LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-31-2006, 01:53 AM   #1
wuicci
LQ Newbie
 
Registered: May 2006
Posts: 3

Rep: Reputation: 0
Question Timeout between failed login attempts


Hi all,
this is my first question on this forum.

I have to configure a timeout (better if increasing) between failed local login attempts.

I saw that with pam I can block an user, but, since I have to do this check even on the root account, it is better for me only block the user for a configured timeout.

I'm using redhat 9, and the pam version is 0.75, and the option unlock_timeout is not present.

Thanks in advance,

Angela
 
Old 05-31-2006, 10:43 AM   #2
mlnutt
Member
 
Registered: May 2006
Posts: 34

Rep: Reputation: 15
PAM has hardcoded into it a delay of 3 seconds; which can be overriden with the "nodelay" argument. If you aren't getting this delay between failed logins check your "system-auth" (most likely in /etc/pam.d). To get PAM to keep track of failed login attempts use the "pam-tally" module. The "faillog" command can be used to set the failure threshold to lock out users. To unlock a locked out user you'll have to set up a scheduled check (perhaps every hour) to see if anybody is locked out and then unlock them (with faillog again).
 
Old 06-01-2006, 12:12 AM   #3
juanbobo
Member
 
Registered: Mar 2005
Location: Chicago
Distribution: Gentoo AMD64
Posts: 365

Rep: Reputation: 30
One way you can control the delay between SSH login attempts is to create a iptables rule with the --limit option.

You can read more about it here:

http://www.tummy.com/journals/entrie...0050724_172920
 
Old 06-01-2006, 04:40 AM   #4
wuicci
LQ Newbie
 
Registered: May 2006
Posts: 3

Original Poster
Rep: Reputation: 0
I've tried with PAM, but I can only lock a user, but not for a limited time; the only way I think could work is to lock a user using pam and faillog and periodically check (with crond) if a user is locked for more then "n" minutes.

The difficulty in this is in making math operations between the actual date and the date given by faillog.

Any suggestions?

Thanks,
Angela
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Failed SSH login attempts Capt_Caveman Linux - Security 38 01-03-2006 03:22 PM
Linux 2.6 Module programming - failed first attempts introuble Programming 1 05-08-2005 12:24 PM
lock password after failed attempts... manudath Linux - Security 2 04-28-2005 10:55 AM
/var/log/messages shows failed login attempts... plan9 Linux - Security 8 08-08-2004 12:52 PM
all attempts failed btb103 Linux - General 1 10-23-2001 05:31 PM


All times are GMT -5. The time now is 11:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration