gods

a simple blocklist for ssh
Log | Files | Refs | README | LICENSE
commit e0c46b019ba4a62b9d84ac16b44d270f1702084d
parent 1d79047162f78ce0c0002049ab01fb6bd9de32b8
Author: Naveen Narayanan <zerous@nocebo.space>
Date:   Sun, 24 Oct 2021 17:33:37 +0200

Globalize the number of immune tries

immune_try represents the number of times a prospective
attacker can initiate a connection and fail without incurring any
penalties. This patch makes it user-configurable.

Diffstat:

Mconfig.h | 1+


Mmain.c | 7++++---


2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/config.h b/config.h
@@ -1,3 +1,4 @@
 char *sshlog = "/var/log/authlog";
 char *black_list = "/etc/gods/blacklist";
 char *white_list = "/etc/gods/whitelist";
+int immune_try = 2;
diff --git a/main.c b/main.c
@@ -38,8 +38,9 @@ ban(struct attacker *a)
 		return;
 
 	a->nban++;
-	if (fw_block(a->ip)
-	&&  a->nban > 8)
+	if (a->nban >= 0
+	&& fw_block(a->ip)
+	&& a->nban > 8)
 		blacklist(a);
 }
 
@@ -64,7 +65,7 @@ void
 init(struct attacker *a)
 {
 	strcpy(a->ip, ip);
-	a->nban = -1;
+	a->nban = -immune_try;
 	a->last = attack;
 	a->list = GREY;
 }