22, name:=, nfail:*, duration:* >conf_apply: result: target:192.168.4.75:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >Applied address 10.10.0.1:22 >check: target:82.114.2.16/28, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:82.114.1.0/27, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:192.168.4.0/25, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >Applied address 10.10.0.1:22 >process: db state info for 10.10.0.1:58212: count=1/5 last=2016/12/01 16:53:49 now=2016/12/01 16:53:49 >processing type=1 fd=5 remote=10.10.0.1:58212 msg=ssh uid=0 gid=0 >listening socket: 192.168.4.75:22 >look: target:192.168.4.75:22, proto:6, family:2, uid:0, name:=, nfail:*, duration:* >check: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >found: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: merge: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: to: target:192.168.4.75:22, proto:6, family:2, uid:0, name:=, nfail:*, duration:* >conf_apply: result: target:192.168.4.75:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >Applied address 10.10.0.1:22 >check: target:82.114.2.16/28, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:82.114.1.0/27, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:192.168.4.0/25, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >Applied address 10.10.0.1:22 >process: db state info for 10.10.0.1:58212: count=2/5 last=2016/12/01 16:53:49 now=2016/12/01 16:55:39 >processing type=1 fd=5 remote=10.10.0.1:58212 msg=ssh uid=0 gid=0 >listening socket: 192.168.4.75:22 >look: target:192.168.4.75:22, proto:6, family:2, uid:0, name:=, nfail:*, duration:* >check: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >found: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: merge: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: to: target:192.168.4.75:22, proto:6, family:2, uid:0, name:=, nfail:*, duration:* >conf_apply: result: target:192.168.4.75:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >Applied address 10.10.0.1:22 >check: target:82.114.2.16/28, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:82.114.1.0/27, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:192.168.4.0/25, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >Applied address 10.10.0.1:22 >process: db state info for 10.10.0.1:58212: count=3/5 last=2016/12/01 16:55:39 now=2016/12/01 16:55:39 >processing type=1 fd=5 remote=10.10.0.1:58212 msg=ssh uid=22 gid=22 >listening socket: 192.168.4.75:22 >look: target:192.168.4.75:22, proto:6, family:2, uid:22, name:=, nfail:*, duration:* >check: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >found: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: merge: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: to: target:192.168.4.75:22, proto:6, family:2, uid:22, name:=, nfail:*, duration:* >conf_apply: result: target:192.168.4.75:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >Applied address 10.10.0.1:22 >check: target:82.114.2.16/28, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:82.114.1.0/27, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:192.168.4.0/25, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >Applied address 10.10.0.1:22 >process: db state info for 10.10.0.1:58212: count=4/5 last=2016/12/01 16:55:39 now=2016/12/01 16:55:48 >run /usr/libexec/blacklistd-helper [control add blacklistd tcp 10.10.0.1 32 22 ] >add returns OK > >blocked 10.10.0.1/32:22 for 1800 seconds >processing type=1 fd=5 remote=10.10.0.1:58212 msg=ssh uid=0 gid=0 >listening socket: 192.168.4.75:22 >look: target:192.168.4.75:22, proto:6, family:2, uid:0, name:=, nfail:*, duration:* >check: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >found: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: merge: target:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >conf_apply: to: target:192.168.4.75:22, proto:6, family:2, uid:0, name:=, nfail:*, duration:* >conf_apply: result: target:192.168.4.75:22, proto:6, family:2, uid:*, name:*, nfail:5, duration:1800 >Applied address 10.10.0.1:22 >check: target:82.114.2.16/28, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:82.114.1.0/27, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >check: target:192.168.4.0/25, proto:*, family:*, uid:*, name:*, nfail:*, duration:* >Applied address 10.10.0.1:22 >process: db state info for 10.10.0.1:58212: count=5/5 last=2016/12/01 16:55:48 now=2016/12/01 16:55:48 >rule exists OK >run /usr/libexec/blacklistd-helper [control rem blacklistd tcp 10.10.0.1 32 22 OK] >rem returns deleted: 10.10.0.1/32 0 > >run /usr/libexec/blacklistd-helper [control add blacklistd tcp 10.10.0.1 32 22 ] >add returns OK > >blocked 10.10.0.1/32:22 for 1800 seconds > > > > >At the same time: > >blacklistctl dump -a > address/ma:port id nfail last access > 10.10.0.1/32:22 OK 6/5 2016/12/01 16:55:48 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=177576">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 214980
: 177576 |
180208