is a log monitor that protects networked hosts from brute force attacks against services, most notably SSH.
| blocker.c (sshguard-2.4.1) | : | blocker.c (sshguard-2.4.2) |
|---|
| | |
| skipping to change at line 81 | | skipping to change at line 81 |
|---|
| static void purge_limbo_stale(void); | | static void purge_limbo_stale(void); |
| | |
| static void init_log(int debug) { | | static void init_log(int debug) { |
| int flags = LOG_NDELAY | LOG_PID; | | int flags = LOG_NDELAY | LOG_PID; |
| int dest = LOG_AUTH; | | int dest = LOG_AUTH; |
| | |
| if (debug) { | | if (debug) { |
| flags |= LOG_PERROR; | | flags |= LOG_PERROR; |
| dest = LOG_LOCAL6; | | dest = LOG_LOCAL6; |
| } else { | | } else { |
|
| setlogmask(LOG_UPTO(LOG_NOTICE)); | | setlogmask(LOG_UPTO(LOG_INFO)); |
| } | | } |
| | |
| // Set local time zone and open log before entering sandbox. | | // Set local time zone and open log before entering sandbox. |
| tzset(); | | tzset(); |
| openlog("sshguard", flags, dest); | | openlog("sshguard", flags, dest); |
| } | | } |
| | |
| int main(int argc, char *argv[]) { | | int main(int argc, char *argv[]) { |
| int sshg_debugging = (getenv("SSHGUARD_DEBUG") != NULL); | | int sshg_debugging = (getenv("SSHGUARD_DEBUG") != NULL); |
| init_log(sshg_debugging); | | init_log(sshg_debugging); |
| | |
| skipping to change at line 164 | | skipping to change at line 164 |
|---|
| void log_block(attacker_t *tmpent, attacker_t *offenderent) { | | void log_block(attacker_t *tmpent, attacker_t *offenderent) { |
| char time_msg[128] = "forever"; | | char time_msg[128] = "forever"; |
| const time_t time = tmpent->pardontime; | | const time_t time = tmpent->pardontime; |
| | |
| unsigned int subnet_size = fw_block_subnet_size(tmpent->attack.address.kind)
; | | unsigned int subnet_size = fw_block_subnet_size(tmpent->attack.address.kind)
; |
| if (time > 0) { | | if (time > 0) { |
| if (snprintf(time_msg, sizeof(time_msg), "for %lld secs", (long long)tim
e) < 0) { | | if (snprintf(time_msg, sizeof(time_msg), "for %lld secs", (long long)tim
e) < 0) { |
| abort(); | | abort(); |
| } | | } |
| } | | } |
|
| sshguard_log(LOG_WARNING, "Blocking \"%s/%u\" %s (%u attacks in %lld " | | sshguard_log(LOG_INFO, "Blocking \"%s/%u\" %s (%u attacks in %lld " |
| "secs, after %d abuses over %lld secs.)", | | "secs, after %d abuses over %lld secs.)", |
| tmpent->attack.address.value, subnet_size, time_msg, tmpent->nu
mhits, | | tmpent->attack.address.value, subnet_size, time_msg, tmpent->nu
mhits, |
| (long long)(tmpent->whenlast - tmpent->whenfirst), | | (long long)(tmpent->whenlast - tmpent->whenfirst), |
| offenderent->numhits, | | offenderent->numhits, |
| (long long)(offenderent->whenlast - offenderent->whenfirst)); | | (long long)(offenderent->whenlast - offenderent->whenfirst)); |
| } | | } |
| | |
| /* | | /* |
| * This function is called every time an attack pattern is matched. | | * This function is called every time an attack pattern is matched. |
| * It does the following: | | * It does the following: |
| | |
| skipping to change at line 192 | | skipping to change at line 192 |
|---|
| attacker_t *offenderent; | | attacker_t *offenderent; |
| | |
| assert(attack.address.value != NULL); | | assert(attack.address.value != NULL); |
| assert(memchr(attack.address.value, '\0', sizeof(attack.address.value)) != N
ULL); | | assert(memchr(attack.address.value, '\0', sizeof(attack.address.value)) != N
ULL); |
| | |
| /* clean list from stale entries */ | | /* clean list from stale entries */ |
| purge_limbo_stale(); | | purge_limbo_stale(); |
| | |
| /* address already blocked? (can happen for 100 reasons) */ | | /* address already blocked? (can happen for 100 reasons) */ |
| if (blocklist_contains(attack)) { | | if (blocklist_contains(attack)) { |
|
| sshguard_log(LOG_INFO, "%s has already been blocked.", | | sshguard_log(LOG_DEBUG, "%s has already been blocked.", |
| attack.address.value); | | attack.address.value); |
| return; | | return; |
| } | | } |
| | |
| if (whitelist_match(attack.address.value, attack.address.kind)) { | | if (whitelist_match(attack.address.value, attack.address.kind)) { |
|
| sshguard_log(LOG_INFO, "%s: not blocking (on whitelist)", | | sshguard_log(LOG_DEBUG, "%s: not blocking (on whitelist)", |
| attack.address.value); | | attack.address.value); |
| return; | | return; |
| } | | } |
| | |
| sshguard_log(LOG_NOTICE, | | sshguard_log(LOG_NOTICE, |
| "Attack from \"%s\" on service %s with danger %u.", | | "Attack from \"%s\" on service %s with danger %u.", |
| attack.address.value, service_to_name(attack.service), | | attack.address.value, service_to_name(attack.service), |
| attack.dangerousness); | | attack.dangerousness); |
| | |
| /* search entry in list */ | | /* search entry in list */ |
| | | |
| End of changes. 4 change blocks. |
|---|
| 4 lines changed or deleted | | 4 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 