Limit the number of failed log in attempts
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
-
Husse
Limit the number of failed log in attempts
If some nasty person wants to invade a system (be it Linux or Windooze) access to an account is necessary (or could it be done anyway?). In my Win XP I have set a rule to lock out for 30 minutes after 3 failed login attempts. This way password cracking will take forever. Can this be done in mint?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
You may want to look at this:
http://denyhosts.sourceforge.net/
http://www.howtoforge.com/preventing_ss ... _denyhosts
"denyhosts" should be availbe via synaptic ("Add/Remove Software"). Once it's installed it's just a matter of configuring it. I suppose you will find all the infos on the web site above.
Another idea might be to add static entries into these two files:
http://www.debian-administration.org/articles/87
/etc/hosts.allow lists all IP ranges that are allowed to login on my machines, e.g. I have one line in there saying:
At the same time the file /etc/hosts.deny defines to whom services are blocked, so in my case the file says:
=> The two files go hand in hand!
How would you edit them? e.g. like this:
Hope this works? 
With this in place no outsider can login to any of my machines. In the system log it will say:
sshd: refused connection from xxx.xxx.xxx.xxx
And of course: you are not limited to "sshd", you can add any valid system service (usually the name of the daemon binary that is responsible for the service).
Regards,
scorp123
http://denyhosts.sourceforge.net/
http://www.howtoforge.com/preventing_ss ... _denyhosts
"denyhosts" should be availbe via synaptic ("Add/Remove Software"). Once it's installed it's just a matter of configuring it. I suppose you will find all the infos on the web site above.
Another idea might be to add static entries into these two files:
- /etc/hosts.deny
/etc/hosts.allow
http://www.debian-administration.org/articles/87
/etc/hosts.allow lists all IP ranges that are allowed to login on my machines, e.g. I have one line in there saying:
Code: Select all
sshd: 127.0.0.1 192.168.1.0/255.255.255.0 10.251.0.0/255.255.0.0 .mynetwork.domain.netCode: Select all
sshd: ALLHow would you edit them? e.g. like this:
Code: Select all
sudo gedit /etc/hosts.allow
sudo gedit /etc/hosts.denyWith this in place no outsider can login to any of my machines. In the system log it will say:
sshd: refused connection from xxx.xxx.xxx.xxx
And of course: you are not limited to "sshd", you can add any valid system service (usually the name of the daemon binary that is responsible for the service).
Regards,
scorp123
-
Husse
Maybe I'm paranoid
Maybe I'm paranoid and if you look into my XP system you will think so - why? Because of the amount of steps I've taken to secure my system.
I have a hardware firewall (router - stealth on all ports) so the suggestion from scorp123 is not what I was looking for - but thanks a lot anyway. Besides isn't IPtables set to have all ports closed on the outside?
I was thinking more like if something followed Firefox or another program in and then tried to log in. I'm not sure if such attempts ends up inside or outside the account for all times.
//edit:
When I wrote this post I suddenly realised that I was about to miss an appointment so I logged out without reading it and hurried away. Thus the preceding sentence is not the most brilliant I've written
What I meant was this: "Something bad" that follows a legal app into your computer most likely ends up in your user account, be it a javascript or an applet of some kind. But I don't feel confident that we won't se something like sudo "something bad" + passwordcracker. Not likely so why do I worry? Well the crackers of today are not kids who want to impress their mates, but the russian maffia who wants money and has really skilled crackers working for them.//
Even without a running server I've seen a few failed log in attempts in the logs in XP - when you are already logged in you are not logged out only the "log in person" is denied entry. (correct me if I'm wrong)
It is perhaps really not necessary if you are not running a server of some kind.
//edit: Maybe to protect "sudo" as stated above//
Trying to adjust to a new reality called Mint
I have a hardware firewall (router - stealth on all ports) so the suggestion from scorp123 is not what I was looking for - but thanks a lot anyway. Besides isn't IPtables set to have all ports closed on the outside?
I was thinking more like if something followed Firefox or another program in and then tried to log in. I'm not sure if such attempts ends up inside or outside the account for all times.
//edit:
When I wrote this post I suddenly realised that I was about to miss an appointment so I logged out without reading it and hurried away. Thus the preceding sentence is not the most brilliant I've written
What I meant was this: "Something bad" that follows a legal app into your computer most likely ends up in your user account, be it a javascript or an applet of some kind. But I don't feel confident that we won't se something like sudo "something bad" + passwordcracker. Not likely so why do I worry? Well the crackers of today are not kids who want to impress their mates, but the russian maffia who wants money and has really skilled crackers working for them.//
Even without a running server I've seen a few failed log in attempts in the logs in XP - when you are already logged in you are not logged out only the "log in person" is denied entry. (correct me if I'm wrong)
It is perhaps really not necessary if you are not running a server of some kind.
//edit: Maybe to protect "sudo" as stated above//
Trying to adjust to a new reality called Mint