On Tue, 2015-02-03 at 15:51 -0500, Jonathan Billings wrote: > Also, it isn't up to the *installer* to set up a system that resists > brute-force password attacks. Give us the tools to do the job ! My amalgamated idea is:- (1) When external access gets a password wrong 'n' occasions, as determined by the SysAdmin, the external IP address is automatically permanently blocked unless that IP is included in a IP Tables 'allow' table. (2) If specifically allowed in IP Tables, that IP be blocked for 'm' minutes, as determined by the SysAdmin, before another attempt can be made. (3) All sensitive users be added to a special group. Limit the membership of that group to a collective maximum of 'n' SysAdmin chosen wrong password attempts within a time interval of 't' chosen by the SysAdmin. Baffled why it has never been done but then I'm Always Learning. -- Regards, Paul. England, EU. Je suis Charlie.