commit 7b74cc2166ad8898ccb854dceddf8a49f9c3fb67 parent 89e3f7de1ee3de49ac377ee4e1c508f13a2156c9 Author: Naveen Narayanan <zerous@nocebo.space> Date: Sat, 23 Oct 2021 16:30:06 +0200 Add manpage Diffstat:
| M | Makefile | | | 1 | + |
| A | sdog.1 | | | 97 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
2 files changed, 98 insertions(+), 0 deletions(-)
diff --git a/Makefile b/Makefile @@ -9,6 +9,7 @@ OBJ = \ range.o\ BIN = sdog +MAN = sdog.1 all: options $(BIN) diff --git a/sdog.1 b/sdog.1 @@ -0,0 +1,97 @@ +.Dd Oct 23, 2021 +.Dt SDOG 1 +.Os +.Sh NAME +.Nm sdog +.Nd block malicious ssh users +.Sh SYNOPSIS +.Nm sdog +.Op Fl d +.Sh DESCRIPTION +.Nm +monitors +.Ar authlog +and blocks malicious ssh users using +simple pattern matching. +.Nm +uses two files +.Ar blacklist +and +.Ar whitelist +to maintain users +who are respectively banned and allowed access perpetually. +The files shall contain the respective ip-addresses of users +and shall remain mutually exclusive to each other. + +.Nm +bans malicious users based on a simple mathematical model: + +ban-duration = 3 ^ +.Ar n +where +.Ar n +is the number of times the user has tried to initiate a connection and +failed. +After 8 failed attempts, +the user is banned eternally by adding +the respective ip address of the user to +.Ar blacklist . +.Sh OPTIONS +.Bl -tag -width "-d " +.It Fl d +Debug mode. The server sends debug output to standard error +and does not daemonize. +.El +.Sh SIGNALS +.Bl -tag +.It HUP +Gracefully shutdown +.Nm +. +.Sh FILES +.Bl -tag +.It authlog +/var/log/authlog +.It blacklist +/etc/gods/blacklist +.It whitelist +/etc/gods/whitelist +.El +.Sh NOTES +OpenBSD pf is only supported at the moment. +.Nm +uses a pf table called +.Ar blacklist +to block and unblock prospective attackers. +Copying the following lines to +.Ar pf.conf +and restarting pf will create the respective table. + +.nf +table <blacklist> persist +block in on <if> from <blacklist> to any +.fi + +Care must be taken to replace <if> with the respective interface. + +.Sh CAVEATS +.Nm +can not dynamically ban/unban users at the moment. +In the event of having to ban/unban a user +the following commands will be helpful: + +.nf +Show all ip-addresses that are banned +pfctl -t blacklist -T show + +Unban an ip-address +pfctl -t blacklist -T delete <ip> + +Ban an ip-address +pfctl -t blacklist -T add <ip> +.fi + +Please shutdown the daemon prior to changing the state of a user. + +.Sh AUTHORS +.An Naveen Narayanan Aq Mt zerous@nocebo.space