[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: changes to default password strength checks in pam_unix

On Tue, 04 Sep 2007 12:31:15 +0300, Lars Wirzenius <liw@iki.fi> wrote:

>> I stop brute force attacks by sending auth log messages to a FIFO which I 
>> read with a perl script. After 10 login failures, your IP is firewalled for 
>> 24 hours.
>I'm sure it does work great. Can you work on making sure it is the
>default in lenny if openssh-server is installed?

It's the type of thing an admin can do locally: set up syslog.conf so
that it copies auth log data to a FIFO:

> auth.info                       -/var/log/auth
> auth.=notice                    -/var/log/auth.notice
> auth.=notice                    |/var/tmp/hostaccess.sshd

And then read it with a program or script which makes local decisions
on how to handle it.

If someone wants to take that idea and distribute it with debian, go
for it.  Personally, I don't have time to fight the political battle
that would ensue.

Internet service

Reply to: