I'd say a quick shell script that parses the log file for the failed attempts and the creates an iptables rule to block the IP. -----Original Message----- From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Chris W. Parker Sent: Wednesday, February 09, 2005 12:17 PM To: General Red Hat Linux discussion list Subject: Deny IP based on failed login requests Hello, I was unsucsessful with Google while searching for an answer to this question so I'm bringing it to the list. I just read a LogWatch email from back in Nov that says there were 610 failed attempts from a specific IP address while trying to login as root. What I'd like to know is if it's possible to lock out an IP address after a certain number of failed attempts. Say, 10 attempts. Thanks, Chris. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list This transmission (and any information attached to it) may be confidential and is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient or the person responsible for delivering the transmission to the intended recipient, be advised that you have received this transmission in error and that any use, dissemination, forwarding, printing, or copying of this information is strictly prohibited. If you have received this transmission in error, please immediately notify LabOne at the following email address: securityincidentreporting@xxxxxxxxxx -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
