Re: Blacklistd Issues - Problem Identified

From: Doug Hardie <bc979_at_lafn.org>
Date: Wed, 19 Apr 2023 05:47:01 UTC
> On Apr 18, 2023, at 03:08, Michael Grimm <trashcan@ellael.org> wrote:
> 
> Doug Hardie <bc979@lafn.org> wrote:
>>> On Apr 17, 2023, at 16:42, Doug Hardie <bc979@lafn.org> wrote:
>>> 
>>> After digging through the code for blacklistd I find that postfix and my web server call blacklistd with a type of 1 (BL_ADD) and sure enough, blacklistd calls the helper to add the pf rule.  However. sshd calls with type 4 (BL_BADUSER) and there is a note in the handling of that type that says "Ignore for now".  And that it does, i.e., nothing.  So the problem is in sshd using a type that is not implemented, or in backlistd which does not implement the BADUSER type.  I wonder if Release 13.2 will fix either of those.
>>> 
>> 
>> Basically the BADUSER call from sshd is moved to the ADD function.  So instead of what was supposed to be an immediate shutdown on one bad authentication regardless of the conf settings, it now follows the config settings rule.  I am not convinced that sshd should use the BADUSER call.  It causes a single typo to lock you out.  It seems to me that it should use the ADD function so the admin gets to chose the proper number of bad authentications before lockout.
>> 
>> I'd submit a PR on this, but all the PRs I have submitted have been left to wither on the vine.
>> 
>> -- Doug
> 
> Please do so. This has been discussed before [1], and I will definitely support your patch or a solution that makes BADUSER configurable.
> 
> I am currently testing your patch.
> 
> [1] https://lists.freebsd.org/archives/freebsd-questions/2023-March/003056.html

I submitted a PR.  It is  270928 

-- Doug