commit 8105e96873bb5a888eaadcede8f9b645b3a0d20f
parent cf13b134ea06e354dec798e99df8a023fe6a897e
Author: Naveen Narayanan <zerous@nocebo.space>
Date: Sat, 23 Oct 2021 13:38:46 +0200
Update README
Diffstat:
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/README b/README
@@ -1,6 +1,6 @@
gods
---
-A simple watch dog for ssh.
+A simpler solution to the problem of blocking malicious ssh users.
Why gods?
---
@@ -11,7 +11,9 @@ What is it?
It is intended to be used as a daemon to block unsolicited ssh users
from trying to bruteforce their way through.
-sdog depends on two config files which are mutually exclusive to each other.
+sdog reads authlog (/var/log/authlog) and blocks ips based on simple
+pattern matching. It depends on two config files which are mutually
+exclusive to each other.
/etc/gods/blacklist
As the name suggests this file shall contain the ip addresses
@@ -19,7 +21,7 @@ sdog depends on two config files which are mutually exclusive to each other.
/etc/gods/whitelist
As the name suggests this file shall contain the ip addresses
- one wishes to allow access for eternally.
+ one wishes to allow access eternally.
Apart from the directives that sdog learns from these files, it shall
ban/unban users based on a simple mathematical model:
@@ -28,8 +30,7 @@ ban/unban users based on a simple mathematical model:
has tried to authenticate and failed.
n is an element of the set [-1,8]
-After 8 tries, the said user is blacklisted and n shall be reset (to
--1) if the user successfully authenticates.
+After 8 tries, the said user is blacklisted eternally.
The initial idea is to support pf and npf.
