Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Tue, 2015-02-03 at 14:48 -0600, Les Mikesell wrote:

> On Tue, Feb 3, 2015 at 2:44 PM, Always Learning <centos@xxxxxxxxxxx> wrote:
> >
> > There should be a basic defence that when the password is wrong 'n'
> > occasions the IP address is blocked automatically and permanently unless
> > it is specifically allowed in IP Tables.
> 
> The people who are good at this will make the attempts from many
> different IPs - and sometimes cycle through a dictionary of different
> login names too.

If 'n' is low, perhaps '2', then brute forcing will become more
protracted. 

An addition to my proposal, is allocate all sensitive users to a special
group and limit the membership of that group to a maximum of, for
example, 3 wrong password attempts within a SysAdmin chosen time
interval.

Simple. 


-- 
Regards,

Paul.
England, EU.      Je suis Charlie.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux