Limit the number of failed log in attempts

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read how to get help

Limit the number of failed log in attempts

Postby Husse on Wed Feb 28, 2007 9:30 am

If some nasty person wants to invade a system (be it Linux or Windooze) access to an account is necessary (or could it be done anyway?). In my Win XP I have set a rule to lock out for 30 minutes after 3 failed login attempts. This way password cracking will take forever. Can this be done in mint?
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Linux Mint is funded by ads and donations.
 

Postby scorp123 on Wed Feb 28, 2007 10:25 am

You may want to look at this:
http://denyhosts.sourceforge.net/
http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts

"denyhosts" should be availbe via synaptic ("Add/Remove Software"). Once it's installed it's just a matter of configuring it. I suppose you will find all the infos on the web site above.

Another idea might be to add static entries into these two files:
    /etc/hosts.deny
    /etc/hosts.allow


There is a tutorial:
http://www.debian-administration.org/articles/87

/etc/hosts.allow lists all IP ranges that are allowed to login on my machines, e.g. I have one line in there saying:
Code: Select all
sshd: 127.0.0.1 192.168.1.0/255.255.255.0 10.251.0.0/255.255.0.0 .mynetwork.domain.net


At the same time the file /etc/hosts.deny defines to whom services are blocked, so in my case the file says:
Code: Select all
sshd: ALL


=> The two files go hand in hand!

How would you edit them? e.g. like this:
Code: Select all
sudo gedit /etc/hosts.allow
sudo gedit /etc/hosts.deny


Hope this works? :wink:

With this in place no outsider can login to any of my machines. In the system log it will say:
sshd: refused connection from xxx.xxx.xxx.xxx

And of course: you are not limited to "sshd", you can add any valid system service (usually the name of the daemon binary that is responsible for the service).

Regards,
scorp123
User avatar
scorp123
Level 8
Level 8
 
Posts: 2287
Joined: Sat Dec 02, 2006 4:19 pm
Location: Switzerland

Maybe I'm paranoid

Postby Husse on Wed Feb 28, 2007 11:30 am

Maybe I'm paranoid and if you look into my XP system you will think so - why? Because of the amount of steps I've taken to secure my system.
I have a hardware firewall (router - stealth on all ports) so the suggestion from scorp123 is not what I was looking for - but thanks a lot anyway. Besides isn't IPtables set to have all ports closed on the outside?
I was thinking more like if something followed Firefox or another program in and then tried to log in. I'm not sure if such attempts ends up inside or outside the account for all times.
//edit:
When I wrote this post I suddenly realised that I was about to miss an appointment so I logged out without reading it and hurried away. Thus the preceding sentence is not the most brilliant I've written :)
What I meant was this: "Something bad" that follows a legal app into your computer most likely ends up in your user account, be it a javascript or an applet of some kind. But I don't feel confident that we won't se something like sudo "something bad" + passwordcracker. Not likely so why do I worry? Well the crackers of today are not kids who want to impress their mates, but the russian maffia who wants money and has really skilled crackers working for them.//
Even without a running server I've seen a few failed log in attempts in the logs in XP - when you are already logged in you are not logged out only the "log in person" is denied entry. (correct me if I'm wrong)
It is perhaps really not necessary if you are not running a server of some kind.
//edit: Maybe to protect "sudo" as stated above//


Trying to adjust to a new reality called Mint :)
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden


Return to Other topics

Who is online

Users browsing this forum: yogurt and 9 guests