Security Basics mailing list archives
Blocking Brute force attacks with PAM_ABL
From: Flavio Sebastián Ortellao <daschapa () gmail com>
Date: Wed, 30 Jan 2008 11:10:22 -0300
First, let me introduce myself: My name is Flavio Ortellao, and I'm a begginer in computer security area. I started my path through security about a month ago. I'm using Linux and I've just plugged a new module to PAM: ABL (an auto black-list). I use this module as an experiment for ssh, but I can't get it working. So, this is my /etc/pam.d/sshd auth required pam_shells.so auth required pam_nologin.so auth required pam_abl.so config=/etc/security/pam_abl.conf auth include system-auth account include system-auth password include system-auth session include system-auth And this is my /etc/security/pam_abl.conf # /etc/security/pam_abl.conf # debug host_db=/var/lib/abl/hosts.db host_purge=2d host_rule=*:5/1h,15/1d #user_db=/var/lib/abl/users.db #user_purge=2d #user_rule=!root:10/1h,30/1d But when i try to logon from my other machine, i can fail more than 15 times and i still can log-in when finally put the right user-pass Anyone has an idea? Thanx and excuse my english.
Current thread:
- Blocking Brute force attacks with PAM_ABL Flavio Sebastián Ortellao (Jan 30)