*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
sshguard 2.3.1-1ubuntu1; focal
/lib/systemd/system/sshguard.service has:
ExecStartPre=-/sbin/iptables -N sshguard
ExecStartPre=-/sbin/ip6tables -N sshguard
ExecStopPost=-/sbin/iptables -X sshguard
ExecStopPost=-/sbin/ip6tables -X sshguard
iptables and ip6tables are now in /usr/sbin, not /sbin. So the sshguard
chain never gets created/deleted.
sshg-fw-iptables assumes that this chain exists, so it fails to actually
block any attacker:
Jun 23 22:54:18 fenrir sshguard[677248]: Attack from "192.0.2.1" on service 110
with danger 10.
Jun 23 22:54:18 fenrir sshguard[677248]: Blocking "192.0.2.1/32" for 122880
secs (3 attacks in 1 secs, after 11 abuses over 184099 secs.)
Jun 23 22:54:18 fenrir sshguard[1191669]: iptables: No chain/target/match by
that name.
Jun 23 23:46:49 fenrir sshguard[1198650]: iptables: Bad rule (does a matching
rule exist in that chain?).
** Affects: sshguard (Ubuntu)
Importance: Undecided
Status: New
--
sshguard.service uses wrong path for iptables; nothing actually gets blocked
https://bugs.launchpad.net/bugs/1884848
You received this bug notification because you are a member of Ubuntu Bugs,
which is subscribed to the bug report.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
