Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 2015-02-03 22:22, Always Learning wrote:
> 
> On Tue, 2015-02-03 at 15:51 -0500, Jonathan Billings wrote:
> 
>> Also, it isn't up to the *installer* to set up a system that resists
>> brute-force password attacks.
> 
> Give us the tools to do the job !
> 
> My amalgamated idea is:-
> 
> (1)  When external access gets a password wrong 'n' occasions, as
> determined by the SysAdmin, the external IP address is automatically
> permanently blocked unless that IP is included in a IP Tables 'allow'
> table.
> 
> (2) If specifically allowed in IP Tables, that IP be blocked for 'm'
> minutes, as determined by the SysAdmin, before another attempt can be
> made.
> 
> (3)  All sensitive users be added to a special group. Limit the
> membership of that group to a collective maximum of 'n' SysAdmin chosen
> wrong password attempts within a time interval of 't' chosen by the
> SysAdmin.
> 
> Baffled why it has never been done but then I'm Always Learning.
> 
> 
> 

I am maybe mislead, but I thought that is exactly what fail2ban[1] would
do and this is already a few years out. Also it is ,if I remember
correctly, in epel.

Regards,

Markus

[1] http://www.fail2ban.org/wiki/index.php/Main_Page
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux