sshguard update question
-
When installing the recent update to sshguard I got the following message-
You may need to manually remove /usr/local/etc/sshguard.conf if it is no longer needed.My question is, is this file just a remnant of a previous version that wasn't removed as a part of the update or will it be recreated constantly and I'll need to remove it with every update?
Not sure why it must be removed manually?Box: SG-4200
-
@wgstarks where did you upgrade sshguard - that is not part of the pfsense packages that I am aware of.
-
@johnpoz
I got a notification that there was an update available. I don’t remember installing the package. It’s possible that it was installed as part of CrowdSec if it’s not part of pfSense.Box: SG-4200
-
I saw the same. I got the notice through the update script. I also had crowdsec installed but had previously removed it. Didn't delete the .conf file referred to, though.
From the pfSense Docs
Login Protection¶ pfSense software utilizes the sshguard daemon to protect against brute force logins for both the GUI and SSH connections. The options in this section fine-tune the behavior of this protection. Threshold: The total score value above which sshguard will block clients. Most attacks have a score of 10, the default threshold value is 30. -
@wgstarks said in sshguard update question:
I don’t remember installing the package
yeah its not a addon package. Where did you get a notification - an email? a notice in pfsense, the little bell in the top right of the web gui?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@johnpoz I got it from this update script.
-
@johnpoz said in sshguard update question:
@wgstarks said in sshguard update question:
I don’t remember installing the package
yeah its not a addon package. Where did you get a notification - an email? a notice in pfsense, the little bell in the top right of the web gui?
-
@wgstarks ah ok, I see it now..
[24.03-RELEASE][admin@sg4860.home.arpa]/root: pkg upgrade Updating pfSense-core repository catalogue... pfSense-core repository is up to date. Updating pfSense repository catalogue... pfSense repository is up to date. All repositories are up to date. Checking for upgrades (1 candidates): 100% Processing candidates (1 candidates): 100% The following 1 package(s) will be affected (of 0 checked): Installed packages to be UPGRADED: sshguard: 2.4.3_1,1 -> 2.4.3_2,1 [pfSense] Number of packages to be upgraded: 1 The process will require 2 MiB more space. 800 KiB to be downloaded. Proceed with this action? [y/N]: y [1/1] Fetching sshguard-2.4.3_2,1.pkg: 100% 800 KiB 819.0kB/s 00:01 Checking integrity... done (0 conflicting) [1/1] Upgrading sshguard from 2.4.3_1,1 to 2.4.3_2,1... [1/1] Extracting sshguard-2.4.3_2,1: 100% You may need to manually remove /usr/local/etc/sshguard.conf if it is no longer needed. [24.03-RELEASE][admin@sg4860.home.arpa]/root:Yeah I wouldn't delete that.. notice the "may need" I would just leave it alone.
-
@wgstarks said in sshguard update question:
You may need to manually remove /usr/local/etc/sshguard.conf if it is no longer needed.
A glitch of the update/upgrade process.
As this file probably doesn't contain default values, it wasn't removed, and the admin received a notification.
Worst case : you wind up with an orphan file ... no big deal.But : the file /usr/local/etc/sshguard.conf is actually maintained (created, updated) by the pfSense GUI, as it contains these settings :
Same for the the related /usr/local/etc/sshguard.whitelist file.
-
