[CentOS] Another Fedora decision

Tue Feb 3 20:53:50 UTC 2015
Always Learning <centos at u64.u22.net>

On Tue, 2015-02-03 at 14:48 -0600, Les Mikesell wrote:

> On Tue, Feb 3, 2015 at 2:44 PM, Always Learning <centos at u64.u22.net> wrote:
> >
> > There should be a basic defence that when the password is wrong 'n'
> > occasions the IP address is blocked automatically and permanently unless
> > it is specifically allowed in IP Tables.
> 
> The people who are good at this will make the attempts from many
> different IPs - and sometimes cycle through a dictionary of different
> login names too.

If 'n' is low, perhaps '2', then brute forcing will become more
protracted. 

An addition to my proposal, is allocate all sensitive users to a special
group and limit the membership of that group to a maximum of, for
example, 3 wrong password attempts within a SysAdmin chosen time
interval.

Simple. 


-- 
Regards,

Paul.
England, EU.      Je suis Charlie.