LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 09-04-2011, 01:10 AM   #1
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 224

Rep: Reputation: 8
Faillog- Denial of Service Attack Possible?


From reading the man page of lastlog:

-m, --maximum MAX
Set maximum number of login failures after the account is disabled to MAX. Selecting MAX value of 0 has the effect of not placing a limit on the number of failed logins. The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.

I don't understand the last part in bold.
1) If a root account it locked out because the MAX failure count has been reach, and the system denies access to root login- would this repeated action be enough to bog down the system enough to be considered a denial of services attack?

2) If denying root after it's locked out repeatedly can be considered a DOS attack, couldn't this happen equally for locked out non-root user login attempts?

Last edited by dman777; 09-04-2011 at 01:14 AM.
 
Old 09-04-2011, 04:35 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,776
Blog Entries: 54

Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
As I read it root should be exempt from having a maximum set so it can be accessed always. This isn't as bad as it sounds as the account should never be allowed to log in over any network connection anyway.
 
Old 09-04-2011, 06:07 AM   #3
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 224

Original Poster
Rep: Reputation: 8
No, but I am curious on the logic of how root not being able to authenticate could lead to DOS attacks. If that is true, then the same could be for any user being rejected during logon, right?

However, I was thinking....could the root account locked mean services/daemons not able to run? Do daemons/system services run with EUID 0?
 
Old 09-04-2011, 08:23 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,776
Blog Entries: 54

Rep: Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976Reputation: 2976
Quote:
Originally Posted by dman777 View Post
I am curious on the logic of how root not being able to authenticate could lead to DOS attacks. If that is true, then the same could be for any user being rejected during logon, right?
No, it's the other way around: root no longer being able to authenticate can be the effect of a DOS. And unprivileged accounts are not as equally important as privileged accounts: root isn't just an account best confined to only system administration but also a set of capabilities ('man capabilities') required to perform certain operations.


Quote:
Originally Posted by dman777 View Post
could the root account locked mean services/daemons not able to run?
IMO that's something you could easily test or strace yourself. Do services running as daemon require authentication when starting?


Quote:
Originally Posted by dman777 View Post
Do daemons/system services run with EUID 0?
Are you telling me your 'ps' doesn't support "-o euid"?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how does mktemp prevent denial-of-service attack seaker79 Linux - Security 1 04-22-2010 07:56 AM
y2kupdate denial of service vulnerability Protector Linux - Security 1 11-15-2009 03:44 AM
Troubleshooting Denial of Service vbsaltydog Linux - General 4 07-25-2008 12:51 AM
how to disable TCP/IP Denial of Service mayankh Linux - Security 2 10-14-2006 05:01 AM
Denial Of Service Attacks Ozzman Mandriva 13 11-13-2003 01:59 AM


All times are GMT -5. The time now is 08:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration