[CentOS] Another Fedora decision
Always Learning
centos at u64.u22.net
Tue Feb 3 20:53:50 UTC 2015
On Tue, 2015-02-03 at 14:48 -0600, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 2:44 PM, Always Learning <centos at u64.u22.net> wrote:
> >
> > There should be a basic defence that when the password is wrong 'n'
> > occasions the IP address is blocked automatically and permanently unless
> > it is specifically allowed in IP Tables.
>
> The people who are good at this will make the attempts from many
> different IPs - and sometimes cycle through a dictionary of different
> login names too.
If 'n' is low, perhaps '2', then brute forcing will become more
protracted.
An addition to my proposal, is allocate all sensitive users to a special
group and limit the membership of that group to a maximum of, for
example, 3 wrong password attempts within a SysAdmin chosen time
interval.
Simple.
--
Regards,
Paul.
England, EU. Je suis Charlie.
More information about the CentOS
mailing list