- edited description
Possibile bug for block time (-p flag)
I've recently set up an sshguard instance on a small server. Sshguard version: 1.7.1, arch: aarch64, Odroid C2 running arch linux ARM
I've found out what may be a strange behaviour or perhaps a bug.
Setting an initial block time of 600 seconds (10 minutes) with the "-p 600" flag in the systemd unit file the block time is actually doubled, 1200 seconds.
I could read in the journal:
"Blocking 192.84.139.215 for 1200 secs (2 attacks in 2 secs, after 1 abuses over 2 secs)"
Comments (12)
-
reporter -
- changed version to 1.7
-
There are at least two different things going on here:
- The initial block time is controlled by the
-p
flag.-b
is for blacklisting. - The block time increases by a factor of 1.5x every time an attacker is blocked.
It looks like this is the second time your attacker was blocked ("after 1 abuses over 2 secs"). I wonder what's setting your initial block time?
- The initial block time is controlled by the
-
- changed status to open
-
reporter - changed title to Possibile bug for block time (-p flag)
- edited description
-
reporter Sorry, I've mistaken the two flags. You are right, the flag controlling block time is "-p" and that's the one apparently causing issues. I've edited the initial post accordingly.
Here is the entire systemd unit:
[Unit] Description=Block hacking attempts After=iptables.service ip6tables.service ufw.service shorewall.service shorewall6.service network.target [Service] ExecStart=/usr/lib/systemd/scripts/sshguard-journalctl "-a 20 -p 600 -s 10800 -b 40:/var/db/sshguard/blacklist.db" SYSLOG_FACILITY=4 SYSLOG_FACILITY=10 [Install] WantedBy=multi-user.target
-
I can reproduce this issue on e10c5e5 (most recent master) by running:
sshguard -p 600
. -
- changed status to resolved
Fixed in 045ac5a, thanks!
-
- changed milestone to 2.0
-
assigned issue to
-
reporter Thank you very much!
-
- removed milestone
Removing milestone: 2.0 (automated comment)
-
- removed version
Removing version: 1.7 (automated comment)
- Log in to comment