Re: [suse-security] OpenSSH: Disable account after n failed logins
Finally I found the proper PAM-Module: it's pam_tally. It seems to be in
every PAM distribution, but it is not documented (is that a bug that should
be filed to the maintainers?). Setting it all up with PAM was pretty easy
auth required /lib/security/pam_tally.so no_magic_root
account required /lib/security/pam_tally.so deny=10 no_magic_root
I know that I am now suspect to a DOS-attack, probably I will set up a
cron-task that resets the counter ervery n hours, at lease for my account
:) using faillog.
Alex.
Andreas
Siegert To: suse-security@suse.com
Hi,
two questions to secure my linux system:
1. Is there a switch where I can disable an account after n failed login attempts?
That's a really good way to get yourself denial of serviced......
Hmmm, there are systems that have an automatic reenable mechanism with a delay.... Anyone got a pam module for this? afx -- atsec information security GmbH Phone: +49-89-44249830 Steinstrasse 68 Fax: +49-89-44249831 D-81667 Muenchen, Germany WWW: www.atsec.com May the Source be with you! --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (1)
-
aschwartz@ccpsoft.de