Hi, two questions to secure my linux system: 1. Is there a switch where I can disable an account after n failed login attempts? 2. When I login, is there a way to show the number of unsuccessful login attempts? Thanks, Alex.
Hi,
two questions to secure my linux system:
1. Is there a switch where I can disable an account after n failed login attempts?
That's a really good way to get yourself denial of serviced......
2. When I login, is there a way to show the number of unsuccessful login attempts?
You'd have to have a program toss the log files for that day or whatever, add 'em up and print them out.
Thanks, Alex.
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
Quoting Kurt Seifried (listuser@seifried.org) on Thu, Feb 15, 2001 at 06:26:52PM +0100:
Hi,
two questions to secure my linux system:
1. Is there a switch where I can disable an account after n failed login attempts?
That's a really good way to get yourself denial of serviced......
Hmmm, there are systems that have an automatic reenable mechanism with a delay.... Anyone got a pam module for this? afx -- atsec information security GmbH Phone: +49-89-44249830 Steinstrasse 68 Fax: +49-89-44249831 D-81667 Muenchen, Germany WWW: www.atsec.com May the Source be with you!
On Fri, 16 Feb 2001, Andreas Siegert wrote:
1. Is there a switch where I can disable an account after n failed login attempts? Since Linux has a delay after each wrong attempt (3 secs or so) it would take years to crack the box ... (ok you can use concurrent connections, etc., don't know if this works). But you should install logcheck or something anyway ... (and block the attacker with ipchains, hosts.deny, etc.)
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
Hi,
But you should install logcheck or something anyway ... (and block the attacker with ipchains, hosts.deny, etc.)
Blocking the attacker can still give you a DoS: been there, done that, got my liver ripped out and eaten raw by a particularly angry user that couldn't log in anymore :o) Kind regards, Yuri.
Hi how abt blocking the attacker from logging in from the _same_ host/ IP ? Surely that won't affect a proper user ! regards omicron On Fri, 16 Feb 2001, Yuri Robbers wrote:
Hi,
But you should install logcheck or something anyway ... (and block the attacker with ipchains, hosts.deny, etc.)
Blocking the attacker can still give you a DoS: been there, done that, got my liver ripped out and eaten raw by a particularly angry user that couldn't log in anymore :o)
Kind regards, Yuri.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- ****** An optimist sees light at the end of every tunnel. A pessimist fears it might be of an incoming train. omicron@omicron.dyndns.org omicron.symonds.net C O G I T O E R G O S U M ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi!
how abt blocking the attacker from logging in from the _same_ host/ IP ? Surely that won't affect a proper user !
Sure it can: it did for me. Someone attacked my box from the very machine that most legitimate users happen to use for logging in remotely. So when I had the IP address automagically dropped into /etc/hosts.deny, many legitimate users couldn't log in anymore. Cheers, Yuri.
**strings of ones and zeros arranged themselves into a message from Yuri Robbers <yuri@rulbii.leidenuniv.nl> on Sat, 17 Feb 2001 19:12:39 +0100 (MET) which said... **Sure it can: it did for me. Someone attacked my box from the very machine **that most legitimate users happen to use for logging in remotely. So when **I had the IP address automagically dropped into /etc/hosts.deny, many **legitimate users couldn't log in anymore. ** **Cheers, **Yuri. ooooh! bet that was a day you wished for no (voice) phone line in and a steel door filled w/ dirt!!! >VBG> I have days like that when I just want to unplug everyone usually after being on the wrong end of a 36hr day .. when I've done something really dumb that seems as if is *shuold* fix the problem ( and at that hour of my body "uptime" it often seems to glaringly obvious that this is the solution, I dont test .. (fugget! I'll catchem tomorrow) Invariablely it works all too well and w/o the sand in the door the screems could probably be heard at any end of the world one might try to be hidebernating! Steel , keeps them from doing much more than dent or skratch it ( hinges on the inside people) , AND the sand also makes it the devil to move, even w/ a crowd behind it. j afterthought: Life after death? Is that like terminate and stay resident?
participants (7)
-
Andreas Siegert -
aschwartz@ccpsoft.de -
jfweber@eternal.net -
Kurt Seifried -
Markus Gaugusch -
omicron -
Yuri Robbers