David King <[EMAIL PROTECTED]> wrote: > I'm trying to use sshit.pl from /usr/ports/secrurity/sshit, and I'm > having some trouble with it that I think may be a bug, or a mis- > configuration on my part. > > sshit is a Perl program that receives syslog messages (configured in > syslog.conf) of the form '/failed .*from (\d+\.\d+\.\d+\.\d+) /i' to > try to detect SSH brute-force attempts, and after X from the same IP > address in Y minutes, it adds them to an IPFW2 table, which has a > "deny from" rule that runs on it. > > sshit seems to be not working (i.e. it's never adding IP addresses to > the ipfw2 table I specified) and dumping many of the following > messages to /var/log/messages: > May 31 10:03:03 melchoir syslogd: Logging subprocess 20716 (exec /usr/ > local/sbin/sshit) exited with status 28. > > This appears to be because of the following: > ~# echo 'May 29 12:20:32 melchoir sshd: Failed password for > illegal user user1 from 18.104.22.168 port 43282 ssh2' | sshit; echo > "Error: $?" > IPC::Shareable::SharedMem: shmget: No space left on device > at /usr/local/lib/perl5/site_perl/5.8.8/IPC/Shareable.pm line 566 > Could not create shared memory segment: No space left on device > at ./sshit line 295 > Error: 28 > > As you can see, shmget seems to say that it cannot get a shared > memory segment. However: > > ~% grep SYSV /usr/src/sys/i386/conf/ROUTERKERNEL > options SYSVSHM #SYSV-style shared memory > options SYSVMSG #SYSV-style message queues > options SYSVSEM #SYSV-style semaphores > > ~% top|grep ^Mem > Mem: 182M Active, 23M Inact, 71M Wired, 1540K Cache, 41M Buf, 28M Free > > ~% sysctl -a | grep ipc.*shm > kern.ipc.shmmax: 134217728 > kern.ipc.shmmin: 1 > kern.ipc.shmmni: 192 > kern.ipc.shmseg: 128 > kern.ipc.shmall: 8192 > kern.ipc.shm_use_phys: 0 > kern.ipc.shm_allow_removed: 0 > > (that is after I turned up shmmax) > > Some more potentially useful information: > > ~% grep sshit.pl.*v[0-9] `which sshit` > # sshit.pl v0.5 > > ~% uname -a > FreeBSD <> 5.3-RELEASE-p20 FreeBSD 5.3-RELEASE-p20 #2: Fri Sep 9 > 14:11:12 PDT 2005 root@<>:/usr/obj/usr/src/sys/ROUTERKERNEL i386 > > ~% pkg_info | grep sshit > sshit-0.5 Checks for SSH/FTP bruteforce and blocks given IPs > > ~% perl -v > This is perl, v5.8.8 built for i386-freebsd-64int > > If you have absolutely any idea, please let me know. I'm happy to do > some more debugging if it helps
How about the output from 'ipcs -b'. -- Bill Moran That seem right to you? Jubal Early _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"