Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2015-02-03 at 15:51 -0500, Jonathan Billings wrote:

> Also, it isn't up to the *installer* to set up a system that resists
> brute-force password attacks.

Give us the tools to do the job !

My amalgamated idea is:-

(1)  When external access gets a password wrong 'n' occasions, as
determined by the SysAdmin, the external IP address is automatically
permanently blocked unless that IP is included in a IP Tables 'allow'
table.

(2) If specifically allowed in IP Tables, that IP be blocked for 'm'
minutes, as determined by the SysAdmin, before another attempt can be
made.

(3)  All sensitive users be added to a special group. Limit the
membership of that group to a collective maximum of 'n' SysAdmin chosen
wrong password attempts within a time interval of 't' chosen by the
SysAdmin.

Baffled why it has never been done but then I'm Always Learning.



-- 
Regards,

Paul.
England, EU.      Je suis Charlie.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux