[BlueOnyx:02013] pam_abl

Tjerk Hacquebord tjerk at hqmatics.nl
Tue Aug 11 09:05:06 -05 2009 

First, this looks like a very good system to prevent hackers from 'guessing'
passwords. So thanks for the update!

Have one question though, my /var/log/messages shows some bans already:

 

Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_users blocking = 0
failcnt = 2 username = oracle
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE succeeded
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_users blocking = 0
failcnt = 30 username = root
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE succeeded
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_users blocking = 0
failcnt = 4 username = teamspeak
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE succeeded
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_users blocking = 0
failcnt = 2 username = test
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE succeeded
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_users blocking = 0
failcnt = 12 username = ts
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE succeeded
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_hosts blocking = 0
failcnt = 30 host = "adsl-xx-xxx-xxx-086.sip.asm.bellsouth.net"
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_hosts failed (-5)
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_hosts blocking = 0
failcnt = 30 host = "sd-xxxxxxxx.dedibox.fr"
Aug 11 15:55:15 server3 cced(smd)[28921]: client
6:handlers/base/console/pam_abl_import.pl: CREATE fail_hosts failed (-5)

 

 

So there are some username blocks, and some host blocks, right?

In the GUI I only see the username blocks, the host block list is still
empty

Something to do with this line?

: CREATE fail_hosts failed (-5)

 

 

And a small suggestion, display the time a user of host was blocked in the
GUI? Might be usefull if you want to search your logs or something.

While I'm at it, the Security -> Logfiles page is giving me Javascript
errors in ajax.js (Don't really mind cause I don't use it but just to let
you know it doesn't work properly)

 

 

Thanks,

Tjerk

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20090811/a7a3214c/attachment.html>

More information about the Blueonyx mailing list