Menu
▾
▴
Re: [SSHGuard-users] Increasing danger level?
|
From: Christopher E. <ce...@lc...> - 2019-10-26 10:51:24
|
On 26.10.19 10:43, @lbutlr wrote: > Is it possible for me to increase the danger level for certain users? To my knowledge, sshguard currently does not match usernames in the attack signatures, only hosts/ips. It's easy to add a fixed, escalated seriousness for a fixed (list of) username(s) (In fact, someone did some work on this a while ago [1]). Since that's neither dynamic not user-configurable, it's not really ideal as a general solution: - it could only be justified for root - even then, would mean that people who do allow root logins would see themselves rapidly blocked after mistyping a password ... However, if you're OK with building sshguard yourself, it's not too difficult to add these additional rules to your local version. Have a look at attack_(parser.y|scanner.l) in the linked PR as a guide to the necessary changes. Christopher [1] https://bitbucket.org/robohack/sshguard/commits/43c8542552e8f5a3413d5c5984555bea4d77bb7e?at=master |
