Re: pam_shield is blocking allowed networks
On Tue, Jul 7, 2015, at 06:42, Mart van de Wege wrote:
> I have set up pam_shield to allow my IP; when I test it by generating
> 5 bad logins (threshold is 5 per 10m), I see pam_shield print
> 'allowing from <my ip>/255.255.255.255' in the logs; and yet after 5
> login attempts it blocks my ip.
This is due to a bug in the code which matches IP addresses. I
investigated the cause and will file a bug report.
In the meantime, try using a hostname instead of an IP address. If the
system you want to allow does not have a hostname, make one up and add
it to /etc/hosts.
If you add a line like this to /etc/security/shield.conf:
allow machine.on.my.domain
and a line like this to /etc/hosts (only necessary if the machine
doesn't have a proper DNS hostname):
192.168.2.1 machine.on.my.domain
then you will get the following feedback from libpam-shield in
/var/log/auth.log when you make a bad attempt to connect from that
machine:
PAM-shield[]: allowing from machine.on.my.domain
PAM-shield[]: whitelist match: host machine.on.my.domain
Note the additional second line, which indicates that the bad attempt
was ignored because the machine was whitelisted.
Reply to: