From 5522c8b300cb386b995bf52dbeaf616e00a6bf04 Mon Sep 17 00:00:00 2001 From: Jez Caudle Date: Tue, 1 Jul 2025 13:38:58 +0000 Subject: [PATCH] Removed all references to Hail Mary. Started removing compatability with everything not OpenBSD. --- README.md | 1 + pf-badhost.sh | 30 +++++++++++++++--------------- 2 files changed, 16 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 14115fb..33ec0a6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,5 @@ # Updates +- 1st July 2025: Renamed "HAIL_MARY" to "CLOUD_BRUTEFORCE_MITIGATION". Read [Catechism of the Catholic Church](https://www.vatican.va/archive/ENG0015/_INDEX.HTM) before complaining. - 19th June 2025: Updated the _AGENT to the latest Windows Firefox as some sites were rejecting download attempts based on an outdated user agent. # Fresh Installation Guide diff --git a/pf-badhost.sh b/pf-badhost.sh index f21e12b..134ad8e 100644 --- a/pf-badhost.sh +++ b/pf-badhost.sh @@ -29,7 +29,7 @@ # IPv6, Authlog Analysis, GeoIP/Country Blacklisting, Bogon Filtering, # Tor filtering as well as configure custom rules and blocklists -# IPv6 Notes: +# IPv6 Notes: THIS IS NOT TESTED IN THIS FORK AS I DON'T HAVE ACCESS TO IPv6 # pf-badhost requires IPv6 lists to be preformatted to be RFC-5952 compliant. # Example preprocessors have been written for the default list providers included in this script. # If adding your own IPv6 lists, the addresses must be RFC 5952 compliant and @@ -88,11 +88,11 @@ _BOGON_4=0 _BOGON_6=0 ################################################################### -# Hail Mary Cloud Bruteforcer Mitigation (SSH authlog analysis) +# Cloud Bruteforcer Mitigation (SSH authlog analysis) # Searches SSH authlog for bruteforcers # # Set to '1' to enable - _HAIL_MARY=0 + _CLOUD_BRUTEFORCE_MITIGATION=0 # # Set failed log-in limit for bans _LOGIN_LIMIT=25 @@ -437,12 +437,12 @@ mysort() { # Authlog Analysis Functions # ------------------------------------------------------------------------------ -# Hail Mary Mitigation preproccessor +# CLOUD_BRUTEFORCE_MITIGATION preproccessor AUTHLOG_PROC() { myawk -- '{if ($6 !~ "Disconnected|Accepted" && $7 !~ "disconnect") printf("%s\n%s\n%s\n%s\n%s\n%s\n", $9, $10, $11, $12, $13, $14)}' } -HAIL_MARY_MITIGATE() { +CLOUD_BRUTEFORCE_MITIGATION_MITIGATE() { # Check OSTYPE if [ "${_OS_TYPE}" != 'macos' ]; then # IPv4 Authlog List Gen @@ -642,7 +642,7 @@ PRINT_LIST() { cat -- < "${user_rules}" fi # Authlog Analysis - if [ "${_HAIL_MARY}" -eq 1 ]; then + if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then printf '\n# Rules Generated from %s:\n\n' "$authlog_path1" cat -- < "${authlog}" fi @@ -763,7 +763,7 @@ PRINT_STATS() { typeset authlog_num v4_num v4_total v6_num v6_total authlog_num="$(wc -l -- < "${authlog}" | tr -cd '[:digit:]')" - if [ "${_HAIL_MARY}" -eq 1 ]; then + if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then printf '\nBruteforcers found in "%s": %s\n' "${authlog_path1}" "${authlog_num}" else printf '\n' @@ -977,7 +977,7 @@ PRE_EXEC_TESTS() { if [ "${_NO_UID_CHECK}" -ne 