From nobody Wed Apr 19 05:47:01 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q1VDQ1yvNz451cF for ; Wed, 19 Apr 2023 05:47:18 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from mail.sermon-archive.info (sermon-archive.info [47.181.130.121]) by mx1.freebsd.org (Postfix) with ESMTP id 4Q1VDP6XxBz49gl for ; Wed, 19 Apr 2023 05:47:17 +0000 (UTC) (envelope-from bc979@lafn.org) Authentication-Results: mx1.freebsd.org; none Received: from smtpclient.apple (mini [10.0.1.251]) by mail.sermon-archive.info (Postfix) with ESMTPSA id 4Q1VDH4lVwz2gDp4; Tue, 18 Apr 2023 22:47:11 -0700 (PDT) From: Doug Hardie Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\)) Subject: Re: Blacklistd Issues - Problem Identified Date: Tue, 18 Apr 2023 22:47:01 -0700 References: <8B1C1DCE-75CA-4CE9-A589-329519FB792E@sermon-archive.info> <4E4A4B99-D8DF-4C5C-9700-C56F354A9991@sermon-archive.info> <24171551-4181-49C8-B1DE-2C3D9A00DC4C@sermon-archive.info> <6BD45EAE-D626-4B16-8C24-197FFE34E601@ellael.org> To: Michael Grimm , questions@freebsd.org In-Reply-To: <6BD45EAE-D626-4B16-8C24-197FFE34E601@ellael.org> Message-Id: <73E5F450-0347-45A0-A2F8-DB3367CE9DCA@sermon-archive.info> X-Mailer: Apple Mail (2.3731.500.231) X-Virus-Scanned: clamav-milter 1.0.1 at mail X-Virus-Status: Clean X-Rspamd-Queue-Id: 4Q1VDP6XxBz49gl X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:5650, ipnet:47.181.128.0/18, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N > On Apr 18, 2023, at 03:08, Michael Grimm wrote: >=20 > Doug Hardie wrote: >>> On Apr 17, 2023, at 16:42, Doug Hardie wrote: >>>=20 >>> After digging through the code for blacklistd I find that postfix = and my web server call blacklistd with a type of 1 (BL_ADD) and sure = enough, blacklistd calls the helper to add the pf rule. However. sshd = calls with type 4 (BL_BADUSER) and there is a note in the handling of = that type that says "Ignore for now". And that it does, i.e., nothing. = So the problem is in sshd using a type that is not implemented, or in = backlistd which does not implement the BADUSER type. I wonder if = Release 13.2 will fix either of those. >>>=20 >>=20 >> Basically the BADUSER call from sshd is moved to the ADD function. = So instead of what was supposed to be an immediate shutdown on one bad = authentication regardless of the conf settings, it now follows the = config settings rule. I am not convinced that sshd should use the = BADUSER call. It causes a single typo to lock you out. It seems to me = that it should use the ADD function so the admin gets to chose the = proper number of bad authentications before lockout. >>=20 >> I'd submit a PR on this, but all the PRs I have submitted have been = left to wither on the vine. >>=20 >> -- Doug >=20 > Please do so. This has been discussed before [1], and I will = definitely support your patch or a solution that makes BADUSER = configurable. >=20 > I am currently testing your patch. >=20 > [1] = https://lists.freebsd.org/archives/freebsd-questions/2023-March/003056.htm= l I submitted a PR. It is 270928=20 -- Doug