Sshguard review at linux.com

Joe Barr published a review of sshguard on linux.com on March 06, 2007. Although I'm pleased to see this interest, I recognize some errors in it.

In first place, the article suggests to make sshguard setuid when installing. It is difficult for me to understand what could this help with, but for sure this opens a major security threat. As sshguard's job is parsing logs to block attack activity, a setuid instance easily allows any unprivileged user to run it, craft a couple of plain text lines and make the machine block any IP address it likes.
Please avoid making sshguard setuid for your own safety.

In second place, it suggests to run sshguard standalone mode. I documented this manner of running sshguard, but I recommend to run it under syslog (or syslog-ng) whenever possible.
I suppose Joe did this choice for shortness of the article, as the recommended alternative requires pointing out some more configs.

In third place, some consistency notes:

• he refers to version 0.9. At the time of the article, sshguard version 0.91 was available since a couple of weeks.
• he reported the FreeBSD port was to be written, whereas it was already available for a week before the article.
• in no ways the article makes reference to the software home page, which is fun for a review article :)

In any way, thanks for the interest and publicity.

Get back to the sshguard homepage.