Mar 08

SSHGuard 2.0.0 release announcement

SSHGuard 2.0.0 has been released, and here are the highlights:

Added

  • Support reading from os_log on macOS 10.12 and systemd journal
  • Add firewalld backend (tutorial)
  • Add ipset backend
  • Resurrect the ipfilter backend
  • Preliminary support for Capsicum and pledge()
  • Match “no matching cipher” for SSH
  • Annotate logs using -a flag to sshg-parser

Changed

  • SSHGuard requires a configuration file to start
  • Runtime flags now configurable in the sshguard.conf configuration file
  • Add warning when reading from standard input
  • Build and install all backend scripts by default
  • Improve log messages and tweak logging priorities

Removed

  • Remove process validation (-f option)

Fixed

  • Fix ipfw backend on FreeBSD 11
  • Fix initial block time being doubled
  • Update Dovecot pattern for macOS
  • Use standard score for Sendmail auth attack

You can get the latest release of SSHGuard from Sourceforge, and learn more on the SSHGuard website.

There has been a lot of changes to how SSHGuard is configured in this release. Most notable, piped commands and runtime flags should be moved from the init script to the permanent configuration file. The release contains example configurations for systemd and the journal on Linux, launchd and os_log on macOS, as well as a fully documented sshguard.conf in examples/.

Maintainers and distributors should make sure they update their distribution-specific configurations accordingly.

Ideas? Contributions? Bugs? Questions? Reach out through the bug tracker or mailing lists!

Mar 06

SSHGuard installed by default in Ubuntu MATE 16.04.2 for Raspberry Pi

The Ubuntu MATE blog have announced that SSHGuard will be enabled by default when users enable SSH in Ubuntu MATE for Raspberry Pi.

Ubuntu MATE 16.04.2 has disabled SSH by default, but once SSH is enabled by users — it will also enable SSHGuard at the same time. This will help protect the resource-limited Raspberry Pi devices against scripted attacks on their SSH service.

Users may also soon see SSHGuard pop up in other Raspberry Pi focused Linux distributions based on Ubuntu Pi Flavours for Raspberry Pi as per their blog.

The SSHGuard team is pleased to see a Linux distribution install SSHGuard by default, and thanks the Ubuntu MATE for Raspberry Pi team for trusting SSHGuard to protect their users.

Oct 25

SSHGuard 1.7.1 release announcement

SSHGuard 1.7.1 has been released! More details are available in the release announcement.

Aug 08

SSHGuard 1.7.0 release announcement

SSHGuard 1.7.0 has been released! More details are available in the release announcement.

Apr 29

SSHGuard 1.6.4 release announcement

SSHGuard 1.6.4 has been released! This release brings updated signatures, usability improvements, and bug fixes. More details are available in the release announcement.

Jan 01

SSHGuard 1.6.3 release announcement

SSHGuard 1.6.3 has been released! This release brings stability and usability improvements, along with many bug fixes and documentation updates. More details are available in the release announcement.

Aug 01

SSHGuard 1.6.1 release announcement

SSHGuard 1.6.1 has been released! This release is primarily a bugfix release that fixes a few late-breaking issues from 1.6.0 while incorporating a few feature improvements. More details are available in the release announcement.

May 02

SSHGuard 1.6.0 release announcement

SSHGuard 1.6.0 has been released! This release is the first in the 1.6 branch and comes after more than four years of development. More details are available in the release announcement.

May 10

From roff to reStructuredText

So far we have been writing the man page directly in roff, the original man-page format. However, no tool is available to produce decent HTML output for roff, and we were constantly in need of minor or major manual edits every time an updated manual page had to be brought to the website.

To end this pain we chose to move to a more general markup language, reStructuredText, from which we are able to generate healthy, semantic and beautiful outputs in all required formats – like roff and HTML – entirely automatically.

-a

May 06

Welcome Arma

Some users might have noticed Armando’s presence, over the last months, on our users’ mailing list.

Armando (AKA armax00 AKA arma@) has been hacking around with SSHGuard for a while now, and contributed a few interesting changes that already made it into trunk. All commits thus far passed through me (mij@) to ensure quality, but time has now come for arma to commit directly.

This means, arma@ is welcome into SSHGuard’s team, and he will be the point of contact for his own commits. Welcome Armando!

Oct 13

Community surprise

Whazzup?

A few factors took me away from Open Source in the last months. In a way, these months have been a “bus factor test”: looking back, they show how the project would endure without the constant hand of the principal developer.

And the summary is: Surprise!

