Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlivier Mehani <shtrom@ssji.net>2016-08-17 21:38:38 +1000
committerOlivier Mehani <shtrom@ssji.net>2016-08-17 21:38:38 +1000
commit0c0bb81b44be810759a95eb08cae5397422e6ebf (patch)
tree84daa39017dae9a48ff9dce22543637b1274b705 /openbsd
parent0d4a749c73fb0bade6e7005e346461da8f466e94 (diff)
[denyhost] Configurable expiry actually set to a week
Signed-off-by: Olivier Mehani <shtrom@ssji.net>
Diffstat (limited to 'openbsd')
-rwxr-xr-xopenbsd/denyhost.sh3
1 files changed, 2 insertions, 1 deletions
diff --git a/openbsd/denyhost.sh b/openbsd/denyhost.sh
index 0ad126b..15f4e31 100755
--- a/openbsd/denyhost.sh
+++ b/openbsd/denyhost.sh
@@ -23,6 +23,7 @@ HTTP_PATTERN="etc.passwd"
SSH_LOG=/var/log/authlog
SSH_PATTERN=".*\(Invalid user\|Failed password\).*from \([0-9a-fA-F.:]\+\).*"
AUTHTRIES=3 # single digit
+EXPIRY=604800 # s; 1w
BLOCKERS_FILE=/etc/blockers.list
TMP_DIR=/tmp
@@ -158,7 +159,7 @@ for IP in `cat $NEW_BLOCKERS_FILE`; do
done
# Flush entries older than a week
-pfctl -t kiddies -T expire 25200 1>/dev/null 2>&1
+pfctl -t kiddies -T expire $EXPIRY 1>/dev/null 2>&1
# Add new entries
pfctl -t kiddies -Tadd -f ${NEW_BLOCKERS_FILE} 1>/dev/null 2>&1