gods

a simple blocklist for ssh
Log | Files | Refs | README | LICENSE
commit d4eaffb75e839d59c21616dee82d43052afa3f62
parent e0c46b019ba4a62b9d84ac16b44d270f1702084d
Author: Naveen Narayanan <zerous@nocebo.space>
Date:   Sun, 24 Oct 2021 18:26:38 +0200

Globalize variable

attack_pattern
max_try (max number of times an attacker is allowed to fail
at authenticating without being blacklisted)

Diffstat:

Mattack.c | 11+++--------


Mconfig.h | 7+++++++


Mmain.c | 2+-


3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/attack.c b/attack.c
@@ -7,17 +7,12 @@
 
 #include "attack.h"
 
+extern char *attack_pattern[];
+
 int
 isattack(char *constat)
 {
-	char *attack[] = {
-		"Invalid user",
-		"Failed password for",
-		"Disconnected from authenticating user",
-		NULL,
-	};
-
-	for (char **p = attack; *p; ++p)
+	for (char **p = attack_pattern; *p; ++p)
 		if (strstr(constat, *p))
 			return 1;
 
diff --git a/config.h b/config.h
@@ -2,3 +2,10 @@ char *sshlog = "/var/log/authlog";
 char *black_list = "/etc/gods/blacklist";
 char *white_list = "/etc/gods/whitelist";
 int immune_try = 2;
+int max_try = 9;
+char *attack_pattern[] = {
+	"Invalid user",
+	"Failed password for",
+	"Disconnected from authenticating user",
+	NULL,
+};
diff --git a/main.c b/main.c
@@ -40,7 +40,7 @@ ban(struct attacker *a)
 	a->nban++;
 	if (a->nban >= 0
 	&& fw_block(a->ip)
-	&& a->nban > 8)
+	&& a->nban > max_try)
 		blacklist(a);
 }