block time increases by a factor of 2 instead of 1.5
Issue #185
closed
The sshguard(8) manual states, “Subsequent blocks increase in duration by a factor of 1.5.” However, both the log messages and the source code suggest that the actual increase is by a factor of 2.
Could this be clarified or corrected to accurately reflect the behavior of sshguard?
Documentation:
- https://bitbucket.org/sshguard/sshguard/annotate/master/doc/sshguard.8.rst?at=master#sshguard.8.rst-70:72
- https://bitbucket.org/sshguard/sshguard/src/58faf8d0341def36488b3b72877fba61301b0524/examples/sshguard.conf.sample#lines-26
Log messages:
sshguard[2831837]: Attack from "XXX.XXX.XXX.XXX" on service 100 with danger 10.
sshguard[2831837]: Attack from "XXX.XXX.XXX.XXX" on service 100 with danger 10.
sshguard[2831837]: Attack from "XXX.XXX.XXX.XXX" on service 110 with danger 10.
sshguard[2831837]: Blocking "XXX.XXX.XXX.XXX/32" for 300 secs (3 attacks in 1 secs, after 1 abuses over 1 secs.)
sshguard[2831837]: Attack from "XXX.XXX.XXX.XXX" on service 100 with danger 10.
sshguard[2831837]: Attack from "XXX.XXX.XXX.XXX" on service 100 with danger 10.
sshguard[2831837]: Attack from "XXX.XXX.XXX.XXX" on service 110 with danger 10.
sshguard[2831837]: Blocking "XXX.XXX.XXX.XXX/32" for 600 secs (3 attacks in 1 secs, after 2 abuses over 501 secs.)
Source code:
Comments (4)
-
-
Committed as 16b9b2d, thanks!
-
- changed status to closed
-
reporter
Thank you for the quick fix!
I noticed that the comment regarding BLOCK_TIME in
examples/sshguard.conf.samplestill mentions an increase factor of 1.5. Could this be also updated to reflect the correct increase factor? - Log in to comment
Hi there,
Thanks for writing in with this observation. Indeed, the manual pages need to be updated to reflect 2 as the correct factor.
Thanks,
Kevin