-
Notifications
You must be signed in to change notification settings - Fork 3
/
Changes
89 lines (81 loc) · 4.54 KB
/
Changes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
* 1.5 Feb 2011
- logsucker: sshguard polls multiple log files at once
- recognize syslog's "last message repeated N times" contextually and per-source
- attackers now gauged with attack *dangerousness* instead of count (adjust your -a !)
- improve IPv6 support
- add detection for: Exim, vsftpd, Sendmail, Cucipop
- improve Solaris support (thanks OpenCSW.org folks)
- handle huge blacklists efficiently
- improve logging granularity and descriptiveness
- add -i command line option for saving PID file as an aid for startup scripts
- update some attack signatures
- many other improvements, see 1.5beta and 1.5rc changelogs for complete credits
- fix a recognition problem for multilog files
- fix log filtering on OSes with inverted priority declarations
- fix file descriptor leak if "ps" command fails to run
- fix whitelist module allowing some entries to be skipped (thanks Andrea Dal Farra)
- fix segfault from invalid free() when all DNS lookups fail
- fix assertion failure when logsucker is notified before the logging completes (thanks Colin Keith)
* 1.4 Aug 2009
- add touchiness: block repeated abusers for longer
- add blacklisting: store frequent abusers for permanent blocking
- add support for IPv6 in whitelisting (experimental)
- sshguard ignores interrupted fgets() and reloads more seldom (thanks Keven Tipping)
- debug mode now enabled with SSHGUARD_DEBUG environment variable (no "-d")
- support non-POSIX libCs that require getopt.h (thanks Nobuhiro Iwamatsu)
- import newer SimCList containing a number of fixes and improvements
- firewall backends now block all traffic from attackers by default, not per-service
- netfilter/iptables backend now verifies credentials at initialization
- parser accepts "-" and "_" chars in process names
- fix detection of some ProFTPd and pure-ftp messages
- support log formats of new versions of ProFTPd
- fix one dovecot pattern
- correctly handle abuse threshold = 1 (thanks K. Tipping)
- fix handling of IPv6 with IPFW under Mac OS X Leopard (thanks David Horn)
- fix cmdline argument BoF exploitable by local users when sshguard is setuid
- support blocking IPv6 addrs in backed "hosts.allow"
- extend hosts.allow backend to support all service types
- localhost addresses are now whitelisted a priori
- extend IPv6 pattern for matching special addresses (eg, IPv4 embedded)
- fix grammar to be insensitive to a log injection in sshd (thanks J. Oosterveen)
* 1.3 Oct 2008
- fix autoconf problem
- automatically detect when ipfw supports IPv6 (thanks David Horn)
- be sensitive to proftpd messages to auth facility, not daemon (thanks Andy Berkvam)
- add sshd pattern for "Bad protocol" and "Did not receive identif string"
* 1.2 Sep 2008
- support for Cyrus IMAP
- support for SSH "possible break-in attempt" messages
- updated support for dovecot to include logging format of new versions
- (thanks Michael Maynard) fix of IPF backend causing sshguard not to
update /etc/ipf.rules (disallow IPv6)
- fix detection of password when sshd doesn't log anything more than PAM
* 1.1 Jul 2008 (midway releases from Jul 2007 to Jun 2008)
- support suspension
- support debug mode at runtime (-d) for helping users in problem solving
- support for metalog logging format
- fix parser bug when recognizing certain IPv6 addresses
- fix segfault when the pipe to sshguard is closed unexpectedly
- support for ipfilter as blocking backend (thanks Hellmuth Michaelis for feedback)
- support for log messages authentication
- support for AIX genfilt firewall (thanks Gabor Szittner)
- fix "hosts" backend bug not discarding temporary files
- add monitoring support for new services:
@ dovecot imap
@ UWimap imap and pop
@ FreeBSD's ftpd
@ ProFTPd
@ pure-ftpd
* 1.0 May 2007
- address whitelisting for protecting friend addressess
- support for IPv6
- support for service multiplexing (behave differently for different services)
- more powerful parsing (context-free): support multilog, autotranslate
hostnames and easily extends to a lot of services
- new blocking backend: "hosts" for /etc/hosts.deny
- paths autodetected and adjustable from ./configure
- script for trivially generating new custom backends
* 0.91 Mar 2007
- run away from scons and use autotools as building system
* 0.9 Feb 2007
- first public release