hello everyone
i have an redhat base server that was not support iptables.
by default when somebody telnet to server and enter wrong password , his access is blocked for 15s , i want to now how can i increase this time or block his ip automaticly .
i try to do this with xinetd and pam but it's not work or my way is wrong.
can anybody help me?

Two details surprise me. All Red Hat Enterprise Servers support a firewall. What is your version number? And what kind of system is using telnet nowadays?

What you want can be achieved with an intrusion prevention system like fail2ban.

my server is an telephony server (not elastix or free pbx) and many features of redhat was delete from it.
i can do it with faillog command but its for one fail login. after that i must run command again. or run it with cron.

tellnet should not even be enabled by default .It should be disabled

what Version of RHEL ( if this is rhel) is this running or is it based on the long dead and long unsupported RH
( redhat did a name change in 2003 "RH" became "RHEL" )
to check
RedHat Enterprise Linux ( rhel) is not really free you HAVE to buy the required support contract

so i would suggest you contact Redhat and use the support contract you ARE paying for

Agreed, you should never use Telnet.

The only time to use Telnet, is when troubleshooting connectivity. Can a distant user establish connection and say get the login banner? Even then, just use PuTTY.

Other then than, Telnet is worthless...

there are still uses for telnet -- not many

i use one service from JPL/NASA for orbital data
the horizons telnet service

but it should NEVER be used for administrating a remote server or for loging in to a server

Always remember this one thing about "stock distros": they often "enable everything but the kitchen sink." (Just as I well remember a RedHat distro that was prepared to offer hardware support for a "DecSystem token-ring network card," just in case you happened to have one in slot #3.)

You need to troll through these various lists. Be sure that the distro is not "automatically launching" (always, or in response to a port-connection request) any daemon process that you do not actually intend to use. Likewise, be sure that (a) the firewall is running, and that (b) it does not open any port that you do not intend to use.

Unless you intend to be using telnet, this port should not be open, and Linux should not be monitoring it and launching anything when anyone attempts to connect to it.

IMO, telnet, ftp and vsftpd are not installed on the RHEL systems, so less chance of risk.

However on RHEL5 a number of daemons come on by default (atd, bluetooth, cups and ISDN). Potential Risk.

RHEL6 samething, except no ISDN. At least iptables and ip6tables are set to start automatically.

guys thank you for your answers . i know that telnet is not scure and i use it for a user with limited access to server.

... then eventually someone will use it to get in, and your server will be rooted, and you'll be whining.

OK, I think it should go like this then:
0) put Telephony server in DMZ,
1) ensure SIP and other Telephony protocols get through the firewall properly,
2) put bastion host in DMZ,
3) enable TCP/22 white list (or fail2ban + ipset) and SSH with pubkeys on bastion host,
4) allow the user telnet only from bastion host (OK, or SSH tunnel) to only Telephony server.