[sclug] SSHD
pieter claassen
pieter at claassen.co.uk
Tue Jan 30 11:38:23 UTC 2007
This might be what you are looking for (initially I though that
login.defs might help but it looks like pam ignores it like a stop sign)
Cheers,
Pieter
PAM delay module
Synopsis
Module Name:
pam_delay.so
Author:
Peter Benie <pjb1008 at cam.ac.uk>
Maintainer:
Author.
Management groups provided:
authentication
Cryptographically sensitive:
Security rating:
Clean code base:
Compiles cleanly.
System dependencies:
Network aware:
Overview of module
The purpose of this module is set the delay on authentication failure to
slow down brute-force attacks.
Authentication component
Recognised arguments:
time;
Description:
This module performs no authenication task; its sole purpose is
to set the pam_fail_delay. The time is specified in seconds
unless units are given. Units may be us (microseconds), ms
(milliseconds), s (seconds) or m (minutes). If more than one
argument is given, the delay set is the sum of all the specified
delays.
This module should be placed in the list of authentication
modules before any modules that check passwords.
Examples/suggested usage:
auth required /lib/security/pam_delay 1s 500ms
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_nologin.so
On Tue, 2007-01-30 at 11:27 +0000, David Newcomb wrote:
> Hi All,
>
> I am getting a lot of brute force attacks on one of my linux
> internet servers. Is there a way I can make the client wait
> 60 seconds before allowing them to try and login again?
>
> Anything like this available?
>
>
> Regards,
> David
> ---------------------------------------
> Managing Director
> +44 (0) 7866 262 398
> BigSoft Limited
> Reading, UK
> http://www.bigsoft.co.uk/
> Registered in Cardiff, Wales 3960621
>
>
More information about the Sclug
mailing list