[CentOS] Another Fedora decision

Tue Feb 3 21:22:49 UTC 2015
Always Learning <centos at u64.u22.net>

On Tue, 2015-02-03 at 15:51 -0500, Jonathan Billings wrote:

> Also, it isn't up to the *installer* to set up a system that resists
> brute-force password attacks.

Give us the tools to do the job !

My amalgamated idea is:-

(1)  When external access gets a password wrong 'n' occasions, as
determined by the SysAdmin, the external IP address is automatically
permanently blocked unless that IP is included in a IP Tables 'allow'
table.

(2) If specifically allowed in IP Tables, that IP be blocked for 'm'
minutes, as determined by the SysAdmin, before another attempt can be
made.

(3)  All sensitive users be added to a special group. Limit the
membership of that group to a collective maximum of 'n' SysAdmin chosen
wrong password attempts within a time interval of 't' chosen by the
SysAdmin.

Baffled why it has never been done but then I'm Always Learning.



-- 
Regards,

Paul.
England, EU.      Je suis Charlie.