LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 09-04-2011, 12:10 AM   #1
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 223

Rep: Reputation: 8
Faillog- Denial of Service Attack Possible?


From reading the man page of lastlog:

-m, --maximum MAX
Set maximum number of login failures after the account is disabled to MAX. Selecting MAX value of 0 has the effect of not placing a limit on the number of failed logins. The maximum failure count should always be 0 for root to prevent a denial of services attack against the system.

I don't understand the last part in bold.
1) If a root account it locked out because the MAX failure count has been reach, and the system denies access to root login- would this repeated action be enough to bog down the system enough to be considered a denial of services attack?

2) If denying root after it's locked out repeatedly can be considered a DOS attack, couldn't this happen equally for locked out non-root user login attempts?

Last edited by dman777; 09-04-2011 at 12:14 AM.
 
Old 09-04-2011, 03:35 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,521
Blog Entries: 51

Rep: Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599
As I read it root should be exempt from having a maximum set so it can be accessed always. This isn't as bad as it sounds as the account should never be allowed to log in over any network connection anyway.
 
Old 09-04-2011, 05:07 AM   #3
dman777
Member
 
Registered: Dec 2010
Distribution: Gentoo
Posts: 223

Original Poster
Rep: Reputation: 8
No, but I am curious on the logic of how root not being able to authenticate could lead to DOS attacks. If that is true, then the same could be for any user being rejected during logon, right?

However, I was thinking....could the root account locked mean services/daemons not able to run? Do daemons/system services run with EUID 0?
 
Old 09-04-2011, 07:23 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,521
Blog Entries: 51

Rep: Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599Reputation: 2599
Quote:
Originally Posted by dman777 View Post
I am curious on the logic of how root not being able to authenticate could lead to DOS attacks. If that is true, then the same could be for any user being rejected during logon, right?
No, it's the other way around: root no longer being able to authenticate can be the effect of a DOS. And unprivileged accounts are not as equally important as privileged accounts: root isn't just an account best confined to only system administration but also a set of capabilities ('man capabilities') required to perform certain operations.


Quote:
Originally Posted by dman777 View Post
could the root account locked mean services/daemons not able to run?
IMO that's something you could easily test or strace yourself. Do services running as daemon require authentication when starting?


Quote:
Originally Posted by dman777 View Post
Do daemons/system services run with EUID 0?
Are you telling me your 'ps' doesn't support "-o euid"?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how does mktemp prevent denial-of-service attack seaker79 Linux - Security 1 04-22-2010 06:56 AM
y2kupdate denial of service vulnerability Protector Linux - Security 1 11-15-2009 02:44 AM
Troubleshooting Denial of Service vbsaltydog Linux - General 4 07-24-2008 11:51 PM
how to disable TCP/IP Denial of Service mayankh Linux - Security 2 10-14-2006 04:01 AM
Denial Of Service Attacks Ozzman Mandriva 13 11-13-2003 12:59 AM


All times are GMT -5. The time now is 05:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration