Menu
▾
▴
[SSHGuard-users] New 'sqlite' branch with persistent blocks
|
From: Kevin Z. <kev...@gm...> - 2018-08-08 05:19:59
|
Hi there, SSHGuard keeps an internal list in memory of recent attackers that is lost when sshg-blocker restarts. One workaround is to enable blacklisting and write frequent attackers to a permanent block file. The new 'sqlite' branch on Bitbucket attempts to address this issue by moving the in-memory list into an on-disk SQLite database. This new branch depends on SQLite 3. In this *experimental* branch, the '-b' flag has changed: When '-b' is not specified, SSHGuard uses an in-memory database. If there are no bugs, behavior should be no different than it is now. When '-b' is specified with the argument THRESH:PATH (e.g. 120:/var/run/sshguard.db, just like now), the database is instead written to PATH and will preserve attacks across restarts. The THRESH specifies a blacklisting threshold, where an attacker who exceeds the threshold will be blocked for 30 days. WARNINGS: The new database format is not compatible with the old blacklist format. For now, point this to a new or non-existent file. When this is no longer experimental, a converter script may be added. Attacks are NOT deleted from the database AT ALL. This means the more attacks SSHGuard sees, the bigger the database will grow. Some queries have not been optimized and will slow down linearly with the size of the database. Pruning old attacks will be written soon. To use it: https://bitbucket.org/sshguard/sshguard/branch/sqlite Checkout by cloning the repository, then: $ git checkout sqlite Comments, and some initial feedback from those who are brave enough to test this, are welcome! -- Kevin Zheng kev...@gm... | ke...@be... | PGP: 0xC22E1090 |
