defender: minor docs improvements

common/defender.go

@@ -58,9 +58,9 @@ type DefenderConfig struct {
 	// soft and hard limit
 	EntriesSoftLimit int `json:"entries_soft_limit" mapstructure:"entries_soft_limit"`
 	EntriesHardLimit int `json:"entries_hard_limit" mapstructure:"entries_hard_limit"`
-	// Path to a file with a list of ip addresses and/or networks to never ban
+	// Path to a file containing a list of ip addresses and/or networks to never ban
 	SafeListFile string `json:"safelist_file" mapstructure:"safelist_file"`
-	// Path to a file with a list of ip addresses and/or networks to always ban
+	// Path to a file containing a list of ip addresses and/or networks to always ban
 	BlockListFile string `json:"blocklist_file" mapstructure:"blocklist_file"`
 }
 

docs/defender.md

@@ -6,22 +6,22 @@ If enabled it will protect SFTP, FTP and WebDAV services and it will automatical
 
 You can configure a score for each event type:
 
-- `score_valid` defines the score for valid login attempts, eg. user accounts that exist. Default `1`.
-- `score_invalid` defines the score for invalid login attempts, eg. non-existent user accounts or client disconnected for inactivity without authentication attempts. Default `2`.
+- `score_valid`, defines the score for valid login attempts, eg. user accounts that exist. Default `1`.
+- `score_invalid`, defines the score for invalid login attempts, eg. non-existent user accounts or client disconnected for inactivity without authentication attempts. Default `2`.
 
 And then you can configure:
 
-- `observation_time` defines the time window, in minutes, for tracking client errors.
-- `threshold` defines the threshold value before banning a host.
-- `ban_time` defines the time to ban a client, as minutes
+- `observation_time`, defines the time window, in minutes, for tracking client errors.
+- `threshold`, defines the threshold value before banning a host.
+- `ban_time`, defines the time to ban a client, as minutes
 
 So a host is banned, for `ban_time` minutes, if it has exceeded the defined threshold during the last observation time minutes.
 
 A banned IP has no score, it makes no sense to accumulate host events in memory for an already banned IP address.
 
-If an already banned client tries to log in again its ban time will be incremented based on the `ban_time_increment` configuration.
+If an already banned client tries to log in again, its ban time will be incremented according the `ban_time_increment` configuration.
 
-The `ban_time_increment` is calculated as percentage of `ban_time`, so if `ban_time` is 30 minutes and `ban_time_increment` is 50 the host will be banned for additionally 15 minutes. You can specify values greater than 100 for `ban_time_increment`.
+The `ban_time_increment` is calculated as percentage of `ban_time`, so if `ban_time` is 30 minutes and `ban_time_increment` is 50 the host will be banned for additionally 15 minutes. You can also specify values greater than 100 for `ban_time_increment` if you want to increase the penalty for already banned hosts.
 
 The `defender` will keep in memory both the host scores and the banned hosts, you can limit the memory usage using the `entries_soft_limit` and `entries_hard_limit` configuration keys.
 
@@ -31,12 +31,12 @@ The REST API allows:
 - to retrieve the ban time for an IP address
 - to unban an IP address
 
-We don't return the whole list of the banned IP addresses or all the stored scores because we store them as hash map and iterating over all the keys for an hash map is slow and will slow down new events registration.
+We don't return the whole list of the banned IP addresses or all stored scores because we store them as a hash map and iterating over all the keys of a hash map is not a fast operation and will slow down the recordings of new events.
 
 The `defender` can also load a permanent block list and/or a safe list of ip addresses/networks from a file:
 
-- `safelist_file`, string. Path to a file with a list of ip addresses and/or networks to never ban.
-- `blocklist_file`, string. Path to a file with a list of ip addresses and/or networks to always ban.
+- `safelist_file`, defines the path to a file containing a list of ip addresses and/or networks to never ban.
+- `blocklist_file`, defines the path to a file containing a list of ip addresses and/or networks to always ban.
 
 These list must be stored as JSON with the following schema:
 
@@ -52,7 +52,7 @@ Here is a small example:
         "2001:db8::68"
     ],
     "networks":[
-        "192.0.2.1/24",
+        "192.0.2.0/24",
         "2001:db8:1234::/48"
     ]
 }

docs/full-configuration.md

@@ -74,8 +74,8 @@ The configuration file contains the following sections:
     - `observation_time`, integer. Defines the time window, in minutes, for tracking client errors. A host is banned if it has exceeded the defined threshold during the last observation time minutes.
     - `entries_soft_limit`, integer.
     - `entries_hard_limit`, integer. The number of banned IPs and host scores kept in memory will vary between the soft and hard limit.
-    - `safelist_file`, string. Path to a file with a list of ip addresses and/or networks to never ban.
-    - `blocklist_file`, string. Path to a file with a list of ip addresses and/or networks to always ban.
+    - `safelist_file`, string. Path to a file containing a list of ip addresses and/or networks to never ban.
+    - `blocklist_file`, string. Path to a file containing a list of ip addresses and/or networks to always ban.
 - **"sftpd"**, the configuration for the SFTP server
   - `bindings`, list of structs. Each struct has the following fields:
     - `port`, integer. The port used for serving SFTP requests. 0 means disabled. Default: 2022

sftpgo.json

@@ -54,8 +54,8 @@
   "ftpd": {
     "bindings": [
       {
-        "address": "",
         "port": 0,
+        "address": "",
         "apply_proxy_config": true,
         "tls_mode": 0,
         "force_passive_ip": "",
@@ -80,8 +80,8 @@
   "webdavd": {
     "bindings": [
       {
-        "address": "",
         "port": 0,
+        "address": "",
         "enable_https": false,
         "client_auth_type": 0
       }