Timeout between failed login attempts
Hi all,
this is my first question on this forum. I have to configure a timeout (better if increasing) between failed local login attempts. I saw that with pam I can block an user, but, since I have to do this check even on the root account, it is better for me only block the user for a configured timeout. I'm using redhat 9, and the pam version is 0.75, and the option unlock_timeout is not present. Thanks in advance, Angela |
PAM has hardcoded into it a delay of 3 seconds; which can be overriden with the "nodelay" argument. If you aren't getting this delay between failed logins check your "system-auth" (most likely in /etc/pam.d). To get PAM to keep track of failed login attempts use the "pam-tally" module. The "faillog" command can be used to set the failure threshold to lock out users. To unlock a locked out user you'll have to set up a scheduled check (perhaps every hour) to see if anybody is locked out and then unlock them (with faillog again).
|
One way you can control the delay between SSH login attempts is to create a iptables rule with the --limit option.
You can read more about it here: http://www.tummy.com/journals/entrie...0050724_172920 |
I've tried with PAM, but I can only lock a user, but not for a limited time; the only way I think could work is to lock a user using pam and faillog and periodically check (with crond) if a user is locked for more then "n" minutes.
The difficulty in this is in making math operations between the actual date and the date given by faillog. Any suggestions? Thanks, Angela |
All times are GMT -5. The time now is 08:59 PM. |