Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

defender: implement logging of events and bans (#1495)

Browse Source 
defender: implement logging of events and bans

Signed-off-by: Anthrazz <25553648+Anthrazz@users.noreply.github.com>
This commit is contained in:
Anthrazz
2024-01-10 20:12:57 +01:00
committed by GitHub
parent 9cde0909b0
commit c21b434c4e
3 changed files with 41 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
internal/common/defender.go
View File

@@ -19,17 +19,18 @@ import (
"time" "time"
"github.com/drakkan/sftpgo/v2/internal/dataprovider" "github.com/drakkan/sftpgo/v2/internal/dataprovider"
"github.com/drakkan/sftpgo/v2/internal/logger"
) )
// HostEvent is the enumerable for the supported host events // HostEvent is the enumerable for the supported host events
type HostEvent int type HostEvent string
// Supported host events // Supported host events
const ( const (
HostEventLoginFailed HostEvent = iota HostEventLoginFailed HostEvent = "LoginFailed"
HostEventUserNotFound HostEventUserNotFound = "UserNotFound"
HostEventNoLoginTried HostEventNoLoginTried = "NoLoginTried"
HostEventLimitExceeded HostEventLimitExceeded = "LimitExceeded"
) )
// Supported defender drivers // Supported defender drivers
@@ -132,6 +133,36 @@ func (d *baseDefender) getScore(event HostEvent) int {
return score return score
} }
// logEvent do log an defender event which modifies the score of an host
func (d *baseDefender) logEvent(ip, protocol string, event HostEvent, totalScore int) {
// ignore events which do not change the host score
eventScore := d.getScore(event)
if eventScore == 0 {
return
}
logger.GetLogger().Debug().
Timestamp().
Str("sender", "defender").
Str("client_ip", ip).
Str("protocol", protocol).
Str("event", string(event)).
Int("increase_score_by", eventScore).
Int("score", totalScore).
Send()
}
// logBan do log a ban of an host due to a too high host score
func (d *baseDefender) logBan(ip, protocol string) {
logger.GetLogger().Info().
Timestamp().
Str("sender", "defender").
Str("client_ip", ip).
Str("protocol", protocol).
Str("event", "banned").
Send()
}
type hostEvent struct { type hostEvent struct {
dateTime time.Time dateTime time.Time
score int score int

2
internal/common/defenderdb.go
View File

@@ -100,7 +100,9 @@ func (d *dbDefender) AddEvent(ip, protocol string, event HostEvent) {
if err != nil { if err != nil {
return return
} }
d.baseDefender.logEvent(ip, protocol, event, host.Score)
if host.Score > d.config.Threshold { if host.Score > d.config.Threshold {
d.baseDefender.logBan(ip, protocol)
banTime := time.Now().Add(time.Duration(d.config.BanTime) * time.Minute) banTime := time.Now().Add(time.Duration(d.config.BanTime) * time.Minute)
err = dataprovider.SetDefenderBanTime(ip, util.GetTimeAsMsSinceEpoch(banTime)) err = dataprovider.SetDefenderBanTime(ip, util.GetTimeAsMsSinceEpoch(banTime))
if err == nil { if err == nil {

3
internal/common/defendermem.go
View File

@@ -206,9 +206,11 @@ func (d *memoryDefender) AddEvent(ip, protocol string, event HostEvent) {
idx++ idx++
} }
} }
d.baseDefender.logEvent(ip, protocol, event, hs.TotalScore)
hs.Events = hs.Events[:idx] hs.Events = hs.Events[:idx]
if hs.TotalScore >= d.config.Threshold { if hs.TotalScore >= d.config.Threshold {
d.baseDefender.logBan(ip, protocol)
d.banned[ip] = time.Now().Add(time.Duration(d.config.BanTime) * time.Minute) d.banned[ip] = time.Now().Add(time.Duration(d.config.BanTime) * time.Minute)
delete(d.hosts, ip) delete(d.hosts, ip)
d.cleanupBanned() d.cleanupBanned()
@@ -222,6 +224,7 @@ func (d *memoryDefender) AddEvent(ip, protocol string, event HostEvent) {
d.hosts[ip] = hs d.hosts[ip] = hs
} }
} else { } else {
d.baseDefender.logEvent(ip, protocol, event, ev.score)
d.hosts[ip] = hostScore{ d.hosts[ip] = hostScore{
TotalScore: ev.score, TotalScore: ev.score,
Events: []hostEvent{ev}, Events: []hostEvent{ev},