Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-31-2006, 01:53 AM   #1
LQ Newbie
Registered: May 2006
Posts: 3

Rep: Reputation: 0
Question Timeout between failed login attempts

Hi all,
this is my first question on this forum.

I have to configure a timeout (better if increasing) between failed local login attempts.

I saw that with pam I can block an user, but, since I have to do this check even on the root account, it is better for me only block the user for a configured timeout.

I'm using redhat 9, and the pam version is 0.75, and the option unlock_timeout is not present.

Thanks in advance,

Old 05-31-2006, 10:43 AM   #2
Registered: May 2006
Posts: 34

Rep: Reputation: 15
PAM has hardcoded into it a delay of 3 seconds; which can be overriden with the "nodelay" argument. If you aren't getting this delay between failed logins check your "system-auth" (most likely in /etc/pam.d). To get PAM to keep track of failed login attempts use the "pam-tally" module. The "faillog" command can be used to set the failure threshold to lock out users. To unlock a locked out user you'll have to set up a scheduled check (perhaps every hour) to see if anybody is locked out and then unlock them (with faillog again).
Old 06-01-2006, 12:12 AM   #3
Registered: Mar 2005
Location: Chicago
Distribution: Gentoo AMD64
Posts: 365

Rep: Reputation: 30
One way you can control the delay between SSH login attempts is to create a iptables rule with the --limit option.

You can read more about it here:
Old 06-01-2006, 04:40 AM   #4
LQ Newbie
Registered: May 2006
Posts: 3

Original Poster
Rep: Reputation: 0
I've tried with PAM, but I can only lock a user, but not for a limited time; the only way I think could work is to lock a user using pam and faillog and periodically check (with crond) if a user is locked for more then "n" minutes.

The difficulty in this is in making math operations between the actual date and the date given by faillog.

Any suggestions?



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Failed SSH login attempts Capt_Caveman Linux - Security 38 01-03-2006 03:22 PM
Linux 2.6 Module programming - failed first attempts introuble Programming 1 05-08-2005 12:24 PM
lock password after failed attempts... manudath Linux - Security 2 04-28-2005 10:55 AM
/var/log/messages shows failed login attempts... plan9 Linux - Security 8 08-08-2004 12:52 PM
all attempts failed btb103 Linux - General 1 10-23-2001 05:31 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:40 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration