Package: sshguard Version: 1.0-2 Severity: important Hi!
The sshguard manpage states: ,====================================================================== | For interfacing sshguard with syslog, a line like this must be included in | syslog.conf: | | # copy to sshguard entries with auth and authpriv fac., lev. >= info | auth.info;authpriv.info |/usr/local/sbin/sshguard `====================================================================== Once you noticed the problem with /local/ and put the line ,====================================================================== | auth.info;authpriv.info |/usr/sbin/sshguard `====================================================================== into /etc/syslog.conf, "head /usr/sbin/sshguard" will print: ,====================================================================== | j...@paranoia:~$ head /usr/sbin/sshguard | Jan 22 07:45:01 paranoia CRON[18458]: pam_unix(cron:session): session opened for user joe by (uid=0) | Jan 22 07:45:01 paranoia CRON[18458]: pam_unix(cron:session): session closed for user joe | Jan 22 07:46:01 paranoia CRON[18527]: pam_unix(cron:session): session opened for user joe by (uid=0) | Jan 22 07:46:01 paranoia CRON[18527]: pam_unix(cron:session): session closed for user joe | Jan 22 07:47:01 paranoia CRON[18595]: pam_unix(cron:session): session opened for user joe by (uid=0) | Jan 22 07:47:01 paranoia CRON[18595]: pam_unix(cron:session): session closed for user joe | Jan 22 07:48:01 paranoia CRON[18663]: pam_unix(cron:session): session opened for user joe by (uid=0) | Jan 22 07:48:01 paranoia CRON[18663]: pam_unix(cron:session): session closed for user joe | Jan 22 07:49:01 paranoia CRON[18731]: pam_unix(cron:session): session opened for user joe by (uid=0) | Jan 22 07:49:01 paranoia CRON[18731]: pam_unix(cron:session): session closed for user joe `====================================================================== Notice that I executed head as normal user, meaning normally confidential syslog-messages are now readable by anyone. Bye, Jö. -- System Information: Debian Release: 5.0 APT prefers testing-proposed-updates APT policy: (500, 'testing-proposed-updates'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sshguard depends on: ii libc6 2.7-18 GNU C Library: Shared libraries sshguard recommends no packages. sshguard suggests no packages. -- no debconf information -- Wenn wir tatsächlich denken würden, und sei es bloß an uns selber, wäre die Welt schon viel besser.
signature.asc
Description: Digital signature