Bug 237705 - security/sshguard: log messages on terminal after service sshguard restart
Summary: security/sshguard: log messages on terminal after service sshguard restart
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Steve Wills
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-02 10:38 UTC by martin
Modified: 2019-07-19 13:18 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (dan.mcgregor)


Attachments
patch to add -f to daemon command (1.16 KB, patch)
2019-05-26 17:18 UTC, Steve Wills
swills: maintainer-approval? (dan.mcgregor)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description martin 2019-05-02 10:38:48 UTC
Some time after restarting sshguard-2.3.1 using "service sshguard restart", I am seeing log messages in my ssh terminal like this:

Could not resolve 'mail.mcxinfoline.com' to address
Could not resolve '176-135-172-128.abo.bbox.fr' to address
Could not resolve 'cable-62-117-12-39.cust.telecolumbus.net' to address
etc

According to fstat, the sshguard processes are still connected to the tty:

# fstat `tty`
USER     CMD          PID   FD MOUNT      INUM MODE         SZ|DV R/W NAME
root     fstat      83163 ctty /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     fstat      83163    0 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     fstat      83163    1 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     fstat      83163    2 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sh         71585    1 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sh         71585    2 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sh         71584    1 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sh         71584    2 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sshg-blocker 71583    2 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sshg-parser 71582    2 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     tail       71580    0 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     tail       71580    2 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sh         71579    0 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sh         71579    1 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     sh         71579    2 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     csh        54121 ctty /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     csh        54121   15 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     csh        54121   16 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     csh        54121   17 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     csh        54121   18 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
root     csh        54121   19 /dev         87 crw--w----   pts/0 rw  /dev/pts/0
# ps -u -d -p 71579,71580,71582,71583,71584,71585
USER   PID %CPU %MEM  VSZ  RSS TT  STAT STARTED    TIME COMMAND
root 71579  0.0  0.2 7064 1836  -  Is   17Apr19 0:00.00 /bin/sh /usr/local/sbin/sshguard -b 120:/var/db/sshguard/bla
root 71580  0.0  0.2 6296 1952  -  S    17Apr19 2:07.29 - tail -F -n 0 /var/log/auth.log /var/log/maillog
root 71582  0.0  0.3 7960 2964  -  IC   17Apr19 0:02.63 - /usr/local/libexec/sshg-parser
root 71583  0.0  0.2 6620 2256  -  IC   17Apr19 0:02.98 - /usr/local/libexec/sshg-blocker -a 30 -b 120:/var/db/sshgu
root 71584  0.0  0.2 7064 1828  -  I    17Apr19 0:00.00 - /bin/sh /usr/local/sbin/sshguard -b 120:/var/db/sshguard/b
root 71585  0.0  0.2 7064 2044  -  I    17Apr19 0:00.13 `-- /bin/sh /usr/local/libexec/sshg-fw-ipfw
# 

Possibly the rc.d script should pass -f to /usr/sbin/daemon (c.f. https://svnweb.freebsd.org/ports/head/databases/mysql80-server/files/mysql-server.in?revision=466508&view=markup#l56)?
Comment 1 Steve Wills freebsd_committer 2019-05-26 17:18:42 UTC
Created attachment 204620 [details]
patch to add -f to daemon command

I think this should fix it, please test and approve.
Comment 2 martin 2019-05-28 14:53:37 UTC
Comment on attachment 204620 [details]
patch to add -f to daemon command

The -f argument works AFAICT (using fstat).
Comment 3 Adam Weinberger freebsd_committer 2019-07-19 13:18:25 UTC
Hi everyone,

This was included in r506904, so I'm going to close out this PR. Thanks for identifying the fix, Steve.