Add attack.[ch] - gods - a simple blocklist for ssh

commit a6635dd8b619784a46c76f5d06df65c18b0a9463
parent 636064570f20078bbb86262efb4487ae7aee24de
Author: Naveen Narayanan <zerous@nocebo.space>
Date:   Sun, 26 Sep 2021 18:59:12 +0200

Add attack.[ch]

Implement isattack(), islogin(), isexpire()

Diffstat:
M Makefile  | 3 ++-
A attack.c  | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A attack.h  | 21 +++++++++++++++++++++
M config.mk  | 1 +

4 files changed, 96 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
@@ -1,6 +1,7 @@
 include config.mk
 
 OBJ = \
+	attack.o\
 	ip.o\
 	main.o \
 	parser.o \
@@ -31,4 +32,4 @@ uninstall:
 	$(CC) $(CFLAGS) -c $<
 
 sdog: $(OBJ)
-	$(CC) -o $@ $(OBJ)
+	$(CC) -o $@ $(OBJ) $(LDFLAGS)
diff --git a/attack.c b/attack.c
@@ -0,0 +1,72 @@
+#include <math.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+#include "attack.h"
+
+int
+isattack(char *constat)
+{
+	char *attack[] = {
+		"Invalid user",
+		"Failed password for",
+		NULL,
+	};
+
+	printf("isattack: %s\n", constat);
+	for (char **p = attack; *p; ++p) {
+		printf("%s\n", *p);
+		if (strstr(constat, *p)) {
+			printf("isattack: found\n");
+			return 1;
+		}
+	}
+	return 0;
+}
+
+int
+islogin(char *constat)
+{
+	char *login[] = {
+		"Accepted publickey for",
+		"Accepted keyboard-interactive/pam for",
+		NULL,
+	};
+	printf("islogin: %s\n", constat);
+	for (char **p = login; *p; ++p)
+		if (strstr(constat, *p)) {
+			printf("islogin: found\n");
+			return 1;
+		}
+	return 0;
+}
+
+int
+isexpire(struct attacker *a)
+{
+	time_t ban;
+
+	ban = pow(3, a->nban) * 60 * 60;
+
+	if (difftime(time(NULL), a->last) >= ban)
+		return 1;
+
+	return 0;
+}
+
+int
+blacklist(struct attacker *a)
+{
+	/* stub */
+	printf("%s blacklisted\n", a->ip);
+	return 1;
+}
+
+int
+whitelist(struct attacker *a)
+{
+	/* stub */
+	printf("%s whitelisted\n", a->ip);
+	return 1;
+}
diff --git a/attack.h b/attack.h
@@ -0,0 +1,21 @@
+#ifndef _ATTACK_H
+#define _ATTACK_H
+
+#include <time.h>
+
+#include "queue.h"
+
+struct attacker {
+	char ip[16];
+	int nban;		/* [-1,8] */
+	time_t last;
+	SLIST_ENTRY(attacker) attackers;
+};
+
+int blacklist(struct attacker *);
+int whitelist(struct attacker *);
+int isattack(char *);
+int isexpire(struct attacker *);
+int islogin(char *);
+
+#endif
diff --git a/config.mk b/config.mk
@@ -2,3 +2,4 @@ VERSION = 0.0
 PREFIX = /usr/local
 MANPREFIX = $(PREFIX)/man
 CFLAGS = -g -Werror -Wall
+LDFLAGS = -lm

	gods a simple blocklist for ssh
	Log \| Files \| Refs \| README \| LICENSE

M	Makefile	\|	3	++-
A	attack.c	\|	72	++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
A	attack.h	\|	21	+++++++++++++++++++++
M	config.mk	\|	1	+