1 ]; then CHECK_PRIVILEGE fi - if [ "${_HAIL_MARY}" -eq 1 ]; then + if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then CHECK_CMD "${authlog_unzip}" > /dev/null fi if [ "${_PRINT_ONLY}" -ne 1 ]; then @@ -998,7 +998,7 @@ VAR_SANITY_CHECK() { IS_INT "${_BOGON_6}" || ERR 'User defined variable "$_BOGON_6" contains a non-integer value - Unable to proceed!' IS_INT "${_CHECK_ONLY}" || ERR 'User defined variable "$_CHECK_ONLY" contains a non-integer value - Unable to proceed!' IS_INT "${_GEOBLOCK}" || ERR 'User defined variable "$_GEOBLOCK" contains a non-integer value - Unable to proceed!' - IS_INT "${_HAIL_MARY}" || 'User defined variable "$_HAIL_MARY" contains a non-integer value - Unable to proceed!' + IS_INT "${_CLOUD_BRUTEFORCE_MITIGATION}" || 'User defined variable "$_CLOUD_BRUTEFORCE_MITIGATION" contains a non-integer value - Unable to proceed!' IS_INT "${_IPV4}" || 'User defined variable "$_IPV4" contains a non-integer value - Unable to proceed!' IS_INT "${_IPV6}" || ERR 'User defined variable "$_IPV6" contains a non-integer value - Unable to proceed!' IS_INT "${_LOG}" || ERR 'User defined variable "$_LOG" contains a non-integer value - Unable to proceed!' @@ -1210,7 +1210,7 @@ main() { E) authlog_unzip="${OPTARG}" ;; # set tool to unzip authlog F) netget="${OPTARG}" ;; # set curl/fetch/ftp/wget preference G) _GEOBLOCK=1 ;; # Enable Geoblocking - H) _HAIL_MARY=1 ; _LOGIN_LIMIT="${OPTARG}" ;; # Enable SSH authlog analysis + H) _CLOUD_BRUTEFORCE_MITIGATION=1 ; _LOGIN_LIMIT="${OPTARG}" ;; # Enable SSH authlog analysis J) authlog_path1="${OPTARG}" ;; K) authlog_path2="${OPTARG}" ;; O) typeset -l -r _OS_TYPE="${OPTARG}" ;; @@ -1314,7 +1314,7 @@ main() { # Mark user-defined booleans as read-only readonly _AGENT _LOG _STRICT _IPV4 _IPV6 _AGGREGATE \ - _GEOBLOCK _BOGON_4 _BOGON_6 _HAIL_MARY \ + _GEOBLOCK _BOGON_4 _BOGON_6 _CLOUD_BRUTEFORCE_MITIGATION \ _TOR_WHITELIST _TOR_BLOCK_ALL _TOR_BLOCK_EXIT \ _RFC3330 _RFC5156 _WHITELIST @@ -1361,7 +1361,7 @@ main() { custom) test -n "${getroot}" || ERR "Custom OS type specified - please set doas/sudo preference with '-Z' option" test -n "${netget}" || ERR "Custom OS type specified - please set curl/fetch/ftp/wget preference with '-F' option" - if [ "${_HAIL_MARY}" -eq 1 ]; then + if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then test -n "${authlog_path1}" || ERR "Custom OS type specified - please specifiy path to SSH authlog with '-J' option" test -n "${authlog_path2}" || ERR "Custom OS type specified - please specifiy path to secondary SSH authlog with '-K' option" test -n "${authlog_unzip}" || ERR "Custom OS type specified - please specifiy zcat/bzcat for SSH authlog analysis with '-E' option" @@ -1529,9 +1529,9 @@ main() { printf '%s\n' "${_i}" done > "${user_rules}" - # Hail Mary Mitigation - if [ "${_HAIL_MARY}" -eq 1 ]; then - HAIL_MARY_MITIGATE + # CLOUD_BRUTEFORCE_MITIGATION + if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then + CLOUD_BRUTEFORCE_MITIGATION fi # Generate lists to load into PF