  • year 2010 saw 6 SSHGuard releases, year 2011 saw one
  • website traffic in 2011 increased 30%
  • several packages appeared for new OSes/distributions spontaneously (we solicited hard for them in 2010)
  • download count conserved for source package, despite spreading binary distros supposedly taking a bigger bite off
  • submissions of patterns conserved (at about 60/year), still more than our processing rate
  • code contributions on the mailing list grew significantly

So, development falls, and popularity rises? Apparently so, and the magic behind is called “community”.

If I have to name a few concrete factors that might have aided this:

  • Federico’s new and awesome website
  • Maturity of the codebase
  • Time. The project has been around long enough to catch up with older massively-ranked projects on Search Engines

What can you do, as a user, to help SSHGuard build upon a stronger community? Give back with a few minutes of your time!
Here’s some ideas:

  • always speak out for stuff you like. Ideas: your blog (yes!), alternative.to, ohloh, twitter, stackoverflow, webhostingtalk, freshmeat, sourceforge
  • mention SSHGuard when someone asks for advice on mailing lists: help people find alternatives to choose from
  • help other users by replying on sshguard’s mailing list. The less posts the team has to reply, the more we can work on code

Sep 14

New, fresh look

Hello SSHguard happy users! The webmaster is speaking.

I am glad to announce the release of the new look ‘n feel of sshguard.net website: new colors, bigger logo, more logos (have you seen the little owl hanging on the footer?). Also, this feed is also available via HTML, not just via RSS as has always been. This micro-blog nicely blends into your social circle thanks to the Disqus commenting service we just deployed.

As SSHguard, sshguard.net can evolve also thanks to your contributions. So please, don’t be afraid to send us comments, ideas, bug reports and suggestions about the website. We’re always glad to hear from our users.

Aug 09

Version 1.5 and timing

Today we release version 1.5rc4. Dijkstra used to say that the aim of testing is to prove the presence of bugs, not their absence. If so, we managed to be successful with 1.5rc3 too! :)
Thanks Florian for reporting the problems on recent Solaris, and working them out along with us. And thanks Dago from opencsw.org, which provides Solaris shells (and support) for developers to ensure maintenance of Solaris portability with ease. OpenCSW is definitely worth praise and notice for any project that cares about portability.

In the meantime, we keep receiving proposals for the addition of patterns on http://www.sshguard.net/support/attacks/submit/. At the rate of one submission a week, this is a great way to reminds us how big and lively our community is out there. Plus, users start wanting to apply SSHGuard to tasks beyond its original portfolio. Awesome!
If anyone wonders what’s happening to such submissions (the background: we’re taking on average 3 months from submission to commit), the explanation is that by policy we prioritize fixes to outstanding bugs before addition of new features. As soon as we’re over with 1.5, the bulk of outstanding submission will be processed.

So, what can you do to speed this whole process up? Go test sshguard 1.5rc4 now, and report merciless any defect you might find. If we see we’re done with it, 1.5 stable is on its way in just a few weeks.

Jul 17

SSHGuard news

So long since the new website and no post! Thanks Federico for setting up the feed, and let’s stop the former HTTP 404 with a first post.

The original idea was to use this as a conveniently-editable replacement for Sourceforge’s Project News tool (you might have noticed that we’re progressively leaving Sourceforge to something self-hosted). More likely however posts here will be more frequent, and less polished.

This is what you might expect then:

  • notifications of releases (spoiler-free, FreshMeat will remain the reference) or significant commits to the repository
  • notifications of additions to the website. Federico’s fancy submission tools, and the volume of content enclosed on the site, have been much too long concealed and will now be given more of the deserved visibility
  • comments on Internet publications relevant to SSHGuard
  • comments on the mid/long-term direction of SSHGuard
  • comments on users’ feedback or submissions, or verbatim comments from users if someone is up to and it’s worth

If you are used to blogs or Twitter, this is going to be like neither of them :) so stay tuned!
mij

Lates Releases View all»

  • Latest releases Latest releases are available from SourceForge. See 'News'.
  • sshguard 1.5 This is a milestone release, coming after 18 months ...
  • sshguard 1.5 Sshguard monitors services through their logging activity. It reacts ...

F.A.Q. View all»

  • What is sshguard?Sshguard is a small program that monitors services running on your machine from the log files. When it ...
  • Sshguard does not workYou have one of these problems: sshguard is not given logs correctly sshguard cannot run the commands for ...
  • What does sshguard do?The short version is: it receives log messages, it detects when a networked service has been abused based ...