pam_tally and fail_locktime
Benjamin Donnachie
benjamin at pythagoras.no-ip.org
Wed Oct 26 22:44:51 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Benjamin Donnachie wrote:
> Once I get my head around PAM authentication, are you happy for me to make
> changes to pam_abl to get it working better with other services?
I think I've found the answer to what I was looking for - fail2ban from
http://fail2ban.sourceforge.net/
It works from the system logs files - so no issues about database files
being accessible to users or trying to design complicated methods to
prevent malicious access. Completely configurable - can be set to
monitor almost any log and will then update your firewall rules to
reject any IP with too many password failures for a set period :-)
Ben
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQIVAwUBQ2AG4egNmph0Y1E2AQK8oRAAsPqZre5mMJVGb50Dwx6QUT9rt1N39mRL
p33FAnZhAv/bjZQCCXx2ZRot0zqU4AJ15pnquIkgj56x/ETVQ2c30HtT0Kns4FVI
Q7oth5lkz11skP/ve/SzmH0unuUDtU/fqXNVJNuNKJA+55E66k/ANN8yf7IWft6e
BAZ3FYHsZamxDXjJ8JFbKlDag35aLrAdXuXMqI8E4K9jjTcvQtYCIyjRIkqySy4+
MATDS9Oj4O/Zfj01dgjtZ+85wz4oc8FlPlMc3RA4VjOs7uMx8NEOsAF/TIfFirR0
2s2Ghi62d3qc5Wn0Bi2ffQ2YIMQ4SovG2NKGY9D+lrr1L0AnnRfRfPO0F/0KGFD3
i/FENV+r4t8A2SK/mEw4NehyfJ/CfGM1mZqdkyyntEBQNfDlTHCwIPnofU/Jt3/v
/mZrr5M1fQw56x6osFxw5xEgQBf9avPo/0HXFG1U2Ot740YiQc0NwJIy47rV1+hY
6yvB9h7ezl8gdZ00Cdv6wBgel2tkkgCN9o/9Tc9Vfe96AHCHwLaSeDhFWvyZrJN2
dGvtlRemvK07h8fZuMv0BOzPYq2j5THAev99fxECrlXWaPncClQK5MUy/juXARFo
t87JHdIRNe1p3s73QgNwwxGisKSdRdg6M2CIQnv6BZwpDWalhGVSEPfQn5ecJdXN
Wh2itA/yxLM=
=dT+j
-----END PGP SIGNATURE-----
More information about the Pam-list
mailing list