I've just installed pam_abl and tested it ... seems to work, but I've
got a question.
I put the pam_abl line :
auth required /lib/security/pam_abl.so
config=/etc/security/pam_abl.conf
in /etc/pam.d/system-auto. The problem is that at the top of the system-auto
file there is the warning:
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
Now my question, where can I put the pam_abl line so that it gets
automatically
placed into system-auto each time authconfig is run?
Thanks
RME
Neil Cherry wrote:
CHAT KHODA wrote:
Dear friends,
I wish to :
1- Monitor all of the connections(or tries) to my SSH
port including the source IP address.
permit() {
# I want to log just the startup of the conversation
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG --syn \
--log-level info --log-prefix "iptables permit: " \
--log-ip-options
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j ACCEPT
}
# Deny these sites access to my machine
deny() {
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG \
--log-level alert --log-prefix "iptables deny: " \
--log-ip-options
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j DROP
}
# =[ Flush the tables completely
]============================================
/sbin/iptables -F
# =[ Permit list
]============================================================
#permit 127.0.0.0/8 # Local stuff
permit 10.0.0.0/8 # Local stuff
permit 172.16.0.0/12 # Local stuff
permit 192.168.0.0/16 # Local stuff
# =[ Deny list
]==============================================================
deny 0.0.0.0/0 # Deny everyone else
The logging part is probably what you want most but the above may
prove to be useful.
2- Limit the numer of unsuccessfull attempts to login
to just two attempts per session.
Take a look at pam_abl ( http://www.hexten.net/pam_abl/ ). Now that
i use the above I've had no incidents of needing pam_abl. That doesn't
mean I won't.
--
This email message is for the sole use of the intended recipient(s) and
may contain confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies of the original message.