Menu
▾
▴
[SSHGuard-users] Stale threshold (detection time ?) after one temporary block
|
From: kaycee gb <kis...@ho...> - 2021-05-25 14:56:42
|
Hello, I read for detection_time: ># Remember potential attackers for up to DETECTION_TIME seconds before ># resetting their score. (optional, default 1800) I have a detection time set let say to 6 hours. I can see in logs that an attacker is still tracked after a longer period (after 2, 3, 4 days ... ). Looking again in code, I see that after stale_threshold "attackers" are purged from "limbo" list. But when they had been temporary blocked, they are no longer in this list but in "offenders". I do see nowhere that attackers are purged from "offenders" list. How is SSHGuard supposed to work in this case ? Thanks, K. |
