Miko/endlessh-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
21 Commits 3 Branches 27 Tags
8bf68b33c548f7d2d290fe8de9336560bd524000
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Shizun Ge 8bf68b33c5 add dashboard
2021-10-24 23:05:36 -07:00
dashboard
add dashboard
2021-10-24 23:05:36 -07:00
client.go
Add license
2021-10-24 22:58:51 -07:00
Dockerfile
change main file name to the module name
2021-10-24 19:23:56 -07:00
geoip.go
Add license
2021-10-24 22:58:51 -07:00
go.mod
use counterfunc for total metrics, update metrics names
2021-10-21 01:48:22 -07:00
go.sum
update go.sum
2021-10-24 19:15:25 -07:00
LICENSE
Add license
2021-10-24 22:58:51 -07:00
main.go
Add README. allow to turn of geohash. still use main.go
2021-10-24 22:46:35 -07:00
README.md
Add README. allow to turn of geohash. still use main.go
2021-10-24 22:46:35 -07:00

README.md

endlessh-go

Golang implementation of endlessh.

Purpose

Endlessh is a great idea that not only blocks the brute force SSH attackers, but also wastes their time that I consider as a kind of counter-attack. Besides trapping the attackers, I also want to virtualize the Geolocations and other statistics of the sources of attacks. Unfortunately the wonderful C implementation of endlessh only provides text based log, but I do not like the solution that writing extra scripts to parse the log outputs, then exporting the results to a dashboard, which would introduce extra layers in my current setup and would depend on the format of the text log file rather than some structured data. Thus I create this golang implementation of endlessh to export Prometheus metrics and a Grafana dashboard to virtualize them.

If you do not mind the endlessh server, besides trapping the attackers, does extra things including

  • Translating IP to Geohash
  • Exporting Prometheus metrics
  • Using more memory (about 10MB)

and want a dashboard of sources of attacks, this is the solution for you.

Usage

Usage of ./endlessh-go

  • -alsologtostderr
    • log to standard error as well as files
  • -conn_type string
    • Connection type. Possible values are tcp, tcp4, tcp6 (default "tcp")
  • -enable_prometheus
    • Enable prometheus
  • -geoip_supplier string
    • Supplier to obtain Geohash of IPs. Possible values are "off", "ip-api", "freegeoip" (default "off")
  • -host string
    • Listening address (default "0.0.0.0")
  • -interval_ms int
    • Message millisecond delay (default 1000)
  • -line_length int
    • Maximum banner line length (default 32)
  • -log_backtrace_at value
    • when logging hits line file:N, emit a stack trace
  • -log_dir string
    • If non-empty, write log files in this directory
  • -logtostderr
    • log to standard error instead of files
  • -max_clients int
    • Maximum number of clients (default 4096)
  • -port string
    • Listening port (default "2222")
  • -prometheus_entry string
    • Entry point for prometheus (default "metrics")
  • -prometheus_port string
    • The port for prometheus (default "2112")
  • -stderrthreshold value
    • logs at or above this threshold go to stderr
  • -v value
    • log level for V logs
  • -vmodule value
    • comma-separated list of pattern=N settings for file-filtered logging

Metrics

This golang implementation export the following Prometheus metrics.

Metric Type Description
endlessh_client_open_count_total count Total number of clients that tried to connect to this host.
endlessh_client_closed_count_total count Total number of clients that stopped connecting to this host.
endlessh_sent_bytes_total count Total bytes sent to clients that tried to connect to this host.
endlessh_trapped_time_seconds_total count Total seconds clients spent on endlessh.
endlessh_client_open_count count Number of connections of clients.
endlessh_client_trapped_time_seconds count Seconds a client spends on endlessh.

The metrics is off by default, you can turn it via the CLI argument -enable_prometheus. If you want log like the C implementation, you need to set both -logtostderr and -v=1

The endlessh-go server stores the geohash of attackers as a label on endlessh_client_open_count, which is also off by default. You can turn it on via the CLI argument -geoip_supplier. The endlessh-go uses service from either ip-api or freegeoip, which may enforce a query rate and limit commercial use. Visit their website for their terms and policies.

Reference in New Issue View Git Blame Copy Permalink
Description
A golang implementation of endlessh (SSH tarpit) exporting Prometheus metrics, visualized by a Grafana dashboard.
grafanagrafana-dashboardmonitoringprometheusssh
Readme GPL-3.0 19 MiB
Languages
Go 98.3%
Dockerfile 1.7%