Started to remove other OSes except OpenBSD and the Auth Log stuff.

README.md

@@ -1,5 +1,5 @@
 # Updates
-- 7th July 2025: Added a count for the number of table entries - pf sets a maximum and it would be handy to know if I'm bumping along that number.
+- 7th July 2025: Added a count for the number of table entries - pf sets a maximum and it would be handy to know if I'm bumping along that number. Starting removing the SSH Brute force code - SSHGuard is in OpenBSD packages and already blocks SSH bruteforcers but can be configured for other services.
 - 1st July 2025: Renamed "HAIL_MARY" to "CLOUD_BRUTEFORCE_MITIGATION". Read [Catechism of the Catholic Church](https://www.vatican.va/archive/ENG0015/_INDEX.HTM) before complaining.
 - 19th June 2025: Updated the _AGENT to the latest Windows Firefox as some sites were rejecting download attempts based on an outdated user agent.
 
@@ -40,8 +40,6 @@ permit root
 permit nopass _pfbadhost cmd /sbin/pfctl args -nf /etc/pf.conf
 permit nopass _pfbadhost cmd /sbin/pfctl args -t pfbadhost -T replace -f /etc/pf-badhost.txt
 permit nopass _pfbadhost cmd /sbin/pfctl args -t pfbadhost -T show | wc -l
-# Optional rule for authlog scanning
-permit nopass _pfbadhost cmd /usr/bin/zcat args -f /var/log/authlog /var/log/authlog.0.gz
 ...
 ```
 

pf-badhost.sh

@@ -87,17 +87,6 @@ _BOGON_4=0
 # Enable IPv6 Bogon Filter (Blocks unassigned/reserved/martian addresses)
 _BOGON_6=0
 
-###################################################################
-# Cloud Bruteforcer Mitigation (SSH authlog analysis)
-# Searches SSH authlog for bruteforcers
-#
-# Set to '1' to enable
-  _CLOUD_BRUTEFORCE_MITIGATION=0
-#
-# Set failed log-in limit for bans
-  _LOGIN_LIMIT=25
-###################################################################
-
 ###################################################################
 # Country GeoIP Blacklist
 # Enter any ISO-3166 Country Codes you want to block (1 per line)
@@ -434,31 +423,6 @@ mysort() {
 	fi
 }
 
-# ------------------------------------------------------------------------------
-# Authlog Analysis Functions
-# ------------------------------------------------------------------------------
-
-# CLOUD_BRUTEFORCE_MITIGATION preproccessor
-AUTHLOG_PROC() {
-	myawk -- '{if ($6 !~ "Disconnected|Accepted" && $7 !~ "disconnect") printf("%s\n%s\n%s\n%s\n%s\n%s\n", $9, $10, $11, $12, $13, $14)}'
-}
-
-CLOUD_BRUTEFORCE_MITIGATION_MITIGATE() {
-	# Check OSTYPE
-	if [ "${_OS_TYPE}" != 'macos' ]; then
-		# IPv4 Authlog List Gen
-		if [ "${_IPV4}" -eq 1 ]; then
-			"${getroot}" -- "${authlog_unzip}" -f "${authlog_path1}" "${authlog_path2}" | AUTHLOG_PROC | PARSE_V4 | WHITELIST_FILTER | myawk -- '{ a[$0]++ }END{ for(i in a) print a[i],i }' | myawk -v LOGIN_LIMIT="${_LOGIN_LIMIT}" -- '$1>LOGIN_LIMIT {print $2}' | mysort -uV
-		fi
-		# IPv6 Authlog List Gen
-		if [ "${_IPV6}" -eq 1 ]; then
-			"${getroot}" -- "${authlog_unzip}" -f "${authlog_path1}" "${authlog_path2}" | AUTHLOG_PROC | PARSE_V6 | WHITELIST_FILTER | myawk '{ a[$0]++ }END{ for(i in a) print a[i],i }' | myawk -v LOGIN_LIMIT="${_LOGIN_LIMIT}" -- '$1>LOGIN_LIMIT {print $2}' | mysort -uV
-		fi
-	else
-		echo 'MacOS does not support authlog analysis :(' 1>&2
-	fi > "${authlog}"
-}
-
 # ------------------------------------------------------------------------------
 # Geoblock Functions
 # ------------------------------------------------------------------------------
@@ -642,11 +606,7 @@ PRINT_LIST() {
 		printf '\n# User Defined Rules:\n\n'
 		cat -- < "${user_rules}"
 	fi
-	# Authlog Analysis
+
-	if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then
-		printf '\n# Rules Generated from %s:\n\n' "$authlog_path1"
-		cat -- < "${authlog}"
-	fi
 	# Tor Filtering
 	if [ -s "${tor_whitelist}" ]; then
 		printf '\n# Tor Whitelist:\n\n'
@@ -766,14 +726,7 @@ LOGGER() {
 
 PRINT_STATS() {
 	# Print number of addresses in table (expand CIDR ranges)
-	typeset authlog_num v4_num v4_total v6_num v6_total
+	typeset v4_num v4_total v6_num v6_total
-	authlog_num="$(wc -l -- < "${authlog}" | tr -cd '[:digit:]')"
-
-	if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then
-		printf '\nBruteforcers found in "%s":  %s\n' "${authlog_path1}" "${authlog_num}"
-	else
-		printf '\n'
-	fi
 
 	if [ "${_IPV4}" -eq 1 ]; then
 		v4_num="$(mygrep -cv -- "/[[:digit:]]{1,2}$" < "${v4list}")"
@@ -985,9 +938,7 @@ PRE_EXEC_TESTS() {
 	if [ "${_NO_UID_CHECK}" -ne 1 ]; then
 		CHECK_PRIVILEGE
 	fi
-	if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then
+
-		CHECK_CMD "${authlog_unzip}" > /dev/null
-	fi
 	if [ "${_PRINT_ONLY}" -ne 1 ]; then
 		pfctl="$(CHECK_CMD pfctl)"
 		CHECK_DRIVE
@@ -1006,7 +957,6 @@ VAR_SANITY_CHECK() {
 	IS_INT "${_BOGON_6}" || ERR 'User defined variable "$_BOGON_6" contains a non-integer value - Unable to proceed!'
 	IS_INT "${_CHECK_ONLY}" || ERR 'User defined variable "$_CHECK_ONLY" contains a non-integer value - Unable to proceed!'
 	IS_INT "${_GEOBLOCK}" || ERR 'User defined variable "$_GEOBLOCK" contains a non-integer value - Unable to proceed!'
-	IS_INT "${_CLOUD_BRUTEFORCE_MITIGATION}" || 'User defined variable "$_CLOUD_BRUTEFORCE_MITIGATION" contains a non-integer value - Unable to proceed!'
 	IS_INT "${_IPV4}" || 'User defined variable "$_IPV4" contains a non-integer value - Unable to proceed!'
 	IS_INT "${_IPV6}" || ERR 'User defined variable "$_IPV6" contains a non-integer value - Unable to proceed!'
 	IS_INT "${_LOG}" || ERR 'User defined variable "$_LOG" contains a non-integer value - Unable to proceed!'
@@ -1218,7 +1168,6 @@ main() {
 	    E)  authlog_unzip="${OPTARG}" ;;  # set tool to unzip authlog
 	    F)  netget="${OPTARG}" ;;  # set curl/fetch/ftp/wget preference
 	    G)  _GEOBLOCK=1 ;;  # Enable Geoblocking
-	    H)  _CLOUD_BRUTEFORCE_MITIGATION=1 ; _LOGIN_LIMIT="${OPTARG}" ;;  # Enable SSH authlog analysis
 	    J)  authlog_path1="${OPTARG}" ;;
 	    K)  authlog_path2="${OPTARG}" ;;
 	    O)  typeset -l -r _OS_TYPE="${OPTARG}" ;;
@@ -1322,7 +1271,7 @@ main() {
 
 	# Mark user-defined booleans as read-only
 	readonly _AGENT _LOG _STRICT _IPV4 _IPV6 _AGGREGATE    \
-		 _GEOBLOCK _BOGON_4 _BOGON_6 _CLOUD_BRUTEFORCE_MITIGATION        \
+		 _GEOBLOCK _BOGON_4 _BOGON_6        \
 		 _TOR_WHITELIST _TOR_BLOCK_ALL _TOR_BLOCK_EXIT \
 		 _RFC3330 _RFC5156 _WHITELIST
 
@@ -1362,18 +1311,6 @@ main() {
 	openbsd)
 	  test -n "${getroot}" || getroot="$(CHECK_CMD doas)"
 	  test -n "${netget}" || netget='ftp'
-	  test -n "${authlog_path1}" || authlog_path1='/var/log/authlog'
-	  test -n "${authlog_path2}" || authlog_path2='/var/log/authlog.0.gz'
-	  test -n "${authlog_unzip}" || authlog_unzip="$(CHECK_CMD zcat)"
-	  ;;
-	custom)
-	  test -n "${getroot}" || ERR "Custom OS type specified - please set doas/sudo preference with '-Z' option"
-	  test -n "${netget}" || ERR "Custom OS type specified - please set curl/fetch/ftp/wget preference with '-F' option"
-	  if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then
-		test -n "${authlog_path1}" || ERR "Custom OS type specified - please specifiy path to SSH authlog with '-J' option"
-		test -n "${authlog_path2}" || ERR "Custom OS type specified - please specifiy path to secondary SSH authlog with '-K' option"
-		test -n "${authlog_unzip}" || ERR "Custom OS type specified - please specifiy zcat/bzcat for SSH authlog analysis with '-E' option"
-	  fi
 	  ;;
 	*)
 	  printf '\n\nUnknown Operating System Specified. Available Options Are:\n * -OpenBSD\n * -FreeBSD\n * -NetBSD\n * -DragonflyBSD\n * -MacOS\n\nQuitting Without Making Changes...\n\n'
@@ -1382,7 +1319,7 @@ main() {
 	esac
 
 	# Mark operating system specific variables as read-only
-	readonly getroot netget authlog_path1 authlog_path2 authlog_unzip
+	readonly getroot netget
 
 	# Config test / dry run
 	if [ "${_CHECK_ONLY}" -eq 1 ]; then
@@ -1537,11 +1474,6 @@ main() {
 		printf '%s\n' "${_i}"
 	done > "${user_rules}"
 
-	# CLOUD_BRUTEFORCE_MITIGATION
-	if [ "${_CLOUD_BRUTEFORCE_MITIGATION}" -eq 1 ]; then
-		 CLOUD_BRUTEFORCE_MITIGATION
-	fi
-
 	# Generate lists to load into PF
 	LIST_GEN