Talk:SSH/Swatch

From Gentoo Linux Wiki

Jump to: navigation, search

I can't get 'threshold 3:3600' to work. If I leave the command in the config file, I get the following error message: 

Undefined subroutine &main::threshold called at /root/.swatch_script.24048 line 125, <TAIL> line 1.

Any Ideas? --Q4RadioGuy 06:16, 1 May 2005 (GMT)

Yep, I've got an idea. That function isn't implemented yet. Using 'throtle threshold <acctions>:<time>' gives no errors, but that doesn't seem to work though.

If it isn't implemented yet, why is it listed in this HOWTO? That doesn't make any sense to me at all. --66.185.70.104 19:09, 6 May 2005 (GMT)

In documentation i read this feature now is only enabled in Debian :/ --62.121.132.149 14:01, 13 May 2005 (GMT)

This feature isn't only mentioned in this HOWTO, but also in the man-pages. Very odd. --Ruud 10:35, 14 May 2005 (GMT)

If it's enabled on debian, can anyone make a diff of swatch on both systems to see what changed, so we can see if we can also enable it on Gentoo? I only posted that here c'os I found it on man pages, when I found out that it didnt work, I comented it out... --PedroAlgarvio 14:44, 4 Jul 2005 (GMT)

Ran into this, turns out the syntax was documented incorrectly; use "throttle threshold 3:3600" instead. Works fine.

Why not use the threshold syntax? 

 threshold track_by=$4,type=both,count=3,seconds=60

It would save you having to patch.

[edit] exploitable DROP command

Hi, if an attacker uses multiple words as user name it is possbile to "inject" an ip at the 10. position in the log file. So an attacker could make the server block every ip/host.

kannX

Retrieved from "http://www.gentoo-wiki.com/Talk:SSH/Swatch"
Personal tools