On Fri, Oct 12, 2012 at 04:54:12PM +1030, Daniel O'Connor wrote: > > On 12/10/2012, at 15:21, Ram <ram@xxxxxxxxxxxxx> wrote: > > Of late I have seen lots of attempts at getting in weak weak > > passwords. Is there a way I can implement password lock out within > > cyrus if there are more than n consecutive bad attempts > > I think a feature like this is likely to result in a denial of service > to yourself :) > > I use sshguard which can parse many different program's outputs (not > just SSH) for failed login attempts and then add a rule to a firewall > to block the IP making the attempts. > > It has support for many different firewall types - I use PF but it > does ipfw, ip tables, etc etc.. > > It is probably available as a package for your OS/distro or you can > get it from http://www.sshguard.net/ There is also fail2ban (python based) which is working well for me. It just depends on which tool you like best. -- Scott Lambert KC5MLE Unix SysAdmin lambert@xxxxxxxxxxxxxx ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
