Hi, two questions to secure my linux system: 1. Is there a switch where I can disable an account after n failed login attempts? 2. When I login, is there a way to show the number of unsuccessful login attempts? Thanks, Alex.
Hi,
two questions to secure my linux system:
1. Is there a switch where I can disable an account after n failed login attempts?
That's a really good way to get yourself denial of serviced......
2. When I login, is there a way to show the number of unsuccessful login attempts?
You'd have to have a program toss the log files for that day or whatever, add 'em up and print them out.
Thanks, Alex.
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
Quoting Kurt Seifried (listuser@seifried.org) on Thu, Feb 15, 2001 at 06:26:52PM +0100:
Hi,
two questions to secure my linux system:
1. Is there a switch where I can disable an account after n failed login attempts?
That's a really good way to get yourself denial of serviced......
Hmmm, there are systems that have an automatic reenable mechanism with a delay.... Anyone got a pam module for this? afx -- atsec information security GmbH Phone: +49-89-44249830 Steinstrasse 68 Fax: +49-89-44249831 D-81667 Muenchen, Germany WWW: www.atsec.com May the Source be with you!
On Fri, 16 Feb 2001, Andreas Siegert wrote:
1. Is there a switch where I can disable an account after n failed login attempts? Since Linux has a delay after each wrong attempt (3 secs or so) it would take years to crack the box ... (ok you can use concurrent connections, etc., don't know if this works). But you should install logcheck or something anyway ... (and block the attacker with ipchains, hosts.deny, etc.)
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
Hi,
But you should install logcheck or something anyway ... (and block the attacker with ipchains, hosts.deny, etc.)
Blocking the attacker can still give you a DoS: been there, done that, got my liver ripped out and eaten raw by a particularly angry user that couldn't log in anymore :o) Kind regards, Yuri.
Hi how abt blocking the attacker from logging in from the _same_ host/ IP ? Surely that won't affect a proper user ! regards omicron On Fri, 16 Feb 2001, Yuri Robbers wrote:
Hi,
But you should install logcheck or something anyway ... (and block the attacker with ipchains, hosts.deny, etc.)
Blocking the attacker can still give you a DoS: been there, done that, got my liver ripped out and eaten raw by a particularly angry user that couldn't log in anymore :o)
Kind regards, Yuri.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ****** An optimist sees light at the end of every tunnel. A pessimist fears it might be of an incoming train. omicron@omicron.dyndns.org omicron.symonds.net C O G I T O E R G O S U M ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi!
how abt blocking the attacker from logging in from the _same_ host/ IP ? Surely that won't affect a proper user !
Sure it can: it did for me. Someone attacked my box from the very machine that most legitimate users happen to use for logging in remotely. So when I had the IP address automagically dropped into /etc/hosts.deny, many legitimate users couldn't log in anymore. Cheers, Yuri.
**strings of ones and zeros arranged themselves into a message from Yuri Robbers
participants (7)
-
Andreas Siegert -
aschwartz@ccpsoft.de -
jfweber@eternal.net -
Kurt Seifried -
Markus Gaugusch -
omicron -
Yuri Robbers