Summary: | security/sshguard blacklist timeout too short | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Dan McGregor <dan.mcgregor> | ||||
Component: | Individual Port(s) | Assignee: | Adam Weinberger <adamw> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | adamw | ||||
Priority: | --- | ||||||
Version: | Latest | ||||||
Hardware: | Any | ||||||
OS: | Any | ||||||
Attachments: |
|
Sorry Dan, I didn't realize you'd submitted this so long ago! A commit references this bug: Author: adamw Date: Mon May 28 01:30:40 UTC 2018 New revision: 471012 URL: https://svnweb.freebsd.org/changeset/ports/471012 Log: Increase the default blacklist threshold from 30 to 120, which is the upstream default. 30 makes it far too easy to get locked out of your own server. 120 is simply a safer starting point. PR: 227016 Submitted by: Dan McGregor (maintainer) MFH: 2018Q2 Changes: head/security/sshguard/Makefile head/security/sshguard/files/patch-examples-sshguard.conf.sample head/security/sshguard/files/sshguard.in Committed. Thanks, Dan! I've requested an MFH for this as well. A commit references this bug: Author: adamw Date: Tue May 29 13:04:06 UTC 2018 New revision: 471092 URL: https://svnweb.freebsd.org/changeset/ports/471092 Log: MFH: r471012 Increase the default blacklist threshold from 30 to 120, which is the upstream default. 30 makes it far too easy to get locked out of your own server. 120 is simply a safer starting point. PR: 227016 Submitted by: Dan McGregor (maintainer) Approved by: ports-secteam (feld) Changes: _U branches/2018Q2/ branches/2018Q2/security/sshguard/Makefile branches/2018Q2/security/sshguard/files/patch-examples-sshguard.conf.sample branches/2018Q2/security/sshguard/files/sshguard.in |
Created attachment 191885 [details] Change blacklist values Our blacklist timeout is too short, so update it to 120, the upstream recommended value. I'm considering Adam's suggestion of disabling it completely by default, I may post a patch to do that too soon. Reported by Adam Weinberger