Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Blocking Brute force attacks with PAM_ABL

from [Flavio Sebastián Ortellao] Network Security [Permanent Link]
Subject: Blocking Brute force attacks with PAM_ABL
Date: Wed, 30 Jan 2008 11:10:22 -0300 
First, let me introduce myself: My name is Flavio Ortellao, and I'm a
begginer in computer security area.
I started my path through security about a month ago.

I'm using Linux and I've just plugged a new module to PAM: ABL (an auto
black-list). I use this module as an experiment for ssh, but I can't get
it working.

So, this is my /etc/pam.d/sshd
auth       required     pam_shells.so
auth       required     pam_nologin.so
auth       required     pam_abl.so config=/etc/security/pam_abl.conf
auth       include      system-auth
account    include      system-auth
password   include      system-auth
session    include      system-auth


And this is my /etc/security/pam_abl.conf
# /etc/security/pam_abl.conf
# debug

host_db=/var/lib/abl/hosts.db
host_purge=2d
host_rule=*:5/1h,15/1d
#user_db=/var/lib/abl/users.db
#user_purge=2d
#user_rule=!root:10/1h,30/1d

But when i try to logon from my other machine, i can fail more than 15
times and i still can log-in when finally put the right user-pass

Anyone has an idea?

Thanx and excuse my english.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Blocking Brute force attacks with PAM_ABL, Flavio Sebastián Ortellao <=
Previous by Date:  Siteminder info, Adam Pal
Next by Date:  RE: Certificate error.. Pharming attack?, Murda Mcloud
Previous by Thread:  Siteminder info, Adam Pal
Next by Thread:  Gratuitous plug, Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]